Loading ...

Play interactive tourEdit tour

Analysis Report c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe

Overview

General Information

Sample Name:c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe
MD5:34bca78351c9910cfe3b85238170a383
SHA1:2b5ffd8957d7ce98bf233e6851c8d01505afd02c
SHA256:b44c4d4564b390ee93ec53c37e267adc33aec4fa3d7f082cf2422213a9a8b9bd

Most interesting Screenshot:

Detection

FormBook
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for sample
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected Generic Dropper
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query network adapater information
Contains functionality to read the PEB
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Launches processes in debugging mode, may be used to hinder debugging
PE file contains an invalid checksum
PE file contains strange resources
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x147b9:$sqlite3step: 68 34 1C 7B E1
    • 0x148cc:$sqlite3step: 68 34 1C 7B E1
    • 0x147e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1490d:$sqlite3text: 68 38 2A 90 C5
    • 0x147fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x14923:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x6248:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x64b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x11b35:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x11621:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x11c37:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x11daf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x702a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1089c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x79c3:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x16ea7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x17eaa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x1597b:$sqlite3step: 68 34 1C 7B E1
      • 0x15a8e:$sqlite3step: 68 34 1C 7B E1
      • 0x159aa:$sqlite3text: 68 38 2A 90 C5
      • 0x15acf:$sqlite3text: 68 38 2A 90 C5
      • 0x159bd:$sqlite3blob: 68 53 D8 7F 8C
      • 0x15ae5:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 3 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x149b9:$sqlite3step: 68 34 1C 7B E1
        • 0x14acc:$sqlite3step: 68 34 1C 7B E1
        • 0x149e8:$sqlite3text: 68 38 2A 90 C5
        • 0x14b0d:$sqlite3text: 68 38 2A 90 C5
        • 0x149fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x14b23:$sqlite3blob: 68 53 D8 7F 8C
        2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x6448:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x66b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x11d35:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x11821:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x11e37:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x11faf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x722a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x10a9c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x7bc3:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x170a7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x180aa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00

        Sigma Overview

        No Sigma rule has matched

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Antivirus detection for sampleShow sources
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeAvira: detection malicious, Label: TR/Kryptik.zfyes
        Multi AV Scanner detection for submitted fileShow sources
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeVirustotal: Detection: 61%Perma Link
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack, type: UNPACKEDPE
        Machine Learning detection for sampleShow sources
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeJoe Sandbox ML: detected
        Source: 2.0.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpackAvira: Label: TR/Kryptik.zfyes
        Source: 0.0.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpackAvira: Label: TR/Kryptik.zfyes
        Source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 4x nop then pop edi2_2_004140CD

        E-Banking Fraud:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA1CF1 NtProtectVirtualMemory,0_2_03FA1CF1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00416BC0 NtCreateFile,2_2_00416BC0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00416C70 NtReadFile,2_2_00416C70
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00416CF0 NtClose,2_2_00416CF0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00416DA0 NtAllocateVirtualMemory,2_2_00416DA0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00416BBB NtCreateFile,2_2_00416BBB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A360 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_2019A360
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A3E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_2019A3E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A560 NtQuerySystemInformation,LdrInitializeThunk,2_2_2019A560
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A800 NtSetValueKey,2_2_2019A800
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019B0B0 NtGetContextThread,2_2_2019B0B0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019BA30 NtSetContextThread,2_2_2019BA30
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A220 NtWaitForSingleObject,2_2_2019A220
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A240 NtReadFile,2_2_2019A240
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A260 NtWriteFile,2_2_2019A260
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A2D0 NtClose,2_2_2019A2D0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A2F0 NtQueryInformationFile,2_2_2019A2F0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A310 NtEnumerateValueKey,2_2_2019A310
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A350 NtQueryValueKey,2_2_2019A350
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A370 NtQueryInformationProcess,2_2_2019A370
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A3D0 NtCreateKey,2_2_2019A3D0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A410 NtQueryInformationToken,2_2_2019A410
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019B410 NtOpenProcessToken,2_2_2019B410
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A430 NtQueryVirtualMemory,2_2_2019A430
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A470 NtSetInformationFile,2_2_2019A470
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019B470 NtOpenThread,2_2_2019B470
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A460 NtOpenProcess,2_2_2019A460
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A480 NtMapViewOfSection,2_2_2019A480
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A4A0 NtUnmapViewOfSection,2_2_2019A4A0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019ACE0 NtCreateMutant,2_2_2019ACE0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A520 NtEnumerateKey,2_2_2019A520
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A540 NtDelayExecution,2_2_2019A540
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019BD40 NtSuspendThread,2_2_2019BD40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A5A0 NtWriteVirtualMemory,2_2_2019A5A0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A5F0 NtReadVirtualMemory,2_2_2019A5F0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A610 NtAdjustPrivilegesToken,2_2_2019A610
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A650 NtQueueApcThread,2_2_2019A650
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A6A0 NtCreateSection,2_2_2019A6A0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A6D0 NtCreateProcessEx,2_2_2019A6D0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A710 NtQuerySection,2_2_2019A710
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A700 NtProtectVirtualMemory,2_2_2019A700
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A720 NtResumeThread,2_2_2019A720
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A750 NtCreateFile,2_2_2019A750
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A780 NtOpenDirectoryObject,2_2_2019A780
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA13DE0_2_03FA13DE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_0041B0EB2_2_0041B0EB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_004078EE2_2_004078EE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_004078F02_2_004078F0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_0041B08A2_2_0041B08A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_0041A22E2_2_0041A22E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_0041ADD82_2_0041ADD8
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00419DF62_2_00419DF6
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00419F632_2_00419F63
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201898102_2_20189810
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021D0162_2_2021D016
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018E0202_2_2018E020
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201800212_2_20180021
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201810702_2_20181070
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016A0802_2_2016A080
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202018B62_2_202018B6
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202228E82_2_202228E8
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201848CB2_2_201848CB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201871102_2_20187110
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201A99062_2_201A9906
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201861802_2_20186180
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2022D9BE2_2_2022D9BE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202219E22_2_202219E2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202161DF2_2_202161DF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20210A022_2_20210A02
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018523D2_2_2018523D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2022E2142_2_2022E214
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184A5B2_2_20184A5B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201742B02_2_201742B0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20221A992_2_20221A99
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202222DD2_2_202222DD
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017FB402_2_2017FB40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184B962_2_20184B96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C22_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015EBE02_2_2015EBE0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201714102_2_20171410
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2020F42B2_2_2020F42B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016740C2_2_2016740C
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202134902_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20222C9A2_2_20222C9A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20221C9F2_2_20221C9F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021DCC52_2_2021DCC5
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201FC53F2_2_201FC53F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201715302_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211D1B2_2_20211D1B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202225192_2_20222519
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20150D402_2_20150D40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201FE58A2_2_201FE58A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021E5812_2_2021E581
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20201DE32_2_20201DE3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021D5D22_2_2021D5D2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2020FDDB2_2_2020FDDB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866112_2_20186611
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021CE662_2_2021CE66
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201776402_2_20177640
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20185E702_2_20185E70
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184E612_2_20184E61
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213E962_2_20213E96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202226F82_2_202226F8
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202217462_2_20221746
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201757902_2_20175790
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202127822_2_20212782
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20221FCE2_2_20221FCE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: String function: 201E5110 appears 38 times
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: String function: 201ADDE8 appears 46 times
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: String function: 2015B0E0 appears 176 times
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe, 00000000.00000000.770110682.000000000046F000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSEPARABLENESS.exe vs c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe, 00000002.00000002.2464094920.00000000203DF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe, 00000002.00000000.796507434.000000000046F000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSEPARABLENESS.exe vs c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeBinary or memory string: OriginalFilenameSEPARABLENESS.exe vs c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe
        Source: 00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@3/2@0/0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeFile created: C:\Users\user\AppData\Local\Temp\~DFEE47B2EF812FB2A1.TMPJump to behavior
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeFile read: C:\Windows\win.iniJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeVirustotal: Detection: 61%
        Source: unknownProcess created: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe 'C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe'
        Source: unknownProcess created: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe 'C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe'
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess created: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe 'C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe' Jump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeFile written: C:\Windows\win.iniJump to behavior
        Source: Binary string: wntdll.pdbUGP source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe, 00000002.00000002.2463291759.0000000020130000.00000040.00000001.sdmp
        Source: Binary string: wntdll.pdb source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe

        Data Obfuscation:

        barindex
        Detected unpacking (changes PE section rights)Show sources
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeUnpacked PE file: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeStatic PE information: real checksum: 0x7358c should be: 0x77cd5
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_00409E00 push cs; iretd 0_2_00409E13
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_0040463A push esi; iretd 0_2_0040463B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_0040A0A9 push ebp; retf 0_2_0040A0B8
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_0040AAB0 push esp; iretd 0_2_0040AAB1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_004047D1 push es; retf 0_2_004047EA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_0040A3E9 push edi; iretd 0_2_0040A3EA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_00408FB8 push cs; ret 0_2_00408FBB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00419A35 push eax; ret 2_2_00419A88
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00419AEC push eax; ret 2_2_00419AF2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00419A82 push eax; ret 2_2_00419A88
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00419A8B push eax; ret 2_2_00419AF2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00414D20 push ecx; iretd 2_2_00414D31
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_00413F50 push esi; iretd 2_2_00413F53
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201ADE2D push ecx; ret 2_2_201ADE40

        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Tries to detect virtualization through RDTSC time measurementsShow sources
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeRDTSC instruction interceptor: First address: 0000000000407244 second address: 000000000040724A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeRDTSC instruction interceptor: First address: 00000000004074AE second address: 00000000004074B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_004073E0 rdtsc 2_2_004073E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: VirtualAllocEx,GetAdaptersInfo,VirtualAllocEx,CreateProcessW,VirtualProtectEx,TerminateProcess,WaitForDebugEvent,VirtualProtectEx,DebugActiveProcessStop,0_2_03FA04CE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeAPI coverage: 1.5 %
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess information queried: ProcessInformationJump to behavior

        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_004073E0 rdtsc 2_2_004073E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019A37A LdrInitializeThunk,2_2_2019A37A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA17F3 mov eax, dword ptr fs:[00000030h]0_2_03FA17F3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA1379 mov eax, dword ptr fs:[00000030h]0_2_03FA1379
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA1B46 mov eax, dword ptr fs:[00000030h]0_2_03FA1B46
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA0714 mov eax, dword ptr fs:[00000030h]0_2_03FA0714
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA22E2 mov eax, dword ptr fs:[00000030h]0_2_03FA22E2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA1680 mov eax, dword ptr fs:[00000030h]0_2_03FA1680
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA1A55 mov eax, dword ptr fs:[00000030h]0_2_03FA1A55
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 0_2_03FA1379 mov eax, dword ptr fs:[00000030h]0_2_03FA1379
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016A01A mov eax, dword ptr fs:[00000030h]2_2_2016A01A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016A01A mov eax, dword ptr fs:[00000030h]2_2_2016A01A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016A01A mov eax, dword ptr fs:[00000030h]2_2_2016A01A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016A01A mov eax, dword ptr fs:[00000030h]2_2_2016A01A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20174800 mov eax, dword ptr fs:[00000030h]2_2_20174800
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20174800 mov eax, dword ptr fs:[00000030h]2_2_20174800
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20174800 mov eax, dword ptr fs:[00000030h]2_2_20174800
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20174800 mov eax, dword ptr fs:[00000030h]2_2_20174800
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2020F83F mov eax, dword ptr fs:[00000030h]2_2_2020F83F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20194030 mov eax, dword ptr fs:[00000030h]2_2_20194030
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211008 mov eax, dword ptr fs:[00000030h]2_2_20211008
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015383B mov eax, dword ptr fs:[00000030h]2_2_2015383B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015383B mov eax, dword ptr fs:[00000030h]2_2_2015383B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20157025 mov eax, dword ptr fs:[00000030h]2_2_20157025
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155020 mov eax, dword ptr fs:[00000030h]2_2_20155020
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155020 mov eax, dword ptr fs:[00000030h]2_2_20155020
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155020 mov eax, dword ptr fs:[00000030h]2_2_20155020
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20180021 mov eax, dword ptr fs:[00000030h]2_2_20180021
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20180021 mov eax, dword ptr fs:[00000030h]2_2_20180021
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20180021 mov eax, dword ptr fs:[00000030h]2_2_20180021
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20180021 mov eax, dword ptr fs:[00000030h]2_2_20180021
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20159050 mov eax, dword ptr fs:[00000030h]2_2_20159050
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F050 mov eax, dword ptr fs:[00000030h]2_2_2016F050
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F050 mov eax, dword ptr fs:[00000030h]2_2_2016F050
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018E845 mov eax, dword ptr fs:[00000030h]2_2_2018E845
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F076 mov eax, dword ptr fs:[00000030h]2_2_2017F076
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F076 mov eax, dword ptr fs:[00000030h]2_2_2017F076
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F076 mov eax, dword ptr fs:[00000030h]2_2_2017F076
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F076 mov eax, dword ptr fs:[00000030h]2_2_2017F076
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F076 mov eax, dword ptr fs:[00000030h]2_2_2017F076
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20172073 mov eax, dword ptr fs:[00000030h]2_2_20172073
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021A844 mov eax, dword ptr fs:[00000030h]2_2_2021A844
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021A844 mov eax, dword ptr fs:[00000030h]2_2_2021A844
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20182870 mov eax, dword ptr fs:[00000030h]2_2_20182870
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017E067 mov eax, dword ptr fs:[00000030h]2_2_2017E067
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017E067 mov eax, dword ptr fs:[00000030h]2_2_2017E067
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EF867 mov eax, dword ptr fs:[00000030h]2_2_201EF867
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202208A5 mov eax, dword ptr fs:[00000030h]2_2_202208A5
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202208A5 mov eax, dword ptr fs:[00000030h]2_2_202208A5
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202208A5 mov eax, dword ptr fs:[00000030h]2_2_202208A5
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201E2893 mov eax, dword ptr fs:[00000030h]2_2_201E2893
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202150B3 mov eax, dword ptr fs:[00000030h]2_2_202150B3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202150B3 mov eax, dword ptr fs:[00000030h]2_2_202150B3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201558BC mov eax, dword ptr fs:[00000030h]2_2_201558BC
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D40A7 mov eax, dword ptr fs:[00000030h]2_2_201D40A7
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201590D0 mov eax, dword ptr fs:[00000030h]2_2_201590D0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201590D0 mov eax, dword ptr fs:[00000030h]2_2_201590D0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201590D0 mov eax, dword ptr fs:[00000030h]2_2_201590D0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201848CB mov eax, dword ptr fs:[00000030h]2_2_201848CB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201848CB mov eax, dword ptr fs:[00000030h]2_2_201848CB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201848CB mov eax, dword ptr fs:[00000030h]2_2_201848CB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021B8F9 mov eax, dword ptr fs:[00000030h]2_2_2021B8F9
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021B8F9 mov eax, dword ptr fs:[00000030h]2_2_2021B8F9
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2020F8C0 mov eax, dword ptr fs:[00000030h]2_2_2020F8C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EF8F0 mov eax, dword ptr fs:[00000030h]2_2_201EF8F0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EF8F0 mov eax, dword ptr fs:[00000030h]2_2_201EF8F0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202110CF mov eax, dword ptr fs:[00000030h]2_2_202110CF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201858EB mov eax, dword ptr fs:[00000030h]2_2_201858EB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201858EB mov eax, dword ptr fs:[00000030h]2_2_201858EB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017E0E8 mov eax, dword ptr fs:[00000030h]2_2_2017E0E8
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20187110 mov eax, dword ptr fs:[00000030h]2_2_20187110
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20187110 mov eax, dword ptr fs:[00000030h]2_2_20187110
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20187110 mov eax, dword ptr fs:[00000030h]2_2_20187110
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F11B mov eax, dword ptr fs:[00000030h]2_2_2016F11B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F11B mov eax, dword ptr fs:[00000030h]2_2_2016F11B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F11B mov eax, dword ptr fs:[00000030h]2_2_2016F11B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F11B mov eax, dword ptr fs:[00000030h]2_2_2016F11B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F11B mov eax, dword ptr fs:[00000030h]2_2_2016F11B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F11B mov eax, dword ptr fs:[00000030h]2_2_2016F11B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016F11B mov eax, dword ptr fs:[00000030h]2_2_2016F11B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015B101 mov eax, dword ptr fs:[00000030h]2_2_2015B101
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015B101 mov eax, dword ptr fs:[00000030h]2_2_2015B101
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20154101 mov eax, dword ptr fs:[00000030h]2_2_20154101
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20154101 mov eax, dword ptr fs:[00000030h]2_2_20154101
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20154101 mov eax, dword ptr fs:[00000030h]2_2_20154101
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018A93B mov eax, dword ptr fs:[00000030h]2_2_2018A93B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2022010D mov eax, dword ptr fs:[00000030h]2_2_2022010D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2022010D mov eax, dword ptr fs:[00000030h]2_2_2022010D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20153158 mov ecx, dword ptr fs:[00000030h]2_2_20153158
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018594B mov eax, dword ptr fs:[00000030h]2_2_2018594B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018214F mov eax, dword ptr fs:[00000030h]2_2_2018214F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015B171 mov eax, dword ptr fs:[00000030h]2_2_2015B171
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015B171 mov eax, dword ptr fs:[00000030h]2_2_2015B171
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015B171 mov eax, dword ptr fs:[00000030h]2_2_2015B171
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015397E mov eax, dword ptr fs:[00000030h]2_2_2015397E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015397E mov eax, dword ptr fs:[00000030h]2_2_2015397E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211151 mov eax, dword ptr fs:[00000030h]2_2_20211151
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015516E mov eax, dword ptr fs:[00000030h]2_2_2015516E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015516E mov ecx, dword ptr fs:[00000030h]2_2_2015516E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D7194 mov eax, dword ptr fs:[00000030h]2_2_201D7194
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D7194 mov eax, dword ptr fs:[00000030h]2_2_201D7194
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D7194 mov eax, dword ptr fs:[00000030h]2_2_201D7194
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201819B0 mov eax, dword ptr fs:[00000030h]2_2_201819B0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015A9A6 mov eax, dword ptr fs:[00000030h]2_2_2015A9A6
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015A9A6 mov eax, dword ptr fs:[00000030h]2_2_2015A9A6
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201941D4 mov eax, dword ptr fs:[00000030h]2_2_201941D4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201941D4 mov eax, dword ptr fs:[00000030h]2_2_201941D4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201941D4 mov eax, dword ptr fs:[00000030h]2_2_201941D4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201869C0 mov ecx, dword ptr fs:[00000030h]2_2_201869C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201679F7 mov eax, dword ptr fs:[00000030h]2_2_201679F7
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202111D2 mov eax, dword ptr fs:[00000030h]2_2_202111D2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201551E0 mov eax, dword ptr fs:[00000030h]2_2_201551E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201551E0 mov ecx, dword ptr fs:[00000030h]2_2_201551E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201551E0 mov eax, dword ptr fs:[00000030h]2_2_201551E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201551E0 mov eax, dword ptr fs:[00000030h]2_2_201551E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20159210 mov eax, dword ptr fs:[00000030h]2_2_20159210
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20159210 mov eax, dword ptr fs:[00000030h]2_2_20159210
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20159210 mov eax, dword ptr fs:[00000030h]2_2_20159210
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20159210 mov eax, dword ptr fs:[00000030h]2_2_20159210
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D6A16 mov eax, dword ptr fs:[00000030h]2_2_201D6A16
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D6A16 mov eax, dword ptr fs:[00000030h]2_2_201D6A16
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D6A16 mov eax, dword ptr fs:[00000030h]2_2_201D6A16
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20153200 mov eax, dword ptr fs:[00000030h]2_2_20153200
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20158209 mov eax, dword ptr fs:[00000030h]2_2_20158209
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20158209 mov eax, dword ptr fs:[00000030h]2_2_20158209
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20158209 mov eax, dword ptr fs:[00000030h]2_2_20158209
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018523D mov eax, dword ptr fs:[00000030h]2_2_2018523D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018523D mov eax, dword ptr fs:[00000030h]2_2_2018523D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018523D mov eax, dword ptr fs:[00000030h]2_2_2018523D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018523D mov eax, dword ptr fs:[00000030h]2_2_2018523D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018523D mov eax, dword ptr fs:[00000030h]2_2_2018523D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018523D mov eax, dword ptr fs:[00000030h]2_2_2018523D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20223A05 mov eax, dword ptr fs:[00000030h]2_2_20223A05
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20223A05 mov eax, dword ptr fs:[00000030h]2_2_20223A05
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2022EA09 mov eax, dword ptr fs:[00000030h]2_2_2022EA09
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2022EA09 mov eax, dword ptr fs:[00000030h]2_2_2022EA09
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184A5B mov eax, dword ptr fs:[00000030h]2_2_20184A5B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184A5B mov eax, dword ptr fs:[00000030h]2_2_20184A5B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211A71 mov eax, dword ptr fs:[00000030h]2_2_20211A71
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20154A40 mov eax, dword ptr fs:[00000030h]2_2_20154A40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20154A40 mov eax, dword ptr fs:[00000030h]2_2_20154A40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20220A74 mov eax, dword ptr fs:[00000030h]2_2_20220A74
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155275 mov eax, dword ptr fs:[00000030h]2_2_20155275
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155275 mov eax, dword ptr fs:[00000030h]2_2_20155275
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155275 mov eax, dword ptr fs:[00000030h]2_2_20155275
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155275 mov eax, dword ptr fs:[00000030h]2_2_20155275
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155275 mov eax, dword ptr fs:[00000030h]2_2_20155275
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211243 mov eax, dword ptr fs:[00000030h]2_2_20211243
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018EA6E mov eax, dword ptr fs:[00000030h]2_2_2018EA6E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018EA6E mov eax, dword ptr fs:[00000030h]2_2_2018EA6E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018EA6E mov eax, dword ptr fs:[00000030h]2_2_2018EA6E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155A90 mov eax, dword ptr fs:[00000030h]2_2_20155A90
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155A90 mov eax, dword ptr fs:[00000030h]2_2_20155A90
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20155A90 mov eax, dword ptr fs:[00000030h]2_2_20155A90
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018F289 mov eax, dword ptr fs:[00000030h]2_2_2018F289
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018328D mov eax, dword ptr fs:[00000030h]2_2_2018328D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018328D mov eax, dword ptr fs:[00000030h]2_2_2018328D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018328D mov eax, dword ptr fs:[00000030h]2_2_2018328D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D3284 mov eax, dword ptr fs:[00000030h]2_2_201D3284
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D3284 mov eax, dword ptr fs:[00000030h]2_2_201D3284
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201742B0 mov eax, dword ptr fs:[00000030h]2_2_201742B0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201742B0 mov eax, dword ptr fs:[00000030h]2_2_201742B0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201742B0 mov eax, dword ptr fs:[00000030h]2_2_201742B0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201742B0 mov eax, dword ptr fs:[00000030h]2_2_201742B0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201742B0 mov ecx, dword ptr fs:[00000030h]2_2_201742B0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20169AA0 mov eax, dword ptr fs:[00000030h]2_2_20169AA0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20169AA0 mov eax, dword ptr fs:[00000030h]2_2_20169AA0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017B2A0 mov eax, dword ptr fs:[00000030h]2_2_2017B2A0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20151AC0 mov eax, dword ptr fs:[00000030h]2_2_20151AC0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201822C3 mov eax, dword ptr fs:[00000030h]2_2_201822C3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201822C3 mov eax, dword ptr fs:[00000030h]2_2_201822C3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201822C3 mov eax, dword ptr fs:[00000030h]2_2_201822C3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EB2C0 mov eax, dword ptr fs:[00000030h]2_2_201EB2C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EB2C0 mov ecx, dword ptr fs:[00000030h]2_2_201EB2C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EB2C0 mov eax, dword ptr fs:[00000030h]2_2_201EB2C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EB2C0 mov eax, dword ptr fs:[00000030h]2_2_201EB2C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EB2C0 mov eax, dword ptr fs:[00000030h]2_2_201EB2C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EB2C0 mov eax, dword ptr fs:[00000030h]2_2_201EB2C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201512F4 mov eax, dword ptr fs:[00000030h]2_2_201512F4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202112CA mov eax, dword ptr fs:[00000030h]2_2_202112CA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018AB0C mov eax, dword ptr fs:[00000030h]2_2_2018AB0C
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018AB0C mov eax, dword ptr fs:[00000030h]2_2_2018AB0C
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015C330 mov eax, dword ptr fs:[00000030h]2_2_2015C330
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015C330 mov eax, dword ptr fs:[00000030h]2_2_2015C330
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015C330 mov eax, dword ptr fs:[00000030h]2_2_2015C330
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015E328 mov eax, dword ptr fs:[00000030h]2_2_2015E328
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015E328 mov eax, dword ptr fs:[00000030h]2_2_2015E328
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021E362 mov eax, dword ptr fs:[00000030h]2_2_2021E362
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20181356 mov eax, dword ptr fs:[00000030h]2_2_20181356
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20181356 mov eax, dword ptr fs:[00000030h]2_2_20181356
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20181356 mov eax, dword ptr fs:[00000030h]2_2_20181356
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20181356 mov eax, dword ptr fs:[00000030h]2_2_20181356
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20181356 mov eax, dword ptr fs:[00000030h]2_2_20181356
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20181356 mov eax, dword ptr fs:[00000030h]2_2_20181356
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20181356 mov eax, dword ptr fs:[00000030h]2_2_20181356
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017FB40 mov eax, dword ptr fs:[00000030h]2_2_2017FB40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017FB40 mov eax, dword ptr fs:[00000030h]2_2_2017FB40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017FB40 mov eax, dword ptr fs:[00000030h]2_2_2017FB40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017FB40 mov eax, dword ptr fs:[00000030h]2_2_2017FB40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017FB40 mov eax, dword ptr fs:[00000030h]2_2_2017FB40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017FB40 mov eax, dword ptr fs:[00000030h]2_2_2017FB40
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016E370 mov eax, dword ptr fs:[00000030h]2_2_2016E370
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016E370 mov eax, dword ptr fs:[00000030h]2_2_2016E370
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016E370 mov eax, dword ptr fs:[00000030h]2_2_2016E370
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211351 mov eax, dword ptr fs:[00000030h]2_2_20211351
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20228356 mov eax, dword ptr fs:[00000030h]2_2_20228356
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019536C mov eax, dword ptr fs:[00000030h]2_2_2019536C
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2019536C mov eax, dword ptr fs:[00000030h]2_2_2019536C
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20196399 mov eax, dword ptr fs:[00000030h]2_2_20196399
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20196399 mov eax, dword ptr fs:[00000030h]2_2_20196399
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20196399 mov eax, dword ptr fs:[00000030h]2_2_20196399
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202143A4 mov eax, dword ptr fs:[00000030h]2_2_202143A4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202143A4 mov eax, dword ptr fs:[00000030h]2_2_202143A4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202143A4 mov eax, dword ptr fs:[00000030h]2_2_202143A4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202143A4 mov eax, dword ptr fs:[00000030h]2_2_202143A4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184B96 mov eax, dword ptr fs:[00000030h]2_2_20184B96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184B96 mov eax, dword ptr fs:[00000030h]2_2_20184B96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184B96 mov eax, dword ptr fs:[00000030h]2_2_20184B96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184B96 mov eax, dword ptr fs:[00000030h]2_2_20184B96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184B96 mov eax, dword ptr fs:[00000030h]2_2_20184B96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20154BB4 mov edi, dword ptr fs:[00000030h]2_2_20154BB4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D4BBE mov eax, dword ptr fs:[00000030h]2_2_201D4BBE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D4BBE mov eax, dword ptr fs:[00000030h]2_2_201D4BBE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D4BBE mov eax, dword ptr fs:[00000030h]2_2_201D4BBE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D4BBE mov eax, dword ptr fs:[00000030h]2_2_201D4BBE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018BBBC mov eax, dword ptr fs:[00000030h]2_2_2018BBBC
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20219B89 mov eax, dword ptr fs:[00000030h]2_2_20219B89
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20219B89 mov ecx, dword ptr fs:[00000030h]2_2_20219B89
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D63A6 mov eax, dword ptr fs:[00000030h]2_2_201D63A6
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201E3BD8 mov eax, dword ptr fs:[00000030h]2_2_201E3BD8
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov ecx, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov ecx, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov eax, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov ecx, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov ecx, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov eax, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov ecx, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov ecx, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov eax, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov ecx, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov ecx, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201863C2 mov eax, dword ptr fs:[00000030h]2_2_201863C2
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20199BC7 mov eax, dword ptr fs:[00000030h]2_2_20199BC7
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018ABFE mov eax, dword ptr fs:[00000030h]2_2_2018ABFE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018ABFE mov eax, dword ptr fs:[00000030h]2_2_2018ABFE
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015F3E0 mov eax, dword ptr fs:[00000030h]2_2_2015F3E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015F3E0 mov eax, dword ptr fs:[00000030h]2_2_2015F3E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015F3E0 mov eax, dword ptr fs:[00000030h]2_2_2015F3E0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202113D8 mov eax, dword ptr fs:[00000030h]2_2_202113D8
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018341B mov eax, dword ptr fs:[00000030h]2_2_2018341B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018341B mov eax, dword ptr fs:[00000030h]2_2_2018341B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018341B mov eax, dword ptr fs:[00000030h]2_2_2018341B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171410 mov ecx, dword ptr fs:[00000030h]2_2_20171410
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20210C29 mov eax, dword ptr fs:[00000030h]2_2_20210C29
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016EC01 mov eax, dword ptr fs:[00000030h]2_2_2016EC01
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016EC01 mov eax, dword ptr fs:[00000030h]2_2_2016EC01
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016EC01 mov eax, dword ptr fs:[00000030h]2_2_2016EC01
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016EC01 mov eax, dword ptr fs:[00000030h]2_2_2016EC01
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20151C09 mov eax, dword ptr fs:[00000030h]2_2_20151C09
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201E3C38 mov eax, dword ptr fs:[00000030h]2_2_201E3C38
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20180430 mov eax, dword ptr fs:[00000030h]2_2_20180430
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016A423 mov eax, dword ptr fs:[00000030h]2_2_2016A423
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016A423 mov eax, dword ptr fs:[00000030h]2_2_2016A423
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016A423 mov eax, dword ptr fs:[00000030h]2_2_2016A423
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021A416 mov eax, dword ptr fs:[00000030h]2_2_2021A416
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021A416 mov eax, dword ptr fs:[00000030h]2_2_2021A416
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F42B mov eax, dword ptr fs:[00000030h]2_2_2017F42B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F42B mov eax, dword ptr fs:[00000030h]2_2_2017F42B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F42B mov eax, dword ptr fs:[00000030h]2_2_2017F42B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F42B mov eax, dword ptr fs:[00000030h]2_2_2017F42B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F42B mov eax, dword ptr fs:[00000030h]2_2_2017F42B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F42B mov eax, dword ptr fs:[00000030h]2_2_2017F42B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2020AC60 mov eax, dword ptr fs:[00000030h]2_2_2020AC60
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2020AC60 mov eax, dword ptr fs:[00000030h]2_2_2020AC60
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018245F mov eax, dword ptr fs:[00000030h]2_2_2018245F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201E3C47 mov eax, dword ptr fs:[00000030h]2_2_201E3C47
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016EC77 mov eax, dword ptr fs:[00000030h]2_2_2016EC77
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016EC77 mov eax, dword ptr fs:[00000030h]2_2_2016EC77
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016EC77 mov eax, dword ptr fs:[00000030h]2_2_2016EC77
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2016EC77 mov eax, dword ptr fs:[00000030h]2_2_2016EC77
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018547E mov eax, dword ptr fs:[00000030h]2_2_2018547E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20177C7D mov eax, dword ptr fs:[00000030h]2_2_20177C7D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20228452 mov eax, dword ptr fs:[00000030h]2_2_20228452
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021E455 mov eax, dword ptr fs:[00000030h]2_2_2021E455
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201DE460 mov eax, dword ptr fs:[00000030h]2_2_201DE460
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021145F mov eax, dword ptr fs:[00000030h]2_2_2021145F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161C8E mov eax, dword ptr fs:[00000030h]2_2_20161C8E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161C8E mov eax, dword ptr fs:[00000030h]2_2_20161C8E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161C8E mov eax, dword ptr fs:[00000030h]2_2_20161C8E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161C8E mov ecx, dword ptr fs:[00000030h]2_2_20161C8E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161C8E mov eax, dword ptr fs:[00000030h]2_2_20161C8E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161C8E mov eax, dword ptr fs:[00000030h]2_2_20161C8E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20167488 mov eax, dword ptr fs:[00000030h]2_2_20167488
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213490 mov eax, dword ptr fs:[00000030h]2_2_20213490
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201514A0 mov eax, dword ptr fs:[00000030h]2_2_201514A0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20210C9A mov eax, dword ptr fs:[00000030h]2_2_20210C9A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20154CD0 mov eax, dword ptr fs:[00000030h]2_2_20154CD0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161CDD mov eax, dword ptr fs:[00000030h]2_2_20161CDD
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161CDD mov eax, dword ptr fs:[00000030h]2_2_20161CDD
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20161CDD mov eax, dword ptr fs:[00000030h]2_2_20161CDD
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202144EF mov eax, dword ptr fs:[00000030h]2_2_202144EF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017E4C6 mov eax, dword ptr fs:[00000030h]2_2_2017E4C6
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017E4C6 mov eax, dword ptr fs:[00000030h]2_2_2017E4C6
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015ACC0 mov eax, dword ptr fs:[00000030h]2_2_2015ACC0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20152CFB mov eax, dword ptr fs:[00000030h]2_2_20152CFB
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202284CD mov eax, dword ptr fs:[00000030h]2_2_202284CD
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2022952E mov eax, dword ptr fs:[00000030h]2_2_2022952E
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201E3D10 mov eax, dword ptr fs:[00000030h]2_2_201E3D10
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171530 mov eax, dword ptr fs:[00000030h]2_2_20171530
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018E52F mov ecx, dword ptr fs:[00000030h]2_2_2018E52F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018E52F mov eax, dword ptr fs:[00000030h]2_2_2018E52F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018E52F mov eax, dword ptr fs:[00000030h]2_2_2018E52F
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20210D1B mov eax, dword ptr fs:[00000030h]2_2_20210D1B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018056B mov eax, dword ptr fs:[00000030h]2_2_2018056B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015356C mov eax, dword ptr fs:[00000030h]2_2_2015356C
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015356C mov eax, dword ptr fs:[00000030h]2_2_2015356C
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F591 mov eax, dword ptr fs:[00000030h]2_2_2017F591
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F591 mov eax, dword ptr fs:[00000030h]2_2_2017F591
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017F591 mov eax, dword ptr fs:[00000030h]2_2_2017F591
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202115A8 mov eax, dword ptr fs:[00000030h]2_2_202115A8
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171D9D mov eax, dword ptr fs:[00000030h]2_2_20171D9D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171D9D mov eax, dword ptr fs:[00000030h]2_2_20171D9D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171D9D mov eax, dword ptr fs:[00000030h]2_2_20171D9D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171D9D mov eax, dword ptr fs:[00000030h]2_2_20171D9D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20171D9D mov eax, dword ptr fs:[00000030h]2_2_20171D9D
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201FE58A mov ecx, dword ptr fs:[00000030h]2_2_201FE58A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201FE58A mov eax, dword ptr fs:[00000030h]2_2_201FE58A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201FE58A mov eax, dword ptr fs:[00000030h]2_2_201FE58A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201FE58A mov eax, dword ptr fs:[00000030h]2_2_201FE58A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20180584 mov eax, dword ptr fs:[00000030h]2_2_20180584
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2021E581 mov eax, dword ptr fs:[00000030h]2_2_2021E581
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201535B1 mov eax, dword ptr fs:[00000030h]2_2_201535B1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20210D8A mov eax, dword ptr fs:[00000030h]2_2_20210D8A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20228589 mov eax, dword ptr fs:[00000030h]2_2_20228589
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20199DAF mov eax, dword ptr fs:[00000030h]2_2_20199DAF
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20225595 mov eax, dword ptr fs:[00000030h]2_2_20225595
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20152DAA mov eax, dword ptr fs:[00000030h]2_2_20152DAA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20152DAA mov eax, dword ptr fs:[00000030h]2_2_20152DAA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20152DAA mov eax, dword ptr fs:[00000030h]2_2_20152DAA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20152DAA mov eax, dword ptr fs:[00000030h]2_2_20152DAA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20152DAA mov eax, dword ptr fs:[00000030h]2_2_20152DAA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20201DE3 mov ecx, dword ptr fs:[00000030h]2_2_20201DE3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20201DE3 mov ecx, dword ptr fs:[00000030h]2_2_20201DE3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20201DE3 mov eax, dword ptr fs:[00000030h]2_2_20201DE3
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202285EA mov eax, dword ptr fs:[00000030h]2_2_202285EA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201595C0 mov eax, dword ptr fs:[00000030h]2_2_201595C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201595C0 mov ecx, dword ptr fs:[00000030h]2_2_201595C0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D4DCA mov eax, dword ptr fs:[00000030h]2_2_201D4DCA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D4DCA mov eax, dword ptr fs:[00000030h]2_2_201D4DCA
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20226DFD mov eax, dword ptr fs:[00000030h]2_2_20226DFD
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20226DFD mov eax, dword ptr fs:[00000030h]2_2_20226DFD
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20226DFD mov eax, dword ptr fs:[00000030h]2_2_20226DFD
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201875F0 mov eax, dword ptr fs:[00000030h]2_2_201875F0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201875F0 mov eax, dword ptr fs:[00000030h]2_2_201875F0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20182DF0 mov eax, dword ptr fs:[00000030h]2_2_20182DF0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201515E1 mov eax, dword ptr fs:[00000030h]2_2_201515E1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20166DE1 mov eax, dword ptr fs:[00000030h]2_2_20166DE1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20166DE1 mov eax, dword ptr fs:[00000030h]2_2_20166DE1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20166DE1 mov eax, dword ptr fs:[00000030h]2_2_20166DE1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20166DE1 mov eax, dword ptr fs:[00000030h]2_2_20166DE1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20166DE1 mov eax, dword ptr fs:[00000030h]2_2_20166DE1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20166DE1 mov eax, dword ptr fs:[00000030h]2_2_20166DE1
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20182616 mov eax, dword ptr fs:[00000030h]2_2_20182616
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20172600 mov eax, dword ptr fs:[00000030h]2_2_20172600
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D660A mov eax, dword ptr fs:[00000030h]2_2_201D660A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D660A mov eax, dword ptr fs:[00000030h]2_2_201D660A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D660A mov eax, dword ptr fs:[00000030h]2_2_201D660A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201D660A mov eax, dword ptr fs:[00000030h]2_2_201D660A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015A60B mov eax, dword ptr fs:[00000030h]2_2_2015A60B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015A60B mov eax, dword ptr fs:[00000030h]2_2_2015A60B
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2017FE37 mov eax, dword ptr fs:[00000030h]2_2_2017FE37
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20211606 mov eax, dword ptr fs:[00000030h]2_2_20211606
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018CE34 mov eax, dword ptr fs:[00000030h]2_2_2018CE34
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018CE34 mov eax, dword ptr fs:[00000030h]2_2_2018CE34
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20151638 mov eax, dword ptr fs:[00000030h]2_2_20151638
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EBE30 mov eax, dword ptr fs:[00000030h]2_2_201EBE30
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201EBE30 mov eax, dword ptr fs:[00000030h]2_2_201EBE30
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015CE50 mov eax, dword ptr fs:[00000030h]2_2_2015CE50
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015E650 mov eax, dword ptr fs:[00000030h]2_2_2015E650
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018DE50 mov eax, dword ptr fs:[00000030h]2_2_2018DE50
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20195651 mov eax, dword ptr fs:[00000030h]2_2_20195651
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20195651 mov eax, dword ptr fs:[00000030h]2_2_20195651
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015CE70 mov ecx, dword ptr fs:[00000030h]2_2_2015CE70
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20185E70 mov eax, dword ptr fs:[00000030h]2_2_20185E70
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20185E70 mov eax, dword ptr fs:[00000030h]2_2_20185E70
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20185E70 mov eax, dword ptr fs:[00000030h]2_2_20185E70
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20185E70 mov eax, dword ptr fs:[00000030h]2_2_20185E70
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2018A675 mov eax, dword ptr fs:[00000030h]2_2_2018A675
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184E61 mov eax, dword ptr fs:[00000030h]2_2_20184E61
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184E61 mov eax, dword ptr fs:[00000030h]2_2_20184E61
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20184E61 mov eax, dword ptr fs:[00000030h]2_2_20184E61
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20193E9A mov eax, dword ptr fs:[00000030h]2_2_20193E9A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20193E9A mov eax, dword ptr fs:[00000030h]2_2_20193E9A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20193E9A mov eax, dword ptr fs:[00000030h]2_2_20193E9A
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_2015C692 mov eax, dword ptr fs:[00000030h]2_2_2015C692
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_202286A9 mov eax, dword ptr fs:[00000030h]2_2_202286A9
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20166682 mov eax, dword ptr fs:[00000030h]2_2_20166682
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_201866B4 mov eax, dword ptr fs:[00000030h]2_2_201866B4
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20153EA0 mov eax, dword ptr fs:[00000030h]2_2_20153EA0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20153EA0 mov eax, dword ptr fs:[00000030h]2_2_20153EA0
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213E96 mov eax, dword ptr fs:[00000030h]2_2_20213E96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213E96 mov eax, dword ptr fs:[00000030h]2_2_20213E96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213E96 mov eax, dword ptr fs:[00000030h]2_2_20213E96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeCode function: 2_2_20213E96 mov eax, dword ptr fs:[00000030h]2_2_20213E96
        Source: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exeProcess created: C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe 'C:\Users\user\Desktop\c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe' Jump to behavior

        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe, 00000002.00000002.2460989354.0000000000C80000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe, 00000002.00000002.2460989354.0000000000C80000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe, 00000002.00000002.2460989354.0000000000C80000.00000002.00000001.sdmpBinary or memory string: hProgram ManagerWE
        Source: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe, 00000002.00000002.2460989354.0000000000C80000.00000002.00000001.sdmpBinary or memory string: Progmanlock

        Stealing of Sensitive Information:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack, type: UNPACKEDPE
        Yara detected Generic DropperShow sources
        Source: Yara matchFile source: Process Memory Space: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe PID: 4136, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe PID: 924, type: MEMORY

        Remote Access Functionality:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000002.00000002.2460317856.0000000000401000.00000020.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2462773750.0000000003E34000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 2.2.c0f5f94b8f695e7c5a4b6884ff1a122a2122ae1ed4e2a28a8c5470bbe957fa5a.exe.400000.0.unpack, type: UNPACKEDPE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Remote ManagementWinlogon Helper DLLProcess Injection2Disabling Security Tools1Credential DumpingVirtualization/Sandbox Evasion1Application Deployment SoftwareData from Local SystemData Encrypted1Standard Cryptographic Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesSoftware Packing11Network SniffingProcess Discovery2Remote ServicesData from Removable MediaExfiltration Over Other Network MediumFallback ChannelsExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionVirtualization/Sandbox Evasion1Input CaptureSecurity Software Discovery12Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationCustom Cryptographic ProtocolExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingProcess Injection2Credentials in FilesSystem Network Configuration Discovery1Logon ScriptsInput CaptureData EncryptedMultiband CommunicationSIM Card SwapPremium SMS Toll Fraud
        Exploit Public-Facing ApplicationCommand-Line InterfaceShortcut ModificationFile System Permissions WeaknessDeobfuscate/Decode Files or Information1Account ManipulationFile and Directory Discovery2Shared WebrootData StagedScheduled TransferStandard Cryptographic ProtocolManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Spearphishing LinkGraphical User InterfaceModify Existing ServiceNew ServiceObfuscated Files or Information3Brute ForceSystem Information Discovery11Third-party SoftwareScreen CaptureData Transfer Size LimitsCommonly Used PortJamming or Denial of ServiceAbuse Accessibility Features

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet