Loading ...

Play interactive tourEdit tour

Analysis Report be3a9035-6de8-4bfd-8334-a96d1f49dcae

Overview

General Information

Sample Name:be3a9035-6de8-4bfd-8334-a96d1f49dcae (renamed file extension from none to exe)
Analysis ID:299728
MD5:b6bf03088bb7b19dd5c1d03b7cffea67
SHA1:b7bebca34bb20bad51e318b26a3b2681a5808a73
SHA256:9af22e5ba74585e7c17e97f0a4d3e2d4da158cb50ccd558fd5334980de26e109

Most interesting Screenshot:

Detection

FormBook
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.330196057.00000000061FE000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000000.00000003.330196057.00000000061FE000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x1ebe9:$sqlite3step: 68 34 1C 7B E1
    • 0x1ecfc:$sqlite3step: 68 34 1C 7B E1
    • 0x1ec18:$sqlite3text: 68 38 2A 90 C5
    • 0x1ed3d:$sqlite3text: 68 38 2A 90 C5
    • 0x1ec2b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x1ed53:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000003.337136322.0000000006149000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x1a7de:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x1b6e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x390b1:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x38d0d:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x391b3:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x394d7:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x15c22:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x39f18:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1adf3:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x4a6aa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000003.332548420.000000000621B000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000003.332548420.000000000621B000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x1be9:$sqlite3step: 68 34 1C 7B E1
      • 0x1cfc:$sqlite3step: 68 34 1C 7B E1
      • 0x1c18:$sqlite3text: 68 38 2A 90 C5
      • 0x1d3d:$sqlite3text: 68 38 2A 90 C5
      • 0x1c2b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x1d53:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 21 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x175f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1770c:$sqlite3step: 68 34 1C 7B E1
        • 0x17628:$sqlite3text: 68 38 2A 90 C5
        • 0x1774d:$sqlite3text: 68 38 2A 90 C5
        • 0x1763b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17763:$sqlite3blob: 68 53 D8 7F 8C
        14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Multi AV Scanner detection for submitted fileShow sources
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeReversingLabs: Detection: 34%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000003.330196057.00000000061FE000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.332548420.000000000621B000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.332288198.000000000620A000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346599884.0000000003A0C000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.337124080.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.336682987.0000000006194000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.330752181.0000000006209000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346915708.0000000003AF2000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.332336257.000000000620D000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeJoe Sandbox ML: detected
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_6DDA3499 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext,0_2_6DDA3499
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_6DDA3470 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext,LocalAlloc,CertFreeCertificateContext,CryptDecodeObject,CertFreeCertificateContext,CertFreeCertificateContext,0_2_6DDA3470
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_6DDA3670 CryptQueryObject,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalAlloc,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,0_2_6DDA3670
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_701E3670 CryptQueryObject,CryptMsgClose,0_2_701E3670
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 4x nop then pop esi14_2_004172CF
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000003.336188035.00000000065E7000.00000004.00000001.sdmpString found in binary or memory: http://crl.micr
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://s2.symcb.com0
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://sv.symcd.com0&
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://www.symauth.com/cps0(
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: http://www.symauth.com/rpa00
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: https://d.symcb.com/cps0%
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, Fdf.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000003.330196057.00000000061FE000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.332548420.000000000621B000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.332288198.000000000620A000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346599884.0000000003A0C000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.337124080.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.336682987.0000000006194000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.330752181.0000000006209000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.346915708.0000000003AF2000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.332336257.000000000620D000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000000.00000003.330196057.00000000061FE000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000003.337136322.0000000006149000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000003.332548420.000000000621B000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000003.332288198.000000000620A000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.346599884.0000000003A0C000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.346599884.0000000003A0C000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.337124080.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.337124080.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000003.336682987.0000000006194000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000003.330752181.0000000006209000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000003.336767333.0000000006148000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.346915708.0000000003AF2000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.346915708.0000000003AF2000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000003.332336257.000000000620D000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          .NET source code contains very large array initializationsShow sources
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, u0030pu002dhu00295u00263bsu003c1u003a6gfu002c84fu005e/u0030lu0040u007c2g6nu007d_1pvu002a8u00264emu003e59xu002bu002c3sau003c77ju003bmu002d.csLarge array initialization: 9s/<3n0p;[2a6v:n&: array initializer size 220176
          Source: 0.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.3f0000.0.unpack, u0030pu002dhu00295u00263bsu003c1u003a6gfu002c84fu005e/u0030lu0040u007c2g6nu007d_1pvu002a8u00264emu003e59xu002bu002c3sau003c77ju003bmu002d.csLarge array initialization: 9s/<3n0p;[2a6v:n&: array initializer size 220176
          Source: 0.0.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.3f0000.0.unpack, u0030pu002dhu00295u00263bsu003c1u003a6gfu002c84fu005e/u0030lu0040u007c2g6nu007d_1pvu002a8u00264emu003e59xu002bu002c3sau003c77ju003bmu002d.csLarge array initialization: 9s/<3n0p;[2a6v:n&: array initializer size 220176
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.bd0000.1.unpack, u0030pu002dhu00295u00263bsu003c1u003a6gfu002c84fu005e/u0030lu0040u007c2g6nu007d_1pvu002a8u00264emu003e59xu002bu002c3sau003c77ju003bmu002d.csLarge array initialization: 9s/<3n0p;[2a6v:n&: array initializer size 220176
          Source: 14.0.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.bd0000.0.unpack, u0030pu002dhu00295u00263bsu003c1u003a6gfu002c84fu005e/u0030lu0040u007c2g6nu007d_1pvu002a8u00264emu003e59xu002bu002c3sau003c77ju003bmu002d.csLarge array initialization: 9s/<3n0p;[2a6v:n&: array initializer size 220176
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00419D50 NtCreateFile,14_2_00419D50
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00419E00 NtReadFile,14_2_00419E00
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00419E80 NtClose,14_2_00419E80
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00419F30 NtAllocateVirtualMemory,14_2_00419F30
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00419D4B NtCreateFile,14_2_00419D4B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00419DFA NtReadFile,14_2_00419DFA
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00419E7A NtClose,14_2_00419E7A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_01609660
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016096E0 NtFreeVirtualMemory,LdrInitializeThunk,14_2_016096E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609860 NtQuerySystemInformation,LdrInitializeThunk,14_2_01609860
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0160B040 NtSuspendThread,14_2_0160B040
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0160A3B0 NtGetContextThread,14_2_0160A3B0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609560 NtWriteFile,14_2_01609560
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609540 NtReadFile,14_2_01609540
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609520 NtWaitForSingleObject,14_2_01609520
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016095F0 NtQueryInformationFile,14_2_016095F0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016095D0 NtClose,14_2_016095D0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609760 NtOpenProcess,14_2_01609760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609770 NtSetInformationFile,14_2_01609770
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0160A770 NtOpenThread,14_2_0160A770
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609730 NtQueryVirtualMemory,14_2_01609730
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0160A710 NtOpenProcessToken,14_2_0160A710
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609710 NtQueryInformationToken,14_2_01609710
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016097A0 NtUnmapViewOfSection,14_2_016097A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609780 NtMapViewOfSection,14_2_01609780
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609670 NtQueryInformationProcess,14_2_01609670
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609650 NtQueryValueKey,14_2_01609650
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609610 NtEnumerateValueKey,14_2_01609610
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016096D0 NtCreateKey,14_2_016096D0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609950 NtQueueApcThread,14_2_01609950
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609910 NtAdjustPrivilegesToken,14_2_01609910
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016099D0 NtCreateProcessEx,14_2_016099D0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016099A0 NtCreateSection,14_2_016099A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609840 NtDelayExecution,14_2_01609840
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609820 NtEnumerateKey,14_2_01609820
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016098F0 NtReadVirtualMemory,14_2_016098F0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016098A0 NtWriteVirtualMemory,14_2_016098A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609B00 NtSetValueKey,14_2_01609B00
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609A50 NtCreateFile,14_2_01609A50
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609A20 NtResumeThread,14_2_01609A20
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609A00 NtProtectVirtualMemory,14_2_01609A00
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609A10 NtQuerySection,14_2_01609A10
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609A80 NtOpenDirectoryObject,14_2_01609A80
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0160AD30 NtSetContextThread,14_2_0160AD30
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609FE0 NtCreateMutant,14_2_01609FE0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00D8E9C8 CreateProcessAsUserW,0_2_00D8E9C8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00D8F1C90_2_00D8F1C9
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00D8D1A80_2_00D8D1A8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00D89DB80_2_00D89DB8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00D89DB70_2_00D89DB7
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0040103014_2_00401030
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0041D95814_2_0041D958
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0041D12314_2_0041D123
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0041D45914_2_0041D459
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0041E52114_2_0041E521
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00402D8814_2_00402D88
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00402D9014_2_00402D90
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00409E2C14_2_00409E2C
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00409E3014_2_00409E30
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0041DF9314_2_0041DF93
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00402FB014_2_00402FB0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E412014_2_015E4120
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DC1C014_2_015DC1C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F701D14_2_015F701D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168100214_2_01681002
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016860F514_2_016860F5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016920A814_2_016920A8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB09014_2_015DB090
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F20A014_2_015F20A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E336014_2_015E3360
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA30914_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168231B14_2_0168231B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016723E314_2_016723E3
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016803DA14_2_016803DA
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F138B14_2_015F138B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB23614_2_015EB236
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CC2C314_2_015CC2C3
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168E2C514_2_0168E2C5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016932A914_2_016932A9
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016922AE14_2_016922AE
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016925DD14_2_016925DD
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DD5E014_2_015DD5E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F258114_2_015F2581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F65A014_2_015F65A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168D46614_2_0168D466
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB47714_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D841F14_2_015D841F
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E243014_2_015E2430
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168449614_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016867E214_2_016867E2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C966014_2_015C9660
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E560014_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168D61614_2_0168D616
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C014_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D191514_2_015D1915
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CF90014_2_015CF900
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E299014_2_015E2990
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E99BF14_2_015E99BF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169E82414_2_0169E824
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C680014_2_015C6800
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA83014_2_015EA830
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016928EC14_2_016928EC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C88E014_2_015C88E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EAB4014_2_015EAB40
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0166CB4F14_2_0166CB4F
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01692B2814_2_01692B28
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FABD814_2_015FABD8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01618BE814_2_01618BE8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168DBD214_2_0168DBD2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EEB9A14_2_015EEB9A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0166EB8A14_2_0166EB8A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FEBB014_2_015FEBB0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01685A4F14_2_01685A4F
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0167FA2B14_2_0167FA2B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684AEF14_2_01684AEF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E2D5014_2_015E2D50
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01691D5514_2_01691D55
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01692D0714_2_01692D07
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C0D2014_2_015C0D20
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01682D8214_2_01682D82
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168CC7714_2_0168CC77
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F4CD414_2_015F4CD4
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D4CEC14_2_015D4CEC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01691FF114_2_01691FF1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CCFFF14_2_015CCFFF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169DFCE14_2_0169DFCE
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0164AE6014_2_0164AE60
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: String function: 015CB150 appears 177 times
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: String function: 01655720 appears 84 times
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: String function: 0161D08C appears 55 times
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: String function: 00D82DA0 appears 62 times
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: String function: 01645510 appears 36 times
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.348228852.0000000005D10000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.348173041.0000000005CA0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamerunfileinmemoryLib.dllF vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.346507918.000000000393D000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamef.dll$ vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.349422157.000000006DDB9000.00000002.00020000.sdmpBinary or memory string: OriginalFilename vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000000.200548074.000000000046A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamerdfsdfg.exe8 vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.348267947.0000000005E20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 0000000E.00000002.337292804.0000000000C4A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamerdfsdfg.exe8 vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 0000000E.00000002.339549708.000000000184F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeBinary or memory string: OriginalFilenamerdfsdfg.exe8 vs be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: 00000000.00000003.330196057.00000000061FE000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000003.337136322.0000000006149000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000003.332548420.000000000621B000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000003.332288198.000000000620A000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.346599884.0000000003A0C000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.346599884.0000000003A0C000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.337124080.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.337124080.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000003.336682987.0000000006194000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.346644178.0000000003A57000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000003.330752181.0000000006209000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000003.336767333.0000000006148000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.346915708.0000000003AF2000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.346915708.0000000003AF2000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000003.332336257.000000000620D000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, u0036hu0026yu002849vu0025u005e2f5lu0040pu003a7u007c1n8m/mu00213u005e8h2fu0029wu00261u003f5b4.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.3f0000.0.unpack, u0036hu0026yu002849vu0025u005e2f5lu0040pu003a7u007c1n8m/mu00213u005e8h2fu0029wu00261u003f5b4.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.0.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.3f0000.0.unpack, u0036hu0026yu002849vu0025u005e2f5lu0040pu003a7u007c1n8m/mu00213u005e8h2fu0029wu00261u003f5b4.csCryptographic APIs: 'CreateDecryptor'
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.bd0000.1.unpack, u0036hu0026yu002849vu0025u005e2f5lu0040pu003a7u007c1n8m/mu00213u005e8h2fu0029wu00261u003f5b4.csCryptographic APIs: 'CreateDecryptor'
          Source: 14.0.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.bd0000.0.unpack, u0036hu0026yu002849vu0025u005e2f5lu0040pu003a7u007c1n8m/mu00213u005e8h2fu0029wu00261u003f5b4.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal84.troj.evad.winEXE@3/3@0/0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.logJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeFile created: C:\Users\user\AppData\Local\Temp\c7ebace9-d4f3-4576-b8fe-2fe996e42813Jump to behavior
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeReversingLabs: Detection: 34%
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeFile read: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe:Zone.IdentifierJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe 'C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess created: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: Binary string: clrjit.pdb source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000003.328768729.00000000064F4000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 0000000E.00000002.337796981.00000000015A0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe
          Source: Binary string: C:\Dropbox\Dev\ag.v66\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, 00000000.00000002.349360860.000000006DDB3000.00000002.00020000.sdmp, Fdf.dll.0.dr

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe, su00299u00211j5vu0026xu007b3u002f8blu005e2u003c0v/eu002813gu005dlu002b60hu002diu003e97fu007dju003a5u007c4s8.cs.Net Code: .cctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.3f0000.0.unpack, su00299u00211j5vu0026xu007b3u002f8blu005e2u003c0v/eu002813gu005dlu002b60hu002diu003e97fu007dju003a5u007c4s8.cs.Net Code: .cctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.0.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.3f0000.0.unpack, su00299u00211j5vu0026xu007b3u002f8blu005e2u003c0v/eu002813gu005dlu002b60hu002diu003e97fu007dju003a5u007c4s8.cs.Net Code: .cctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 14.2.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.bd0000.1.unpack, su00299u00211j5vu0026xu007b3u002f8blu005e2u003c0v/eu002813gu005dlu002b60hu002diu003e97fu007dju003a5u007c4s8.cs.Net Code: .cctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 14.0.be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe.bd0000.0.unpack, su00299u00211j5vu0026xu007b3u002f8blu005e2u003c0v/eu002813gu005dlu002b60hu002diu003e97fu007dju003a5u007c4s8.cs.Net Code: .cctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_6DDAA090 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree,0_2_6DDAA090
          Source: Fdf.dll.0.drStatic PE information: section name: .didat
          Source: Fdf.dll.0.drStatic PE information: section name: .00cfg
          Source: AgileDotNetRT.dll.0.drStatic PE information: section name: .didat
          Source: AgileDotNetRT.dll.0.drStatic PE information: section name: .00cfg
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00431046 push cs; ret 0_2_00431047
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042F644 push cs; ret 0_2_0042F645
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042EF4E push cs; ret 0_2_0042EF4F
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042E76A push cs; ret 0_2_0042E76B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00430570 push cs; ret 0_2_00430571
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042F276 push cs; ret 0_2_0042F277
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00431375 push cs; ret 0_2_00431376
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042DC00 push cs; ret 0_2_0042DC01
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00430916 push cs; ret 0_2_00430917
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042EB21 push cs; ret 0_2_0042EB22
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042FB24 pushad ; ret 0_2_0042FB2E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0043172B push cs; ret 0_2_0043172C
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00430CC1 push cs; ret 0_2_00430CC2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042FDC5 push cs; ret 0_2_0042FDC6
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00431ACF push cs; ret 0_2_00431AD0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042DEE0 push cs; ret 0_2_0042DEE1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042F8FB push ecx; iretd 0_2_0042F8FE
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042DFF8 push cs; ret 0_2_0042DFF9
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042F9FF push cs; ret 0_2_0042FA00
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00430190 push cs; ret 0_2_00430191
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042EEA6 push cs; ret 0_2_0042EEA7
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_0042E3A7 push cs; ret 0_2_0042E3A8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_004311BC push ecx; iretd 0_2_004311E9
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00D836EF push ss; retf 0_2_00D836FE
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_00D8BC99 push cs; retf 0_2_00D8BC9E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_004078CB push eax; ret 14_2_004078D1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00416940 push ebp; ret 14_2_00416949
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00411B86 push ebp; iretd 14_2_00411B8C
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0041DC2B push esp; retf 14_2_0041DC2E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_00417D36 push eax; iretd 14_2_00417D37
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0041CEF2 push eax; ret 14_2_0041CEF8
          Source: initial sampleStatic PE information: section name: .text entropy: 7.82434314311
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeFile created: C:\Users\user\AppData\Local\Temp\c7ebace9-d4f3-4576-b8fe-2fe996e42813\Fdf.dllJump to dropped file
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeFile created: C:\Users\user\AppData\Local\Temp\b35bc50e-fc56-4239-a7d0-bb79118b31c9\AgileDotNetRT.dllJump to dropped file
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeRDTSC instruction interceptor: First address: 000000006DDA1D36 second address: 000000006DDA2A87 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-10h], eax 0x00000005 mov dword ptr [ebp-0Ch], edx 0x00000008 mov eax, dword ptr [ebp-10h] 0x0000000b sub eax, dword ptr [ebp-08h] 0x0000000e mov edx, dword ptr [ebp-0Ch] 0x00000011 sbb edx, dword ptr [ebp-04h] 0x00000014 pop edi 0x00000015 pop esi 0x00000016 pop ebx 0x00000017 mov esp, ebp 0x00000019 pop ebp 0x0000001a ret 0x0000001b mov dword ptr [6DDB53C0h], eax 0x00000020 mov dword ptr [6DDB53C4h], edx 0x00000026 mov dword ptr [ebp-0Ch], 00000000h 0x0000002d jmp 00007FF2B0831FBBh 0x0000002f mov eax, dword ptr [ebp-0Ch] 0x00000032 cmp eax, dword ptr [ebp+08h] 0x00000035 jnl 00007FF2B0831FF6h 0x00000037 rdtsc
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeRDTSC instruction interceptor: First address: 000000006DDA2A97 second address: 000000006DDA2A87 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-08h], eax 0x00000005 mov dword ptr [ebp-04h], edx 0x00000008 mov eax, dword ptr [ebp-08h] 0x0000000b sub eax, dword ptr [ebp-14h] 0x0000000e mov ecx, dword ptr [ebp-04h] 0x00000011 sbb ecx, dword ptr [ebp-10h] 0x00000014 mov dword ptr [ebp-5Ch], eax 0x00000017 mov dword ptr [ebp-58h], ecx 0x0000001a mov edx, dword ptr [ebp-58h] 0x0000001d cmp edx, dword ptr [6DDB53C4h] 0x00000023 jl 00007FF2B0835645h 0x00000025 jnle 00007FF2B083567Dh 0x00000027 jmp 00007FF2B083561Dh 0x00000029 mov eax, dword ptr [ebp-0Ch] 0x0000002c add eax, 01h 0x0000002f mov dword ptr [ebp-0Ch], eax 0x00000032 mov eax, dword ptr [ebp-0Ch] 0x00000035 cmp eax, dword ptr [ebp+08h] 0x00000038 jnl 00007FF2B08356B6h 0x0000003a rdtsc
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeRDTSC instruction interceptor: First address: 00000000701E1D36 second address: 00000000701E2A87 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-10h], eax 0x00000005 mov dword ptr [ebp-0Ch], edx 0x00000008 mov eax, dword ptr [ebp-10h] 0x0000000b sub eax, dword ptr [ebp-08h] 0x0000000e mov edx, dword ptr [ebp-0Ch] 0x00000011 sbb edx, dword ptr [ebp-04h] 0x00000014 pop edi 0x00000015 pop esi 0x00000016 pop ebx 0x00000017 mov esp, ebp 0x00000019 pop ebp 0x0000001a ret 0x0000001b mov dword ptr [701F53C0h], eax 0x00000020 mov dword ptr [701F53C4h], edx 0x00000026 mov dword ptr [ebp-0Ch], 00000000h 0x0000002d jmp 00007FF2B0831FBBh 0x0000002f mov eax, dword ptr [ebp-0Ch] 0x00000032 cmp eax, dword ptr [ebp+08h] 0x00000035 jnl 00007FF2B0831FF6h 0x00000037 rdtsc
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeRDTSC instruction interceptor: First address: 00000000701E2A97 second address: 00000000701E2A87 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-08h], eax 0x00000005 mov dword ptr [ebp-04h], edx 0x00000008 mov eax, dword ptr [ebp-08h] 0x0000000b sub eax, dword ptr [ebp-14h] 0x0000000e mov ecx, dword ptr [ebp-04h] 0x00000011 sbb ecx, dword ptr [ebp-10h] 0x00000014 mov dword ptr [ebp-5Ch], eax 0x00000017 mov dword ptr [ebp-58h], ecx 0x0000001a mov edx, dword ptr [ebp-58h] 0x0000001d cmp edx, dword ptr [701F53C4h] 0x00000023 jl 00007FF2B0835645h 0x00000025 jnle 00007FF2B083567Dh 0x00000027 jmp 00007FF2B083561Dh 0x00000029 mov eax, dword ptr [ebp-0Ch] 0x0000002c add eax, 01h 0x0000002f mov dword ptr [ebp-0Ch], eax 0x00000032 mov eax, dword ptr [ebp-0Ch] 0x00000035 cmp eax, dword ptr [ebp+08h] 0x00000038 jnl 00007FF2B08356B6h 0x0000003a rdtsc
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_6DDA2A40 rdtsc 0_2_6DDA2A40
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeWindow / User API: threadDelayed 491Jump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeAPI coverage: 1.2 %
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe TID: 6640Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe TID: 6624Thread sleep count: 196 > 30Jump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe TID: 6640Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe TID: 4700Thread sleep count: 42 > 30Jump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe TID: 4700Thread sleep count: 491 > 30Jump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exe TID: 6612Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_6DDB0CF3 VirtualQuery,GetSystemInfo,0_2_6DDB0CF3
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_6DDA2A40 rdtsc 0_2_6DDA2A40
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01609660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_01609660
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 0_2_6DDAA090 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree,0_2_6DDAA090
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0164714D mov eax, dword ptr fs:[00000030h]14_2_0164714D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0164714D mov eax, dword ptr fs:[00000030h]14_2_0164714D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB171 mov eax, dword ptr fs:[00000030h]14_2_015CB171
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB171 mov eax, dword ptr fs:[00000030h]14_2_015CB171
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9100 mov eax, dword ptr fs:[00000030h]14_2_015C9100
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9100 mov eax, dword ptr fs:[00000030h]14_2_015C9100
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9100 mov eax, dword ptr fs:[00000030h]14_2_015C9100
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D0100 mov eax, dword ptr fs:[00000030h]14_2_015D0100
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D0100 mov eax, dword ptr fs:[00000030h]14_2_015D0100
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D0100 mov eax, dword ptr fs:[00000030h]14_2_015D0100
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C3138 mov ecx, dword ptr fs:[00000030h]14_2_015C3138
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F513A mov eax, dword ptr fs:[00000030h]14_2_015F513A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F513A mov eax, dword ptr fs:[00000030h]14_2_015F513A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4120 mov eax, dword ptr fs:[00000030h]14_2_015E4120
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4120 mov eax, dword ptr fs:[00000030h]14_2_015E4120
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4120 mov eax, dword ptr fs:[00000030h]14_2_015E4120
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4120 mov eax, dword ptr fs:[00000030h]14_2_015E4120
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4120 mov ecx, dword ptr fs:[00000030h]14_2_015E4120
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016541E8 mov eax, dword ptr fs:[00000030h]14_2_016541E8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0165D1F9 mov eax, dword ptr fs:[00000030h]14_2_0165D1F9
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DC1C0 mov eax, dword ptr fs:[00000030h]14_2_015DC1C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015ED1EF mov eax, dword ptr fs:[00000030h]14_2_015ED1EF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov ecx, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov ecx, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016831DC mov eax, dword ptr fs:[00000030h]14_2_016831DC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C31E0 mov eax, dword ptr fs:[00000030h]14_2_015C31E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB1E1 mov eax, dword ptr fs:[00000030h]14_2_015CB1E1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB1E1 mov eax, dword ptr fs:[00000030h]14_2_015CB1E1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB1E1 mov eax, dword ptr fs:[00000030h]14_2_015CB1E1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C519E mov eax, dword ptr fs:[00000030h]14_2_015C519E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C519E mov ecx, dword ptr fs:[00000030h]14_2_015C519E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8190 mov ecx, dword ptr fs:[00000030h]14_2_015C8190
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F4190 mov eax, dword ptr fs:[00000030h]14_2_015F4190
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016451BE mov eax, dword ptr fs:[00000030h]14_2_016451BE
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016451BE mov eax, dword ptr fs:[00000030h]14_2_016451BE
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016451BE mov eax, dword ptr fs:[00000030h]14_2_016451BE
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016451BE mov eax, dword ptr fs:[00000030h]14_2_016451BE
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FA185 mov eax, dword ptr fs:[00000030h]14_2_015FA185
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EC182 mov eax, dword ptr fs:[00000030h]14_2_015EC182
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169F1B5 mov eax, dword ptr fs:[00000030h]14_2_0169F1B5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169F1B5 mov eax, dword ptr fs:[00000030h]14_2_0169F1B5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168A189 mov eax, dword ptr fs:[00000030h]14_2_0168A189
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168A189 mov ecx, dword ptr fs:[00000030h]14_2_0168A189
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D61A7 mov eax, dword ptr fs:[00000030h]14_2_015D61A7
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D61A7 mov eax, dword ptr fs:[00000030h]14_2_015D61A7
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D61A7 mov eax, dword ptr fs:[00000030h]14_2_015D61A7
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D61A7 mov eax, dword ptr fs:[00000030h]14_2_015D61A7
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F61A0 mov eax, dword ptr fs:[00000030h]14_2_015F61A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F61A0 mov eax, dword ptr fs:[00000030h]14_2_015F61A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C7057 mov eax, dword ptr fs:[00000030h]14_2_015C7057
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C5050 mov eax, dword ptr fs:[00000030h]14_2_015C5050
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C5050 mov eax, dword ptr fs:[00000030h]14_2_015C5050
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C5050 mov eax, dword ptr fs:[00000030h]14_2_015C5050
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E0050 mov eax, dword ptr fs:[00000030h]14_2_015E0050
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E0050 mov eax, dword ptr fs:[00000030h]14_2_015E0050
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01682073 mov eax, dword ptr fs:[00000030h]14_2_01682073
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01691074 mov eax, dword ptr fs:[00000030h]14_2_01691074
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F701D mov eax, dword ptr fs:[00000030h]14_2_015F701D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F701D mov eax, dword ptr fs:[00000030h]14_2_015F701D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F701D mov eax, dword ptr fs:[00000030h]14_2_015F701D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F701D mov eax, dword ptr fs:[00000030h]14_2_015F701D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F701D mov eax, dword ptr fs:[00000030h]14_2_015F701D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F701D mov eax, dword ptr fs:[00000030h]14_2_015F701D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F002D mov eax, dword ptr fs:[00000030h]14_2_015F002D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F002D mov eax, dword ptr fs:[00000030h]14_2_015F002D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F002D mov eax, dword ptr fs:[00000030h]14_2_015F002D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F002D mov eax, dword ptr fs:[00000030h]14_2_015F002D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F002D mov eax, dword ptr fs:[00000030h]14_2_015F002D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01647016 mov eax, dword ptr fs:[00000030h]14_2_01647016
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01647016 mov eax, dword ptr fs:[00000030h]14_2_01647016
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01647016 mov eax, dword ptr fs:[00000030h]14_2_01647016
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB02A mov eax, dword ptr fs:[00000030h]14_2_015DB02A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB02A mov eax, dword ptr fs:[00000030h]14_2_015DB02A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB02A mov eax, dword ptr fs:[00000030h]14_2_015DB02A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB02A mov eax, dword ptr fs:[00000030h]14_2_015DB02A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01694015 mov eax, dword ptr fs:[00000030h]14_2_01694015
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01694015 mov eax, dword ptr fs:[00000030h]14_2_01694015
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01653019 mov eax, dword ptr fs:[00000030h]14_2_01653019
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F4020 mov edi, dword ptr fs:[00000030h]14_2_015F4020
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C70C0 mov eax, dword ptr fs:[00000030h]14_2_015C70C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C70C0 mov eax, dword ptr fs:[00000030h]14_2_015C70C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016860F5 mov eax, dword ptr fs:[00000030h]14_2_016860F5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016860F5 mov eax, dword ptr fs:[00000030h]14_2_016860F5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016860F5 mov eax, dword ptr fs:[00000030h]14_2_016860F5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016860F5 mov eax, dword ptr fs:[00000030h]14_2_016860F5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B0C7 mov eax, dword ptr fs:[00000030h]14_2_0168B0C7
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B0C7 mov eax, dword ptr fs:[00000030h]14_2_0168B0C7
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C40E1 mov eax, dword ptr fs:[00000030h]14_2_015C40E1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C40E1 mov eax, dword ptr fs:[00000030h]14_2_015C40E1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C40E1 mov eax, dword ptr fs:[00000030h]14_2_015C40E1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016090AF mov eax, dword ptr fs:[00000030h]14_2_016090AF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9080 mov eax, dword ptr fs:[00000030h]14_2_015C9080
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB080 mov eax, dword ptr fs:[00000030h]14_2_015CB080
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FF0BF mov ecx, dword ptr fs:[00000030h]14_2_015FF0BF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FF0BF mov eax, dword ptr fs:[00000030h]14_2_015FF0BF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FF0BF mov eax, dword ptr fs:[00000030h]14_2_015FF0BF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F20A0 mov eax, dword ptr fs:[00000030h]14_2_015F20A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F20A0 mov eax, dword ptr fs:[00000030h]14_2_015F20A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F20A0 mov eax, dword ptr fs:[00000030h]14_2_015F20A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F20A0 mov eax, dword ptr fs:[00000030h]14_2_015F20A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F20A0 mov eax, dword ptr fs:[00000030h]14_2_015F20A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F20A0 mov eax, dword ptr fs:[00000030h]14_2_015F20A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01656365 mov eax, dword ptr fs:[00000030h]14_2_01656365
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01656365 mov eax, dword ptr fs:[00000030h]14_2_01656365
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01656365 mov eax, dword ptr fs:[00000030h]14_2_01656365
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CF358 mov eax, dword ptr fs:[00000030h]14_2_015CF358
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DF370 mov eax, dword ptr fs:[00000030h]14_2_015DF370
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DF370 mov eax, dword ptr fs:[00000030h]14_2_015DF370
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DF370 mov eax, dword ptr fs:[00000030h]14_2_015DF370
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA309 mov eax, dword ptr fs:[00000030h]14_2_015EA309
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0167E33D mov eax, dword ptr fs:[00000030h]14_2_0167E33D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168131B mov eax, dword ptr fs:[00000030h]14_2_0168131B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016723E3 mov ecx, dword ptr fs:[00000030h]14_2_016723E3
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016723E3 mov ecx, dword ptr fs:[00000030h]14_2_016723E3
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016723E3 mov eax, dword ptr fs:[00000030h]14_2_016723E3
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F53C5 mov eax, dword ptr fs:[00000030h]14_2_015F53C5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016453CA mov eax, dword ptr fs:[00000030h]14_2_016453CA
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016453CA mov eax, dword ptr fs:[00000030h]14_2_016453CA
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F03E2 mov eax, dword ptr fs:[00000030h]14_2_015F03E2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F03E2 mov eax, dword ptr fs:[00000030h]14_2_015F03E2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F03E2 mov eax, dword ptr fs:[00000030h]14_2_015F03E2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F03E2 mov eax, dword ptr fs:[00000030h]14_2_015F03E2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F03E2 mov eax, dword ptr fs:[00000030h]14_2_015F03E2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F03E2 mov eax, dword ptr fs:[00000030h]14_2_015F03E2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F2397 mov eax, dword ptr fs:[00000030h]14_2_015F2397
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FB390 mov eax, dword ptr fs:[00000030h]14_2_015FB390
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F138B mov eax, dword ptr fs:[00000030h]14_2_015F138B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F138B mov eax, dword ptr fs:[00000030h]14_2_015F138B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F138B mov eax, dword ptr fs:[00000030h]14_2_015F138B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168138A mov eax, dword ptr fs:[00000030h]14_2_0168138A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0167D380 mov ecx, dword ptr fs:[00000030h]14_2_0167D380
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0167B260 mov eax, dword ptr fs:[00000030h]14_2_0167B260
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0167B260 mov eax, dword ptr fs:[00000030h]14_2_0167B260
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0160927A mov eax, dword ptr fs:[00000030h]14_2_0160927A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9240 mov eax, dword ptr fs:[00000030h]14_2_015C9240
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9240 mov eax, dword ptr fs:[00000030h]14_2_015C9240
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9240 mov eax, dword ptr fs:[00000030h]14_2_015C9240
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9240 mov eax, dword ptr fs:[00000030h]14_2_015C9240
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01654257 mov eax, dword ptr fs:[00000030h]14_2_01654257
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01681229 mov eax, dword ptr fs:[00000030h]14_2_01681229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C5210 mov eax, dword ptr fs:[00000030h]14_2_015C5210
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C5210 mov ecx, dword ptr fs:[00000030h]14_2_015C5210
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C5210 mov eax, dword ptr fs:[00000030h]14_2_015C5210
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C5210 mov eax, dword ptr fs:[00000030h]14_2_015C5210
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8239 mov eax, dword ptr fs:[00000030h]14_2_015C8239
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8239 mov eax, dword ptr fs:[00000030h]14_2_015C8239
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8239 mov eax, dword ptr fs:[00000030h]14_2_015C8239
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB236 mov eax, dword ptr fs:[00000030h]14_2_015EB236
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB236 mov eax, dword ptr fs:[00000030h]14_2_015EB236
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB236 mov eax, dword ptr fs:[00000030h]14_2_015EB236
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB236 mov eax, dword ptr fs:[00000030h]14_2_015EB236
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB236 mov eax, dword ptr fs:[00000030h]14_2_015EB236
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB236 mov eax, dword ptr fs:[00000030h]14_2_015EB236
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB233 mov eax, dword ptr fs:[00000030h]14_2_015CB233
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB233 mov eax, dword ptr fs:[00000030h]14_2_015CB233
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EA229 mov eax, dword ptr fs:[00000030h]14_2_015EA229
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B2E8 mov eax, dword ptr fs:[00000030h]14_2_0168B2E8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B2E8 mov eax, dword ptr fs:[00000030h]14_2_0168B2E8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B2E8 mov eax, dword ptr fs:[00000030h]14_2_0168B2E8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B2E8 mov eax, dword ptr fs:[00000030h]14_2_0168B2E8
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C12D4 mov eax, dword ptr fs:[00000030h]14_2_015C12D4
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FD294 mov eax, dword ptr fs:[00000030h]14_2_015FD294
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FD294 mov eax, dword ptr fs:[00000030h]14_2_015FD294
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F12BD mov esi, dword ptr fs:[00000030h]14_2_015F12BD
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F12BD mov eax, dword ptr fs:[00000030h]14_2_015F12BD
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F12BD mov eax, dword ptr fs:[00000030h]14_2_015F12BD
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168129A mov eax, dword ptr fs:[00000030h]14_2_0168129A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C52A5 mov eax, dword ptr fs:[00000030h]14_2_015C52A5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C52A5 mov eax, dword ptr fs:[00000030h]14_2_015C52A5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C52A5 mov eax, dword ptr fs:[00000030h]14_2_015C52A5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C52A5 mov eax, dword ptr fs:[00000030h]14_2_015C52A5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C52A5 mov eax, dword ptr fs:[00000030h]14_2_015C52A5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D62A0 mov eax, dword ptr fs:[00000030h]14_2_015D62A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D62A0 mov eax, dword ptr fs:[00000030h]14_2_015D62A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D62A0 mov eax, dword ptr fs:[00000030h]14_2_015D62A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D62A0 mov eax, dword ptr fs:[00000030h]14_2_015D62A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C354C mov eax, dword ptr fs:[00000030h]14_2_015C354C
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C354C mov eax, dword ptr fs:[00000030h]14_2_015C354C
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB540 mov eax, dword ptr fs:[00000030h]14_2_015CB540
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CB540 mov eax, dword ptr fs:[00000030h]14_2_015CB540
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01643540 mov eax, dword ptr fs:[00000030h]14_2_01643540
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EC577 mov eax, dword ptr fs:[00000030h]14_2_015EC577
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EC577 mov eax, dword ptr fs:[00000030h]14_2_015EC577
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C751A mov eax, dword ptr fs:[00000030h]14_2_015C751A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C751A mov eax, dword ptr fs:[00000030h]14_2_015C751A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C751A mov eax, dword ptr fs:[00000030h]14_2_015C751A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C751A mov eax, dword ptr fs:[00000030h]14_2_015C751A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9515 mov ecx, dword ptr fs:[00000030h]14_2_015C9515
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168E539 mov eax, dword ptr fs:[00000030h]14_2_0168E539
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0164A537 mov eax, dword ptr fs:[00000030h]14_2_0164A537
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01683518 mov eax, dword ptr fs:[00000030h]14_2_01683518
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01683518 mov eax, dword ptr fs:[00000030h]14_2_01683518
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01683518 mov eax, dword ptr fs:[00000030h]14_2_01683518
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FF527 mov eax, dword ptr fs:[00000030h]14_2_015FF527
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FF527 mov eax, dword ptr fs:[00000030h]14_2_015FF527
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FF527 mov eax, dword ptr fs:[00000030h]14_2_015FF527
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C15C1 mov eax, dword ptr fs:[00000030h]14_2_015C15C1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C95F0 mov eax, dword ptr fs:[00000030h]14_2_015C95F0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C95F0 mov ecx, dword ptr fs:[00000030h]14_2_015C95F0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F95EC mov eax, dword ptr fs:[00000030h]14_2_015F95EC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DD5E0 mov eax, dword ptr fs:[00000030h]14_2_015DD5E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DD5E0 mov eax, dword ptr fs:[00000030h]14_2_015DD5E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016905AC mov eax, dword ptr fs:[00000030h]14_2_016905AC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016905AC mov eax, dword ptr fs:[00000030h]14_2_016905AC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C3591 mov eax, dword ptr fs:[00000030h]14_2_015C3591
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F2581 mov eax, dword ptr fs:[00000030h]14_2_015F2581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F2581 mov eax, dword ptr fs:[00000030h]14_2_015F2581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F2581 mov eax, dword ptr fs:[00000030h]14_2_015F2581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F2581 mov eax, dword ptr fs:[00000030h]14_2_015F2581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B581 mov eax, dword ptr fs:[00000030h]14_2_0168B581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B581 mov eax, dword ptr fs:[00000030h]14_2_0168B581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B581 mov eax, dword ptr fs:[00000030h]14_2_0168B581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0168B581 mov eax, dword ptr fs:[00000030h]14_2_0168B581
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F35A1 mov eax, dword ptr fs:[00000030h]14_2_015F35A1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F65A0 mov eax, dword ptr fs:[00000030h]14_2_015F65A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F65A0 mov eax, dword ptr fs:[00000030h]14_2_015F65A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F65A0 mov eax, dword ptr fs:[00000030h]14_2_015F65A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C9450 mov eax, dword ptr fs:[00000030h]14_2_015C9450
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FA44B mov eax, dword ptr fs:[00000030h]14_2_015FA44B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB477 mov eax, dword ptr fs:[00000030h]14_2_015EB477
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E746D mov eax, dword ptr fs:[00000030h]14_2_015E746D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0165C450 mov eax, dword ptr fs:[00000030h]14_2_0165C450
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0165C450 mov eax, dword ptr fs:[00000030h]14_2_0165C450
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01698450 mov eax, dword ptr fs:[00000030h]14_2_01698450
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8466 mov eax, dword ptr fs:[00000030h]14_2_015C8466
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8466 mov eax, dword ptr fs:[00000030h]14_2_015C8466
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8410 mov eax, dword ptr fs:[00000030h]14_2_015C8410
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169740D mov eax, dword ptr fs:[00000030h]14_2_0169740D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169740D mov eax, dword ptr fs:[00000030h]14_2_0169740D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169740D mov eax, dword ptr fs:[00000030h]14_2_0169740D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C4439 mov eax, dword ptr fs:[00000030h]14_2_015C4439
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB433 mov eax, dword ptr fs:[00000030h]14_2_015DB433
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB433 mov eax, dword ptr fs:[00000030h]14_2_015DB433
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB433 mov eax, dword ptr fs:[00000030h]14_2_015DB433
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E2430 mov eax, dword ptr fs:[00000030h]14_2_015E2430
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E2430 mov eax, dword ptr fs:[00000030h]14_2_015E2430
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016814FB mov eax, dword ptr fs:[00000030h]14_2_016814FB
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F84E0 mov eax, dword ptr fs:[00000030h]14_2_015F84E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F84E0 mov eax, dword ptr fs:[00000030h]14_2_015F84E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F84E0 mov eax, dword ptr fs:[00000030h]14_2_015F84E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F84E0 mov eax, dword ptr fs:[00000030h]14_2_015F84E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F84E0 mov eax, dword ptr fs:[00000030h]14_2_015F84E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F84E0 mov eax, dword ptr fs:[00000030h]14_2_015F84E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016534A0 mov eax, dword ptr fs:[00000030h]14_2_016534A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016534A0 mov eax, dword ptr fs:[00000030h]14_2_016534A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016534A0 mov eax, dword ptr fs:[00000030h]14_2_016534A0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D849B mov eax, dword ptr fs:[00000030h]14_2_015D849B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C649B mov eax, dword ptr fs:[00000030h]14_2_015C649B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C649B mov eax, dword ptr fs:[00000030h]14_2_015C649B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016564B5 mov eax, dword ptr fs:[00000030h]14_2_016564B5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016564B5 mov eax, dword ptr fs:[00000030h]14_2_016564B5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C1480 mov eax, dword ptr fs:[00000030h]14_2_015C1480
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D34B1 mov eax, dword ptr fs:[00000030h]14_2_015D34B1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D34B1 mov eax, dword ptr fs:[00000030h]14_2_015D34B1
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FD4B0 mov eax, dword ptr fs:[00000030h]14_2_015FD4B0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D14A9 mov eax, dword ptr fs:[00000030h]14_2_015D14A9
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D14A9 mov ecx, dword ptr fs:[00000030h]14_2_015D14A9
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01684496 mov eax, dword ptr fs:[00000030h]14_2_01684496
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CE748 mov eax, dword ptr fs:[00000030h]14_2_015CE748
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CE748 mov eax, dword ptr fs:[00000030h]14_2_015CE748
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CA745 mov eax, dword ptr fs:[00000030h]14_2_015CA745
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01681751 mov eax, dword ptr fs:[00000030h]14_2_01681751
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov ecx, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C8760 mov eax, dword ptr fs:[00000030h]14_2_015C8760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EE760 mov eax, dword ptr fs:[00000030h]14_2_015EE760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EE760 mov eax, dword ptr fs:[00000030h]14_2_015EE760
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EF716 mov eax, dword ptr fs:[00000030h]14_2_015EF716
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FD715 mov eax, dword ptr fs:[00000030h]14_2_015FD715
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FD715 mov eax, dword ptr fs:[00000030h]14_2_015FD715
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F4710 mov eax, dword ptr fs:[00000030h]14_2_015F4710
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FA70E mov eax, dword ptr fs:[00000030h]14_2_015FA70E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FA70E mov eax, dword ptr fs:[00000030h]14_2_015FA70E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FC707 mov eax, dword ptr fs:[00000030h]14_2_015FC707
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FC707 mov ecx, dword ptr fs:[00000030h]14_2_015FC707
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FC707 mov eax, dword ptr fs:[00000030h]14_2_015FC707
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB73D mov eax, dword ptr fs:[00000030h]14_2_015EB73D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015EB73D mov eax, dword ptr fs:[00000030h]14_2_015EB73D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169070D mov eax, dword ptr fs:[00000030h]14_2_0169070D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0169070D mov eax, dword ptr fs:[00000030h]14_2_0169070D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C6730 mov eax, dword ptr fs:[00000030h]14_2_015C6730
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C6730 mov eax, dword ptr fs:[00000030h]14_2_015C6730
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C6730 mov eax, dword ptr fs:[00000030h]14_2_015C6730
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FE730 mov eax, dword ptr fs:[00000030h]14_2_015FE730
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016037F5 mov eax, dword ptr fs:[00000030h]14_2_016037F5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FD7CA mov eax, dword ptr fs:[00000030h]14_2_015FD7CA
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FD7CA mov eax, dword ptr fs:[00000030h]14_2_015FD7CA
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016987CF mov eax, dword ptr fs:[00000030h]14_2_016987CF
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E97ED mov eax, dword ptr fs:[00000030h]14_2_015E97ED
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E97ED mov eax, dword ptr fs:[00000030h]14_2_015E97ED
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E97ED mov eax, dword ptr fs:[00000030h]14_2_015E97ED
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E97ED mov eax, dword ptr fs:[00000030h]14_2_015E97ED
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E97ED mov eax, dword ptr fs:[00000030h]14_2_015E97ED
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E97ED mov eax, dword ptr fs:[00000030h]14_2_015E97ED
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E97ED mov eax, dword ptr fs:[00000030h]14_2_015E97ED
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F37EB mov eax, dword ptr fs:[00000030h]14_2_015F37EB
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F37EB mov eax, dword ptr fs:[00000030h]14_2_015F37EB
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F37EB mov eax, dword ptr fs:[00000030h]14_2_015F37EB
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F37EB mov eax, dword ptr fs:[00000030h]14_2_015F37EB
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F37EB mov eax, dword ptr fs:[00000030h]14_2_015F37EB
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F37EB mov eax, dword ptr fs:[00000030h]14_2_015F37EB
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F37EB mov eax, dword ptr fs:[00000030h]14_2_015F37EB
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016817D2 mov eax, dword ptr fs:[00000030h]14_2_016817D2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D8794 mov eax, dword ptr fs:[00000030h]14_2_015D8794
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D17B5 mov eax, dword ptr fs:[00000030h]14_2_015D17B5
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01647794 mov eax, dword ptr fs:[00000030h]14_2_01647794
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01647794 mov eax, dword ptr fs:[00000030h]14_2_01647794
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01647794 mov eax, dword ptr fs:[00000030h]14_2_01647794
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_0167F674 mov eax, dword ptr fs:[00000030h]14_2_0167F674
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4670 mov eax, dword ptr fs:[00000030h]14_2_015E4670
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4670 mov eax, dword ptr fs:[00000030h]14_2_015E4670
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4670 mov eax, dword ptr fs:[00000030h]14_2_015E4670
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E4670 mov eax, dword ptr fs:[00000030h]14_2_015E4670
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D766D mov eax, dword ptr fs:[00000030h]14_2_015D766D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01656652 mov eax, dword ptr fs:[00000030h]14_2_01656652
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FA61C mov eax, dword ptr fs:[00000030h]14_2_015FA61C
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FA61C mov eax, dword ptr fs:[00000030h]14_2_015FA61C
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015C1618 mov eax, dword ptr fs:[00000030h]14_2_015C1618
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01645623 mov eax, dword ptr fs:[00000030h]14_2_01645623
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D161A mov eax, dword ptr fs:[00000030h]14_2_015D161A
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CC600 mov eax, dword ptr fs:[00000030h]14_2_015CC600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CC600 mov eax, dword ptr fs:[00000030h]14_2_015CC600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CC600 mov eax, dword ptr fs:[00000030h]14_2_015CC600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov ecx, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov ecx, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov ecx, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov ecx, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015E5600 mov eax, dword ptr fs:[00000030h]14_2_015E5600
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_01681608 mov eax, dword ptr fs:[00000030h]14_2_01681608
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015FC63D mov eax, dword ptr fs:[00000030h]14_2_015FC63D
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CA63B mov eax, dword ptr fs:[00000030h]14_2_015CA63B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CA63B mov eax, dword ptr fs:[00000030h]14_2_015CA63B
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB62E mov eax, dword ptr fs:[00000030h]14_2_015DB62E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015DB62E mov eax, dword ptr fs:[00000030h]14_2_015DB62E
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015CE620 mov eax, dword ptr fs:[00000030h]14_2_015CE620
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F7620 mov eax, dword ptr fs:[00000030h]14_2_015F7620
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F7620 mov eax, dword ptr fs:[00000030h]14_2_015F7620
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F7620 mov eax, dword ptr fs:[00000030h]14_2_015F7620
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F7620 mov eax, dword ptr fs:[00000030h]14_2_015F7620
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F7620 mov eax, dword ptr fs:[00000030h]14_2_015F7620
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F7620 mov eax, dword ptr fs:[00000030h]14_2_015F7620
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F36CC mov eax, dword ptr fs:[00000030h]14_2_015F36CC
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov ecx, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F06C0 mov eax, dword ptr fs:[00000030h]14_2_015F06C0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015D76E2 mov eax, dword ptr fs:[00000030h]14_2_015D76E2
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_015F16E0 mov ecx, dword ptr fs:[00000030h]14_2_015F16E0
          Source: C:\Users\user\Desktop\be3a9035-6de8-4bfd-8334-a96d1f49dcae.exeCode function: 14_2_016446A7 mov eax, dword ptr fs:[000<