Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report MT103---USD42880.45---20201127--dbs--9900.exe

Overview

General Information

Sample Name:MT103---USD42880.45---20201127--dbs--9900.exe
Analysis ID:323965
MD5:d7545487bde794de42b3a655f3664c8d
SHA1:f4728d4c214b0282efc7d0779cd673d4b68e7da0
SHA256:4d39dfd975de3e9aca4e430390618b2e548db3f3d4bf2d0409f643be7da2a91e
Tags:exe

Most interesting Screenshot:

Detection

FormBook
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SMSW)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains strange resources
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.214074450.0000000004C67000.00000020.00000001.sdmpMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0xde8:$file: URL=
  • 0xdcc:$url_explicit: [InternetShortcut]
00000000.00000002.214074450.0000000004C67000.00000020.00000001.sdmpMethodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICODetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0xe14:$icon: IconFile=
  • 0xdcc:$url_explicit: [InternetShortcut]
00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    Click to see the 9 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
      1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18409:$sqlite3step: 68 34 1C 7B E1
      • 0x1851c:$sqlite3step: 68 34 1C 7B E1
      • 0x18438:$sqlite3text: 68 38 2A 90 C5
      • 0x1855d:$sqlite3text: 68 38 2A 90 C5
      • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
      0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        Click to see the 13 entries

        Sigma Overview

        No Sigma rule has matched

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for submitted fileShow sources
        Source: MT103---USD42880.45---20201127--dbs--9900.exeVirustotal: Detection: 37%Perma Link
        Source: MT103---USD42880.45---20201127--dbs--9900.exeReversingLabs: Detection: 47%
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPE
        Machine Learning detection for sampleShow sources
        Source: MT103---USD42880.45---20201127--dbs--9900.exeJoe Sandbox ML: detected
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4c50000.8.unpackAvira: Label: TR/Hijacker.Gen
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 4x nop then mov eax, dword ptr [00460BCCh]0_3_02C7896C
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 4x nop then mov eax, ecx0_3_02C78C98
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 4x nop then pop ebx1_2_00407AFB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 4x nop then pop edi1_2_0040E43D
        Source: Joe Sandbox ViewIP Address: 162.159.137.232 162.159.137.232
        Source: Joe Sandbox ViewIP Address: 162.159.129.233 162.159.129.233
        Source: unknownDNS traffic detected: queries for: discord.com
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.disc8
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discorda
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attac
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachmen
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/78183
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/781839169$
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/7818391691222
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/78183916912220570
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/781839169122205709/781839
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/781839169122205709/78183922049902
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/781839169122205709/781839220499021834/Yipmyyy
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/781839169122205709/781839220499021834x
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/781839169122205709/7818392204d
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/7H
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://discord.com/
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpString found in binary or memory: https://discord.com/V
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714

        E-Banking Fraud:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419D60 NtCreateFile,1_2_00419D60
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419E10 NtReadFile,1_2_00419E10
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419E90 NtClose,1_2_00419E90
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419F40 NtAllocateVirtualMemory,1_2_00419F40
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419D5B NtCreateFile,1_2_00419D5B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419E0A NtReadFile,1_2_00419E0A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419E8B NtClose,1_2_00419E8B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419EBA NtClose,1_2_00419EBA
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00419F3A NtAllocateVirtualMemory,1_2_00419F3A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B396E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00B396E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00B39660
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00B39860
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B3B040 NtSuspendThread,1_2_00B3B040
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B3A3B0 NtGetContextThread,1_2_00B3A3B0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B395F0 NtQueryInformationFile,1_2_00B395F0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B395D0 NtClose,1_2_00B395D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39520 NtWaitForSingleObject,1_2_00B39520
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39560 NtWriteFile,1_2_00B39560
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39540 NtReadFile,1_2_00B39540
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B396D0 NtCreateKey,1_2_00B396D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39610 NtEnumerateValueKey,1_2_00B39610
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39670 NtQueryInformationProcess,1_2_00B39670
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39650 NtQueryValueKey,1_2_00B39650
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B397A0 NtUnmapViewOfSection,1_2_00B397A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39780 NtMapViewOfSection,1_2_00B39780
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39730 NtQueryVirtualMemory,1_2_00B39730
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39710 NtQueryInformationToken,1_2_00B39710
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B3A710 NtOpenProcessToken,1_2_00B3A710
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B3A770 NtOpenThread,1_2_00B3A770
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39770 NtSetInformationFile,1_2_00B39770
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39760 NtOpenProcess,1_2_00B39760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B398A0 NtWriteVirtualMemory,1_2_00B398A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B398F0 NtReadVirtualMemory,1_2_00B398F0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39820 NtEnumerateKey,1_2_00B39820
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39840 NtDelayExecution,1_2_00B39840
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B399A0 NtCreateSection,1_2_00B399A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B399D0 NtCreateProcessEx,1_2_00B399D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39910 NtAdjustPrivilegesToken,1_2_00B39910
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39950 NtQueueApcThread,1_2_00B39950
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39A80 NtOpenDirectoryObject,1_2_00B39A80
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39A20 NtResumeThread,1_2_00B39A20
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39A10 NtQuerySection,1_2_00B39A10
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39A00 NtProtectVirtualMemory,1_2_00B39A00
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39A50 NtCreateFile,1_2_00B39A50
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39B00 NtSetValueKey,1_2_00B39B00
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B3AD30 NtSetContextThread,1_2_00B3AD30
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B39FE0 NtCreateMutant,1_2_00B39FE0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_023140000_3_02314000
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_023144FE0_3_023144FE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_02C6A4F40_3_02C6A4F4
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_004010301_2_00401030
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_0041E9721_2_0041E972
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_0041D3761_2_0041D376
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00402D891_2_00402D89
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00402D901_2_00402D90
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00409E401_2_00409E40
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00409E3B1_2_00409E3B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_0041CFA31_2_0041CFA3
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00402FB01_2_00402FB0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B220A01_2_00B220A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC20A81_2_00BC20A8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B0901_2_00B0B090
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB60F51_2_00BB60F5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2701D1_2_00B2701D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB10021_2_00BB1002
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0C1C01_2_00B0C1C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B141201_2_00B14120
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC22AE1_2_00BC22AE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC32A91_2_00BC32A9
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBE2C51_2_00BBE2C5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B2361_2_00B1B236
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AD225E1_2_00AD225E
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AD33821_2_00AD3382
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2138B1_2_00B2138B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BA23E31_2_00BA23E3
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB03DA1_2_00BB03DA
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB231B1_2_00BB231B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A3091_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AD337D1_2_00AD337D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B133601_2_00B13360
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AD94B81_2_00AD94B8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB44961_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B124301_2_00B12430
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0841F1_2_00B0841F
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B4771_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBD4661_2_00BBD466
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B265A01_2_00B265A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B225811_2_00B22581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0D5E01_2_00B0D5E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC25DD1_2_00BC25DD
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C01_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBD6161_2_00BBD616
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B156001_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF96601_2_00AF9660
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB67E21_2_00BB67E2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF88E01_2_00AF88E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC28EC1_2_00BC28EC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A8301_2_00B1A830
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BCE8241_2_00BCE824
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF68001_2_00AF6800
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B199BF1_2_00B199BF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B129901_2_00B12990
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B019151_2_00B01915
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFF9001_2_00AFF900
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4AEF1_2_00BB4AEF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BAFA2B1_2_00BAFA2B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB5A4F1_2_00BB5A4F
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2EBB01_2_00B2EBB0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1EB9A1_2_00B1EB9A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B9EB8A1_2_00B9EB8A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B48BE81_2_00B48BE8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBDBD21_2_00BBDBD2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2ABD81_2_00B2ABD8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC2B281_2_00BC2B28
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1AB401_2_00B1AB40
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B9CB4F1_2_00B9CB4F
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B04CEC1_2_00B04CEC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B24CD41_2_00B24CD4
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBCC771_2_00BBCC77
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB2D821_2_00BB2D82
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF0D201_2_00AF0D20
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC2D071_2_00BC2D07
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B12D501_2_00B12D50
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC1D551_2_00BC1D55
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BA1EB61_2_00BA1EB6
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC2EF71_2_00BC2EF7
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B16E301_2_00B16E30
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B7AE601_2_00B7AE60
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC1FF11_2_00BC1FF1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BCDFCE1_2_00BCDFCE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: String function: 00B4D08C appears 55 times
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: String function: 00B85720 appears 85 times
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: String function: 00AFB150 appears 177 times
        Source: MT103---USD42880.45---20201127--dbs--9900.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
        Source: MT103---USD42880.45---20201127--dbs--9900.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213987933.0000000004BE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs MT103---USD42880.45---20201127--dbs--9900.exe
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.212592770.0000000002500000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs MT103---USD42880.45---20201127--dbs--9900.exe
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213608327.0000000002F60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs MT103---USD42880.45---20201127--dbs--9900.exe
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.214005915.0000000004C10000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs MT103---USD42880.45---20201127--dbs--9900.exe
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213601876.0000000002F50000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamecomctl32.DLL.MUIj% vs MT103---USD42880.45---20201127--dbs--9900.exe
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.214013653.0000000004C20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs MT103---USD42880.45---20201127--dbs--9900.exe
        Source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000001.00000002.213736069.0000000000BEF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs MT103---USD42880.45---20201127--dbs--9900.exe
        Source: 00000000.00000002.214074450.0000000004C67000.00000020.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
        Source: 00000000.00000002.214074450.0000000004C67000.00000020.00000001.sdmp, type: MEMORYMatched rule: Methodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICO author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/ItsReallyNick/status/1176229087196696577, score = 27.09.2019
        Source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: classification engineClassification label: mal84.troj.evad.winEXE@3/0@2/2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: MT103---USD42880.45---20201127--dbs--9900.exeVirustotal: Detection: 37%
        Source: MT103---USD42880.45---20201127--dbs--9900.exeReversingLabs: Detection: 47%
        Source: unknownProcess created: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe 'C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe'
        Source: unknownProcess created: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeProcess created: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeJump to behavior
        Source: MT103---USD42880.45---20201127--dbs--9900.exeStatic file information: File size 1289728 > 1048576
        Source: Binary string: wntdll.pdbUGP source: MT103---USD42880.45---20201127--dbs--9900.exe, 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp
        Source: Binary string: wntdll.pdb source: MT103---USD42880.45---20201127--dbs--9900.exe

        Data Obfuscation:

        barindex
        Detected unpacking (changes PE section rights)Show sources
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeUnpacked PE file: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239B338 push esi; retf 0_3_0239B33C
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239943F push edi; ret 0_3_0239944C
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C137 push esi; retf 0_3_0239C146
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239D536 push esi; retf 0_3_0239D537
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_02399C23 push ebx; ret 0_3_02399C39
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C724 push esi; retf 0_3_0239C819
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239D61B push esi; retf 0_3_0239D621
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C81F push esi; retf 0_3_0239C822
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_02399E14 push ebx; ret 0_3_02399E16
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239D207 push esi; retf 0_3_0239D211
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239D607 push esi; retf 0_3_0239D615
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239B178 push esi; retf 0_3_0239B1A8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239997C push ebx; ret 0_3_02399987
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239926C push esi; retf 0_3_02399272
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_02399A6C push esi; retf 0_3_02399A70
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239D153 push esi; retf 0_3_0239D201
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239D24E push esi; retf 0_3_0239D24F
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239A7B0 push esi; retf 0_3_0239A7D8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239B0B3 push esi; retf 0_3_0239B16C
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C1A9 push esi; retf 0_3_0239C1EB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239949D push ebx; ret 0_3_0239949F
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C49C push esi; retf 0_3_0239C4BC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239A392 push edi; iretd 0_3_0239A393
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239B287 push esi; retf 0_3_0239B288
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C2FC push esi; retf 0_3_0239C393
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_02399EE9 push ebx; ret 0_3_02399EEB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C4EF push esi; retf 0_3_0239C4F1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239B5E4 push esi; retf 0_3_0239B5E5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C5D6 push esi; retf 0_3_0239C5FE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_0239C3C2 push esi; retf 0_3_0239C3CF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 0_3_02C62ADC push ecx; mov dword ptr [esp], edx0_3_02C62AE0

        Malware Analysis System Evasion:

        barindex
        Tries to detect virtualization through RDTSC time measurementsShow sources
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_004163C0 smsw ebx1_2_004163C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B396E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00B396E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2F0BF mov ecx, dword ptr fs:[00000030h]1_2_00B2F0BF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2F0BF mov eax, dword ptr fs:[00000030h]1_2_00B2F0BF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2F0BF mov eax, dword ptr fs:[00000030h]1_2_00B2F0BF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B220A0 mov eax, dword ptr fs:[00000030h]1_2_00B220A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B220A0 mov eax, dword ptr fs:[00000030h]1_2_00B220A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B220A0 mov eax, dword ptr fs:[00000030h]1_2_00B220A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B220A0 mov eax, dword ptr fs:[00000030h]1_2_00B220A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B220A0 mov eax, dword ptr fs:[00000030h]1_2_00B220A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B220A0 mov eax, dword ptr fs:[00000030h]1_2_00B220A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B390AF mov eax, dword ptr fs:[00000030h]1_2_00B390AF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9080 mov eax, dword ptr fs:[00000030h]1_2_00AF9080
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB080 mov eax, dword ptr fs:[00000030h]1_2_00AFB080
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF40E1 mov eax, dword ptr fs:[00000030h]1_2_00AF40E1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF40E1 mov eax, dword ptr fs:[00000030h]1_2_00AF40E1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF40E1 mov eax, dword ptr fs:[00000030h]1_2_00AF40E1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB60F5 mov eax, dword ptr fs:[00000030h]1_2_00BB60F5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB60F5 mov eax, dword ptr fs:[00000030h]1_2_00BB60F5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB60F5 mov eax, dword ptr fs:[00000030h]1_2_00BB60F5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB60F5 mov eax, dword ptr fs:[00000030h]1_2_00BB60F5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF70C0 mov eax, dword ptr fs:[00000030h]1_2_00AF70C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF70C0 mov eax, dword ptr fs:[00000030h]1_2_00AF70C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB0C7 mov eax, dword ptr fs:[00000030h]1_2_00BBB0C7
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB0C7 mov eax, dword ptr fs:[00000030h]1_2_00BBB0C7
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B24020 mov edi, dword ptr fs:[00000030h]1_2_00B24020
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B02A mov eax, dword ptr fs:[00000030h]1_2_00B0B02A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B02A mov eax, dword ptr fs:[00000030h]1_2_00B0B02A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B02A mov eax, dword ptr fs:[00000030h]1_2_00B0B02A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B02A mov eax, dword ptr fs:[00000030h]1_2_00B0B02A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2002D mov eax, dword ptr fs:[00000030h]1_2_00B2002D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2002D mov eax, dword ptr fs:[00000030h]1_2_00B2002D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2002D mov eax, dword ptr fs:[00000030h]1_2_00B2002D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2002D mov eax, dword ptr fs:[00000030h]1_2_00B2002D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2002D mov eax, dword ptr fs:[00000030h]1_2_00B2002D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B77016 mov eax, dword ptr fs:[00000030h]1_2_00B77016
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B77016 mov eax, dword ptr fs:[00000030h]1_2_00B77016
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B77016 mov eax, dword ptr fs:[00000030h]1_2_00B77016
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B83019 mov eax, dword ptr fs:[00000030h]1_2_00B83019
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC4015 mov eax, dword ptr fs:[00000030h]1_2_00BC4015
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC4015 mov eax, dword ptr fs:[00000030h]1_2_00BC4015
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2701D mov eax, dword ptr fs:[00000030h]1_2_00B2701D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2701D mov eax, dword ptr fs:[00000030h]1_2_00B2701D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2701D mov eax, dword ptr fs:[00000030h]1_2_00B2701D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2701D mov eax, dword ptr fs:[00000030h]1_2_00B2701D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2701D mov eax, dword ptr fs:[00000030h]1_2_00B2701D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2701D mov eax, dword ptr fs:[00000030h]1_2_00B2701D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB2073 mov eax, dword ptr fs:[00000030h]1_2_00BB2073
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC1074 mov eax, dword ptr fs:[00000030h]1_2_00BC1074
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B10050 mov eax, dword ptr fs:[00000030h]1_2_00B10050
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B10050 mov eax, dword ptr fs:[00000030h]1_2_00B10050
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF7057 mov eax, dword ptr fs:[00000030h]1_2_00AF7057
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF5050 mov eax, dword ptr fs:[00000030h]1_2_00AF5050
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF5050 mov eax, dword ptr fs:[00000030h]1_2_00AF5050
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF5050 mov eax, dword ptr fs:[00000030h]1_2_00AF5050
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B751BE mov eax, dword ptr fs:[00000030h]1_2_00B751BE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B751BE mov eax, dword ptr fs:[00000030h]1_2_00B751BE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B751BE mov eax, dword ptr fs:[00000030h]1_2_00B751BE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B751BE mov eax, dword ptr fs:[00000030h]1_2_00B751BE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BCF1B5 mov eax, dword ptr fs:[00000030h]1_2_00BCF1B5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BCF1B5 mov eax, dword ptr fs:[00000030h]1_2_00BCF1B5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B261A0 mov eax, dword ptr fs:[00000030h]1_2_00B261A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B261A0 mov eax, dword ptr fs:[00000030h]1_2_00B261A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B061A7 mov eax, dword ptr fs:[00000030h]1_2_00B061A7
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B061A7 mov eax, dword ptr fs:[00000030h]1_2_00B061A7
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B061A7 mov eax, dword ptr fs:[00000030h]1_2_00B061A7
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B061A7 mov eax, dword ptr fs:[00000030h]1_2_00B061A7
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B24190 mov eax, dword ptr fs:[00000030h]1_2_00B24190
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF519E mov eax, dword ptr fs:[00000030h]1_2_00AF519E
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF519E mov ecx, dword ptr fs:[00000030h]1_2_00AF519E
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBA189 mov eax, dword ptr fs:[00000030h]1_2_00BBA189
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBA189 mov ecx, dword ptr fs:[00000030h]1_2_00BBA189
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1C182 mov eax, dword ptr fs:[00000030h]1_2_00B1C182
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2A185 mov eax, dword ptr fs:[00000030h]1_2_00B2A185
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8190 mov ecx, dword ptr fs:[00000030h]1_2_00AF8190
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8D1F9 mov eax, dword ptr fs:[00000030h]1_2_00B8D1F9
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB1E1 mov eax, dword ptr fs:[00000030h]1_2_00AFB1E1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB1E1 mov eax, dword ptr fs:[00000030h]1_2_00AFB1E1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB1E1 mov eax, dword ptr fs:[00000030h]1_2_00AFB1E1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF31E0 mov eax, dword ptr fs:[00000030h]1_2_00AF31E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B841E8 mov eax, dword ptr fs:[00000030h]1_2_00B841E8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1D1EF mov eax, dword ptr fs:[00000030h]1_2_00B1D1EF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov ecx, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov ecx, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB31DC mov eax, dword ptr fs:[00000030h]1_2_00BB31DC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0C1C0 mov eax, dword ptr fs:[00000030h]1_2_00B0C1C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2513A mov eax, dword ptr fs:[00000030h]1_2_00B2513A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2513A mov eax, dword ptr fs:[00000030h]1_2_00B2513A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14120 mov eax, dword ptr fs:[00000030h]1_2_00B14120
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14120 mov eax, dword ptr fs:[00000030h]1_2_00B14120
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14120 mov eax, dword ptr fs:[00000030h]1_2_00B14120
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14120 mov eax, dword ptr fs:[00000030h]1_2_00B14120
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14120 mov ecx, dword ptr fs:[00000030h]1_2_00B14120
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF3138 mov ecx, dword ptr fs:[00000030h]1_2_00AF3138
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9100 mov eax, dword ptr fs:[00000030h]1_2_00AF9100
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9100 mov eax, dword ptr fs:[00000030h]1_2_00AF9100
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9100 mov eax, dword ptr fs:[00000030h]1_2_00AF9100
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B00100 mov eax, dword ptr fs:[00000030h]1_2_00B00100
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B00100 mov eax, dword ptr fs:[00000030h]1_2_00B00100
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B00100 mov eax, dword ptr fs:[00000030h]1_2_00B00100
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB171 mov eax, dword ptr fs:[00000030h]1_2_00AFB171
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB171 mov eax, dword ptr fs:[00000030h]1_2_00AFB171
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF52A5 mov eax, dword ptr fs:[00000030h]1_2_00AF52A5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF52A5 mov eax, dword ptr fs:[00000030h]1_2_00AF52A5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF52A5 mov eax, dword ptr fs:[00000030h]1_2_00AF52A5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF52A5 mov eax, dword ptr fs:[00000030h]1_2_00AF52A5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF52A5 mov eax, dword ptr fs:[00000030h]1_2_00AF52A5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B212BD mov esi, dword ptr fs:[00000030h]1_2_00B212BD
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B212BD mov eax, dword ptr fs:[00000030h]1_2_00B212BD
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B212BD mov eax, dword ptr fs:[00000030h]1_2_00B212BD
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B062A0 mov eax, dword ptr fs:[00000030h]1_2_00B062A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B062A0 mov eax, dword ptr fs:[00000030h]1_2_00B062A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B062A0 mov eax, dword ptr fs:[00000030h]1_2_00B062A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B062A0 mov eax, dword ptr fs:[00000030h]1_2_00B062A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB129A mov eax, dword ptr fs:[00000030h]1_2_00BB129A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2D294 mov eax, dword ptr fs:[00000030h]1_2_00B2D294
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2D294 mov eax, dword ptr fs:[00000030h]1_2_00B2D294
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB2E8 mov eax, dword ptr fs:[00000030h]1_2_00BBB2E8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB2E8 mov eax, dword ptr fs:[00000030h]1_2_00BBB2E8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB2E8 mov eax, dword ptr fs:[00000030h]1_2_00BBB2E8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB2E8 mov eax, dword ptr fs:[00000030h]1_2_00BBB2E8
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF12D4 mov eax, dword ptr fs:[00000030h]1_2_00AF12D4
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B236 mov eax, dword ptr fs:[00000030h]1_2_00B1B236
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B236 mov eax, dword ptr fs:[00000030h]1_2_00B1B236
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B236 mov eax, dword ptr fs:[00000030h]1_2_00B1B236
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B236 mov eax, dword ptr fs:[00000030h]1_2_00B1B236
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B236 mov eax, dword ptr fs:[00000030h]1_2_00B1B236
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B236 mov eax, dword ptr fs:[00000030h]1_2_00B1B236
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB1229 mov eax, dword ptr fs:[00000030h]1_2_00BB1229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8239 mov eax, dword ptr fs:[00000030h]1_2_00AF8239
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8239 mov eax, dword ptr fs:[00000030h]1_2_00AF8239
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8239 mov eax, dword ptr fs:[00000030h]1_2_00AF8239
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A229 mov eax, dword ptr fs:[00000030h]1_2_00B1A229
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB233 mov eax, dword ptr fs:[00000030h]1_2_00AFB233
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB233 mov eax, dword ptr fs:[00000030h]1_2_00AFB233
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF5210 mov eax, dword ptr fs:[00000030h]1_2_00AF5210
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF5210 mov ecx, dword ptr fs:[00000030h]1_2_00AF5210
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF5210 mov eax, dword ptr fs:[00000030h]1_2_00AF5210
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF5210 mov eax, dword ptr fs:[00000030h]1_2_00AF5210
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B3927A mov eax, dword ptr fs:[00000030h]1_2_00B3927A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BAB260 mov eax, dword ptr fs:[00000030h]1_2_00BAB260
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BAB260 mov eax, dword ptr fs:[00000030h]1_2_00BAB260
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B84257 mov eax, dword ptr fs:[00000030h]1_2_00B84257
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9240 mov eax, dword ptr fs:[00000030h]1_2_00AF9240
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9240 mov eax, dword ptr fs:[00000030h]1_2_00AF9240
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9240 mov eax, dword ptr fs:[00000030h]1_2_00AF9240
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9240 mov eax, dword ptr fs:[00000030h]1_2_00AF9240
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2B390 mov eax, dword ptr fs:[00000030h]1_2_00B2B390
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B22397 mov eax, dword ptr fs:[00000030h]1_2_00B22397
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB138A mov eax, dword ptr fs:[00000030h]1_2_00BB138A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2138B mov eax, dword ptr fs:[00000030h]1_2_00B2138B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2138B mov eax, dword ptr fs:[00000030h]1_2_00B2138B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2138B mov eax, dword ptr fs:[00000030h]1_2_00B2138B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BAD380 mov ecx, dword ptr fs:[00000030h]1_2_00BAD380
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B203E2 mov eax, dword ptr fs:[00000030h]1_2_00B203E2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B203E2 mov eax, dword ptr fs:[00000030h]1_2_00B203E2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B203E2 mov eax, dword ptr fs:[00000030h]1_2_00B203E2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B203E2 mov eax, dword ptr fs:[00000030h]1_2_00B203E2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B203E2 mov eax, dword ptr fs:[00000030h]1_2_00B203E2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B203E2 mov eax, dword ptr fs:[00000030h]1_2_00B203E2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BA23E3 mov ecx, dword ptr fs:[00000030h]1_2_00BA23E3
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BA23E3 mov ecx, dword ptr fs:[00000030h]1_2_00BA23E3
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BA23E3 mov eax, dword ptr fs:[00000030h]1_2_00BA23E3
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B253C5 mov eax, dword ptr fs:[00000030h]1_2_00B253C5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B753CA mov eax, dword ptr fs:[00000030h]1_2_00B753CA
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B753CA mov eax, dword ptr fs:[00000030h]1_2_00B753CA
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB131B mov eax, dword ptr fs:[00000030h]1_2_00BB131B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A309 mov eax, dword ptr fs:[00000030h]1_2_00B1A309
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0F370 mov eax, dword ptr fs:[00000030h]1_2_00B0F370
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0F370 mov eax, dword ptr fs:[00000030h]1_2_00B0F370
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0F370 mov eax, dword ptr fs:[00000030h]1_2_00B0F370
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B86365 mov eax, dword ptr fs:[00000030h]1_2_00B86365
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B86365 mov eax, dword ptr fs:[00000030h]1_2_00B86365
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B86365 mov eax, dword ptr fs:[00000030h]1_2_00B86365
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFF358 mov eax, dword ptr fs:[00000030h]1_2_00AFF358
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B034B1 mov eax, dword ptr fs:[00000030h]1_2_00B034B1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B034B1 mov eax, dword ptr fs:[00000030h]1_2_00B034B1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2D4B0 mov eax, dword ptr fs:[00000030h]1_2_00B2D4B0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B864B5 mov eax, dword ptr fs:[00000030h]1_2_00B864B5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B864B5 mov eax, dword ptr fs:[00000030h]1_2_00B864B5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B834A0 mov eax, dword ptr fs:[00000030h]1_2_00B834A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B834A0 mov eax, dword ptr fs:[00000030h]1_2_00B834A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B834A0 mov eax, dword ptr fs:[00000030h]1_2_00B834A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B014A9 mov eax, dword ptr fs:[00000030h]1_2_00B014A9
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B014A9 mov ecx, dword ptr fs:[00000030h]1_2_00B014A9
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0849B mov eax, dword ptr fs:[00000030h]1_2_00B0849B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB4496 mov eax, dword ptr fs:[00000030h]1_2_00BB4496
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF1480 mov eax, dword ptr fs:[00000030h]1_2_00AF1480
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF649B mov eax, dword ptr fs:[00000030h]1_2_00AF649B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF649B mov eax, dword ptr fs:[00000030h]1_2_00AF649B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB14FB mov eax, dword ptr fs:[00000030h]1_2_00BB14FB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B284E0 mov eax, dword ptr fs:[00000030h]1_2_00B284E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B284E0 mov eax, dword ptr fs:[00000030h]1_2_00B284E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B284E0 mov eax, dword ptr fs:[00000030h]1_2_00B284E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B284E0 mov eax, dword ptr fs:[00000030h]1_2_00B284E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B284E0 mov eax, dword ptr fs:[00000030h]1_2_00B284E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B284E0 mov eax, dword ptr fs:[00000030h]1_2_00B284E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B12430 mov eax, dword ptr fs:[00000030h]1_2_00B12430
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B12430 mov eax, dword ptr fs:[00000030h]1_2_00B12430
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B433 mov eax, dword ptr fs:[00000030h]1_2_00B0B433
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B433 mov eax, dword ptr fs:[00000030h]1_2_00B0B433
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B433 mov eax, dword ptr fs:[00000030h]1_2_00B0B433
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF4439 mov eax, dword ptr fs:[00000030h]1_2_00AF4439
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC740D mov eax, dword ptr fs:[00000030h]1_2_00BC740D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC740D mov eax, dword ptr fs:[00000030h]1_2_00BC740D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC740D mov eax, dword ptr fs:[00000030h]1_2_00BC740D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8410 mov eax, dword ptr fs:[00000030h]1_2_00AF8410
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B477 mov eax, dword ptr fs:[00000030h]1_2_00B1B477
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8466 mov eax, dword ptr fs:[00000030h]1_2_00AF8466
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8466 mov eax, dword ptr fs:[00000030h]1_2_00AF8466
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1746D mov eax, dword ptr fs:[00000030h]1_2_00B1746D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8C450 mov eax, dword ptr fs:[00000030h]1_2_00B8C450
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8C450 mov eax, dword ptr fs:[00000030h]1_2_00B8C450
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC8450 mov eax, dword ptr fs:[00000030h]1_2_00BC8450
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2A44B mov eax, dword ptr fs:[00000030h]1_2_00B2A44B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9450 mov eax, dword ptr fs:[00000030h]1_2_00AF9450
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC05AC mov eax, dword ptr fs:[00000030h]1_2_00BC05AC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC05AC mov eax, dword ptr fs:[00000030h]1_2_00BC05AC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B265A0 mov eax, dword ptr fs:[00000030h]1_2_00B265A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B265A0 mov eax, dword ptr fs:[00000030h]1_2_00B265A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B265A0 mov eax, dword ptr fs:[00000030h]1_2_00B265A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B235A1 mov eax, dword ptr fs:[00000030h]1_2_00B235A1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B22581 mov eax, dword ptr fs:[00000030h]1_2_00B22581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B22581 mov eax, dword ptr fs:[00000030h]1_2_00B22581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B22581 mov eax, dword ptr fs:[00000030h]1_2_00B22581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B22581 mov eax, dword ptr fs:[00000030h]1_2_00B22581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB581 mov eax, dword ptr fs:[00000030h]1_2_00BBB581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB581 mov eax, dword ptr fs:[00000030h]1_2_00BBB581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB581 mov eax, dword ptr fs:[00000030h]1_2_00BBB581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBB581 mov eax, dword ptr fs:[00000030h]1_2_00BBB581
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF3591 mov eax, dword ptr fs:[00000030h]1_2_00AF3591
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0D5E0 mov eax, dword ptr fs:[00000030h]1_2_00B0D5E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0D5E0 mov eax, dword ptr fs:[00000030h]1_2_00B0D5E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B295EC mov eax, dword ptr fs:[00000030h]1_2_00B295EC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF95F0 mov eax, dword ptr fs:[00000030h]1_2_00AF95F0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF95F0 mov ecx, dword ptr fs:[00000030h]1_2_00AF95F0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF15C1 mov eax, dword ptr fs:[00000030h]1_2_00AF15C1
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B7A537 mov eax, dword ptr fs:[00000030h]1_2_00B7A537
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BBE539 mov eax, dword ptr fs:[00000030h]1_2_00BBE539
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2F527 mov eax, dword ptr fs:[00000030h]1_2_00B2F527
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2F527 mov eax, dword ptr fs:[00000030h]1_2_00B2F527
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2F527 mov eax, dword ptr fs:[00000030h]1_2_00B2F527
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB3518 mov eax, dword ptr fs:[00000030h]1_2_00BB3518
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB3518 mov eax, dword ptr fs:[00000030h]1_2_00BB3518
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB3518 mov eax, dword ptr fs:[00000030h]1_2_00BB3518
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF751A mov eax, dword ptr fs:[00000030h]1_2_00AF751A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF751A mov eax, dword ptr fs:[00000030h]1_2_00AF751A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF751A mov eax, dword ptr fs:[00000030h]1_2_00AF751A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF751A mov eax, dword ptr fs:[00000030h]1_2_00AF751A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF9515 mov ecx, dword ptr fs:[00000030h]1_2_00AF9515
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1C577 mov eax, dword ptr fs:[00000030h]1_2_00B1C577
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1C577 mov eax, dword ptr fs:[00000030h]1_2_00B1C577
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF354C mov eax, dword ptr fs:[00000030h]1_2_00AF354C
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF354C mov eax, dword ptr fs:[00000030h]1_2_00AF354C
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB540 mov eax, dword ptr fs:[00000030h]1_2_00AFB540
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFB540 mov eax, dword ptr fs:[00000030h]1_2_00AFB540
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B73540 mov eax, dword ptr fs:[00000030h]1_2_00B73540
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB56B6 mov eax, dword ptr fs:[00000030h]1_2_00BB56B6
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB56B6 mov eax, dword ptr fs:[00000030h]1_2_00BB56B6
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF86A0 mov eax, dword ptr fs:[00000030h]1_2_00AF86A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B746A7 mov eax, dword ptr fs:[00000030h]1_2_00B746A7
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B216E0 mov ecx, dword ptr fs:[00000030h]1_2_00B216E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B076E2 mov eax, dword ptr fs:[00000030h]1_2_00B076E2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov ecx, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B206C0 mov eax, dword ptr fs:[00000030h]1_2_00B206C0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B236CC mov eax, dword ptr fs:[00000030h]1_2_00B236CC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFE620 mov eax, dword ptr fs:[00000030h]1_2_00AFE620
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2C63D mov eax, dword ptr fs:[00000030h]1_2_00B2C63D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B27620 mov eax, dword ptr fs:[00000030h]1_2_00B27620
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B27620 mov eax, dword ptr fs:[00000030h]1_2_00B27620
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B27620 mov eax, dword ptr fs:[00000030h]1_2_00B27620
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B27620 mov eax, dword ptr fs:[00000030h]1_2_00B27620
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B27620 mov eax, dword ptr fs:[00000030h]1_2_00B27620
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B27620 mov eax, dword ptr fs:[00000030h]1_2_00B27620
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFA63B mov eax, dword ptr fs:[00000030h]1_2_00AFA63B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFA63B mov eax, dword ptr fs:[00000030h]1_2_00AFA63B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B75623 mov eax, dword ptr fs:[00000030h]1_2_00B75623
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B62E mov eax, dword ptr fs:[00000030h]1_2_00B0B62E
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0B62E mov eax, dword ptr fs:[00000030h]1_2_00B0B62E
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0161A mov eax, dword ptr fs:[00000030h]1_2_00B0161A
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2A61C mov eax, dword ptr fs:[00000030h]1_2_00B2A61C
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2A61C mov eax, dword ptr fs:[00000030h]1_2_00B2A61C
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFC600 mov eax, dword ptr fs:[00000030h]1_2_00AFC600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFC600 mov eax, dword ptr fs:[00000030h]1_2_00AFC600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFC600 mov eax, dword ptr fs:[00000030h]1_2_00AFC600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov ecx, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov ecx, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov ecx, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov ecx, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B15600 mov eax, dword ptr fs:[00000030h]1_2_00B15600
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB1608 mov eax, dword ptr fs:[00000030h]1_2_00BB1608
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF1618 mov eax, dword ptr fs:[00000030h]1_2_00AF1618
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14670 mov eax, dword ptr fs:[00000030h]1_2_00B14670
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14670 mov eax, dword ptr fs:[00000030h]1_2_00B14670
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14670 mov eax, dword ptr fs:[00000030h]1_2_00B14670
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B14670 mov eax, dword ptr fs:[00000030h]1_2_00B14670
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B0766D mov eax, dword ptr fs:[00000030h]1_2_00B0766D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B86652 mov eax, dword ptr fs:[00000030h]1_2_00B86652
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B017B5 mov eax, dword ptr fs:[00000030h]1_2_00B017B5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B77794 mov eax, dword ptr fs:[00000030h]1_2_00B77794
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B77794 mov eax, dword ptr fs:[00000030h]1_2_00B77794
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B77794 mov eax, dword ptr fs:[00000030h]1_2_00B77794
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B08794 mov eax, dword ptr fs:[00000030h]1_2_00B08794
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B337F5 mov eax, dword ptr fs:[00000030h]1_2_00B337F5
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B237EB mov eax, dword ptr fs:[00000030h]1_2_00B237EB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B237EB mov eax, dword ptr fs:[00000030h]1_2_00B237EB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B237EB mov eax, dword ptr fs:[00000030h]1_2_00B237EB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B237EB mov eax, dword ptr fs:[00000030h]1_2_00B237EB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B237EB mov eax, dword ptr fs:[00000030h]1_2_00B237EB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B237EB mov eax, dword ptr fs:[00000030h]1_2_00B237EB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B237EB mov eax, dword ptr fs:[00000030h]1_2_00B237EB
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B197ED mov eax, dword ptr fs:[00000030h]1_2_00B197ED
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B197ED mov eax, dword ptr fs:[00000030h]1_2_00B197ED
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B197ED mov eax, dword ptr fs:[00000030h]1_2_00B197ED
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B197ED mov eax, dword ptr fs:[00000030h]1_2_00B197ED
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B197ED mov eax, dword ptr fs:[00000030h]1_2_00B197ED
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B197ED mov eax, dword ptr fs:[00000030h]1_2_00B197ED
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B197ED mov eax, dword ptr fs:[00000030h]1_2_00B197ED
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB17D2 mov eax, dword ptr fs:[00000030h]1_2_00BB17D2
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC87CF mov eax, dword ptr fs:[00000030h]1_2_00BC87CF
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2D7CA mov eax, dword ptr fs:[00000030h]1_2_00B2D7CA
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2D7CA mov eax, dword ptr fs:[00000030h]1_2_00B2D7CA
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2E730 mov eax, dword ptr fs:[00000030h]1_2_00B2E730
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B73D mov eax, dword ptr fs:[00000030h]1_2_00B1B73D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B73D mov eax, dword ptr fs:[00000030h]1_2_00B1B73D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF6730 mov eax, dword ptr fs:[00000030h]1_2_00AF6730
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF6730 mov eax, dword ptr fs:[00000030h]1_2_00AF6730
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF6730 mov eax, dword ptr fs:[00000030h]1_2_00AF6730
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B24710 mov eax, dword ptr fs:[00000030h]1_2_00B24710
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1F716 mov eax, dword ptr fs:[00000030h]1_2_00B1F716
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2D715 mov eax, dword ptr fs:[00000030h]1_2_00B2D715
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2D715 mov eax, dword ptr fs:[00000030h]1_2_00B2D715
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC070D mov eax, dword ptr fs:[00000030h]1_2_00BC070D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC070D mov eax, dword ptr fs:[00000030h]1_2_00BC070D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2C707 mov eax, dword ptr fs:[00000030h]1_2_00B2C707
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2C707 mov ecx, dword ptr fs:[00000030h]1_2_00B2C707
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2C707 mov eax, dword ptr fs:[00000030h]1_2_00B2C707
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2A70E mov eax, dword ptr fs:[00000030h]1_2_00B2A70E
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2A70E mov eax, dword ptr fs:[00000030h]1_2_00B2A70E
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov ecx, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF8760 mov eax, dword ptr fs:[00000030h]1_2_00AF8760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1E760 mov eax, dword ptr fs:[00000030h]1_2_00B1E760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1E760 mov eax, dword ptr fs:[00000030h]1_2_00B1E760
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB1751 mov eax, dword ptr fs:[00000030h]1_2_00BB1751
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AFA745 mov eax, dword ptr fs:[00000030h]1_2_00AFA745
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B278A0 mov eax, dword ptr fs:[00000030h]1_2_00B278A0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028AE mov eax, dword ptr fs:[00000030h]1_2_00B028AE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028AE mov eax, dword ptr fs:[00000030h]1_2_00B028AE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028AE mov eax, dword ptr fs:[00000030h]1_2_00B028AE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028AE mov ecx, dword ptr fs:[00000030h]1_2_00B028AE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028AE mov eax, dword ptr fs:[00000030h]1_2_00B028AE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028AE mov eax, dword ptr fs:[00000030h]1_2_00B028AE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF3880 mov eax, dword ptr fs:[00000030h]1_2_00AF3880
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF3880 mov eax, dword ptr fs:[00000030h]1_2_00AF3880
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B73884 mov eax, dword ptr fs:[00000030h]1_2_00B73884
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B73884 mov eax, dword ptr fs:[00000030h]1_2_00B73884
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BC98FE mov eax, dword ptr fs:[00000030h]1_2_00BC98FE
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF58EC mov eax, dword ptr fs:[00000030h]1_2_00AF58EC
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028FD mov eax, dword ptr fs:[00000030h]1_2_00B028FD
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028FD mov eax, dword ptr fs:[00000030h]1_2_00B028FD
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B028FD mov eax, dword ptr fs:[00000030h]1_2_00B028FD
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF88E0 mov eax, dword ptr fs:[00000030h]1_2_00AF88E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF88E0 mov eax, dword ptr fs:[00000030h]1_2_00AF88E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF88E0 mov eax, dword ptr fs:[00000030h]1_2_00AF88E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF88E0 mov eax, dword ptr fs:[00000030h]1_2_00AF88E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF88E0 mov eax, dword ptr fs:[00000030h]1_2_00AF88E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF88E0 mov eax, dword ptr fs:[00000030h]1_2_00AF88E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF88E0 mov eax, dword ptr fs:[00000030h]1_2_00AF88E0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B8E4 mov eax, dword ptr fs:[00000030h]1_2_00B1B8E4
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1B8E4 mov eax, dword ptr fs:[00000030h]1_2_00B1B8E4
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B8B8D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00B8B8D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B8B8D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B8B8D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B8B8D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B8B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B8B8D0
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB18CA mov eax, dword ptr fs:[00000030h]1_2_00BB18CA
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF78D6 mov eax, dword ptr fs:[00000030h]1_2_00AF78D6
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF78D6 mov eax, dword ptr fs:[00000030h]1_2_00AF78D6
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF78D6 mov ecx, dword ptr fs:[00000030h]1_2_00AF78D6
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A830 mov eax, dword ptr fs:[00000030h]1_2_00B1A830
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A830 mov eax, dword ptr fs:[00000030h]1_2_00B1A830
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A830 mov eax, dword ptr fs:[00000030h]1_2_00B1A830
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1A830 mov eax, dword ptr fs:[00000030h]1_2_00B1A830
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF6800 mov eax, dword ptr fs:[00000030h]1_2_00AF6800
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF6800 mov eax, dword ptr fs:[00000030h]1_2_00AF6800
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF6800 mov eax, dword ptr fs:[00000030h]1_2_00AF6800
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF381B mov eax, dword ptr fs:[00000030h]1_2_00AF381B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00AF381B mov eax, dword ptr fs:[00000030h]1_2_00AF381B
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B1F86D mov eax, dword ptr fs:[00000030h]1_2_00B1F86D
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00BB1843 mov eax, dword ptr fs:[00000030h]1_2_00BB1843
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeCode function: 1_2_00B2C9BF mov eax, dword ptr fs:[00000030h]1_2_00B2C9BF

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeMemory written: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeProcess created: C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exeJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack, type: UNPACKEDPE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection111Virtualization/Sandbox Evasion2OS Credential DumpingSecurity Software Discovery12Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection111LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing11LSA SecretsSystem Information Discovery11SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        MT103---USD42880.45---20201127--dbs--9900.exe37%VirustotalBrowse
        MT103---USD42880.45---20201127--dbs--9900.exe48%ReversingLabsWin32.Trojan.Strictor
        MT103---USD42880.45---20201127--dbs--9900.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        1.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4c50000.8.unpack100%AviraTR/Hijacker.GenDownload File
        0.2.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack100%AviraHEUR/AGEN.1108767Download File
        0.2.MT103---USD42880.45---20201127--dbs--9900.exe.4cc0000.9.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        1.1.MT103---USD42880.45---20201127--dbs--9900.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        0.2.MT103---USD42880.45---20201127--dbs--9900.exe.2590000.2.unpack100%AviraHEUR/AGEN.1108768Download File

        Domains

        SourceDetectionScannerLabelLink
        discord.com1%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://discord.com/V0%Avira URL Cloudsafe
        https://cdn.discorda0%Avira URL Cloudsafe
        https://discord.com/0%URL Reputationsafe
        https://discord.com/0%URL Reputationsafe
        https://discord.com/0%URL Reputationsafe
        https://discord.com/0%URL Reputationsafe
        https://cdn.disc80%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        discord.com
        		162.159.137.232
        		truefalseunknown
        cdn.discordapp.com
        		162.159.129.233
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://cdn.discordapp.com/attachments/781839169122205709/781839220499021834/YipmyyyMT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
            		high
            https://cdn.discordapp.com/attachments/7818391691222MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
              		high
              https://discord.com/VMT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://cdn.discordaMT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://cdn.discordapp.com/attachments/781839169122205709/78183922049902MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                		high
                https://cdn.discordapp.com/attacMT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                  		high
                  https://cdn.discordapp.com/attachments/78183916912220570MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                    		high
                    https://cdn.discordapp.com/attachments/781839169122205709/7818392204dMT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                      		high
                      https://cdn.discordapp.com/attachments/781839169122205709/781839MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                        		high
                        https://cdn.discordapp.com/attachments/7HMT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                          		high
                          https://discord.com/MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://cdn.discordapp.com/attachments/78183MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                            		high
                            https://cdn.discordapp.com/attachmenMT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                              		high
                              https://cdn.discordapp.com/attachments/781839169122205709/781839220499021834xMT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                                		high
                                https://cdn.discordapp.com/attachments/781839169$MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                                  		high
                                  https://cdn.disc8MT103---USD42880.45---20201127--dbs--9900.exe, 00000000.00000002.213462989.0000000002E50000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public

                                  IPDomainCountryFlagASNASN NameMalicious
                                  162.159.137.232
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  162.159.129.233
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse

                                  General Information

                                  Joe Sandbox Version:31.0.0 Red Diamond
                                  Analysis ID:323965
                                  Start date:28.11.2020
                                  Start time:00:04:55
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 5m 13s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:MT103---USD42880.45---20201127--dbs--9900.exe
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                  Number of analysed new started processes analysed:2
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal84.troj.evad.winEXE@3/0@2/2
                                  EGA Information:Failed
                                  HDC Information:
                                  • Successful, ratio: 35.2% (good quality ratio 34%)
                                  • Quality average: 71.9%
                                  • Quality standard deviation: 29.4%
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 17
                                  • Number of non-executed functions: 228
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found application associated with file extension: .exe
                                  • Stop behavior analysis, all processes terminated
                                  Warnings:
                                  Show All
                                  • Excluded IPs from analysis (whitelisted): 13.64.90.137, 168.61.161.212
                                  • Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, watson.telemetry.microsoft.com
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  00:05:44API Interceptor2x Sleep call for process: MT103---USD42880.45---20201127--dbs--9900.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  162.159.137.232RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                    Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                      Q21rQw2C4o.exeGet hashmaliciousBrowse
                                        tzjEwwwbqK.exeGet hashmaliciousBrowse
                                          oUI0jQS8xQ.exeGet hashmaliciousBrowse
                                            NyUnwsFSCa.exeGet hashmaliciousBrowse
                                              PO#0007507_009389283882873PDF.exeGet hashmaliciousBrowse
                                                LAX28102020HBL_AMSLAX1056_CTLQD06J0BL_PO_DTH266278_RFQ.exeGet hashmaliciousBrowse
                                                  8fJPaTfN8D.exeGet hashmaliciousBrowse
                                                    LJLMG5Syza.exeGet hashmaliciousBrowse
                                                      oAkfKRTCvN.exeGet hashmaliciousBrowse
                                                        eybgvwBamW.exeGet hashmaliciousBrowse
                                                          R#U00d6SLER Puchase_tcs 10-28-2020,pdf.exeGet hashmaliciousBrowse
                                                            #U8ba2#U5355#U786e#U8ba4,pdf.exeGet hashmaliciousBrowse
                                                              Documentos_ordine.exeGet hashmaliciousBrowse
                                                                ShipmentReceipt.exeGet hashmaliciousBrowse
                                                                  ShipmentReceipt.exeGet hashmaliciousBrowse
                                                                    PO102620.exeGet hashmaliciousBrowse
                                                                      Albawardi Group Project offer description 678467463756382020.exeGet hashmaliciousBrowse
                                                                        91HN20DCI100053,54,80.exeGet hashmaliciousBrowse
                                                                          162.159.129.233ENQ-015August 2020 R1 Proj LOT.docGet hashmaliciousBrowse
                                                                          • cdn.discordapp.com/attachments/722888184203051118/757862128198877274/Stub.jpg

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          discord.comcaw.exeGet hashmaliciousBrowse
                                                                          • 162.159.138.232
                                                                          lxpo.exeGet hashmaliciousBrowse
                                                                          • 162.159.128.233
                                                                          SpecificationX20202611.xlsxGet hashmaliciousBrowse
                                                                          • 162.159.136.232
                                                                          RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                          • 162.159.137.232
                                                                          Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                                                          • 162.159.137.232
                                                                          Piraeus Bank_swift_.exeGet hashmaliciousBrowse
                                                                          • 162.159.128.233
                                                                          Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                          • 162.159.137.232
                                                                          Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                          • 162.159.128.233
                                                                          tzjEwwwbqK.exeGet hashmaliciousBrowse
                                                                          • 162.159.136.232
                                                                          DHL_Express_Consignment_Details.exeGet hashmaliciousBrowse
                                                                          • 162.159.138.232
                                                                          New Microsoft Office Excel Worksheet.xlsxGet hashmaliciousBrowse
                                                                          • 162.159.136.232
                                                                          Komfkim_Signed_.exeGet hashmaliciousBrowse
                                                                          • 162.159.135.232
                                                                          oUI0jQS8xQ.exeGet hashmaliciousBrowse
                                                                          • 162.159.137.232
                                                                          USD67,884.08_Payment_Advise_9083008849.exeGet hashmaliciousBrowse
                                                                          • 162.159.136.232
                                                                          USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXEGet hashmaliciousBrowse
                                                                          • 162.159.138.232
                                                                          NyUnwsFSCa.exeGet hashmaliciousBrowse
                                                                          • 162.159.135.232
                                                                          Fl0aIIH39W.exeGet hashmaliciousBrowse
                                                                          • 162.159.138.232
                                                                          PO#0007507_009389283882873PDF.exeGet hashmaliciousBrowse
                                                                          • 162.159.135.232
                                                                          9Pimjl3jyq.exeGet hashmaliciousBrowse
                                                                          • 162.159.138.232
                                                                          D6vy84I7rJ.exeGet hashmaliciousBrowse
                                                                          • 162.159.135.232
                                                                          cdn.discordapp.comVessel details.docGet hashmaliciousBrowse
                                                                          • 162.159.135.233
                                                                          RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                          • 162.159.130.233
                                                                          Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                                                          • 162.159.135.233
                                                                          Piraeus Bank_swift_.exeGet hashmaliciousBrowse
                                                                          • 162.159.129.233
                                                                          Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                          • 162.159.130.233
                                                                          Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                          • 162.159.133.233
                                                                          tzjEwwwbqK.exeGet hashmaliciousBrowse
                                                                          • 162.159.130.233
                                                                          DHL_Express_Consignment_Details.exeGet hashmaliciousBrowse
                                                                          • 162.159.133.233
                                                                          New Microsoft Office Excel Worksheet.xlsxGet hashmaliciousBrowse
                                                                          • 162.159.129.233
                                                                          INV SF2910202.docGet hashmaliciousBrowse
                                                                          • 162.159.135.233
                                                                          Komfkim_Signed_.exeGet hashmaliciousBrowse
                                                                          • 162.159.129.233
                                                                          oUI0jQS8xQ.exeGet hashmaliciousBrowse
                                                                          • 162.159.130.233
                                                                          USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXEGet hashmaliciousBrowse
                                                                          • 162.159.135.233
                                                                          NyUnwsFSCa.exeGet hashmaliciousBrowse
                                                                          • 162.159.133.233
                                                                          1099008FEDEX_090887766.xlsGet hashmaliciousBrowse
                                                                          • 162.159.129.233
                                                                          1099008FEDEX_090887766.xlsGet hashmaliciousBrowse
                                                                          • 162.159.134.233
                                                                          PO#0007507_009389283882873PDF.exeGet hashmaliciousBrowse
                                                                          • 162.159.135.233
                                                                          9Pimjl3jyq.exeGet hashmaliciousBrowse
                                                                          • 162.159.133.233
                                                                          D6vy84I7rJ.exeGet hashmaliciousBrowse
                                                                          • 162.159.135.233
                                                                          Payment copy.docGet hashmaliciousBrowse
                                                                          • 162.159.129.233

                                                                          ASN

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          CLOUDFLARENETUSnotif8372.xlsGet hashmaliciousBrowse
                                                                          • 104.24.117.11
                                                                          notif8372.xlsGet hashmaliciousBrowse
                                                                          • 172.67.222.45
                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                          • 104.31.87.226
                                                                          2020-11-27-ZLoader-DLL-example-01.dllGet hashmaliciousBrowse
                                                                          • 172.67.155.205
                                                                          2020-11-27-ZLoader-DLL-example-02.dllGet hashmaliciousBrowse
                                                                          • 172.67.155.205
                                                                          2020-11-27-ZLoader-DLL-example-03.dllGet hashmaliciousBrowse
                                                                          • 104.27.143.240
                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                          • 104.31.86.226
                                                                          Final_report_2020.htmlGet hashmaliciousBrowse
                                                                          • 104.16.18.94
                                                                          norit.dllGet hashmaliciousBrowse
                                                                          • 104.31.69.174
                                                                          380000_USD_INV_011740_NOV_2020.jarGet hashmaliciousBrowse
                                                                          • 104.20.22.46
                                                                          380000_USD_INV_011740_NOV_2020.jarGet hashmaliciousBrowse
                                                                          • 104.20.23.46
                                                                          https://tinyurl.com/y9xs2oe6Get hashmaliciousBrowse
                                                                          • 104.20.138.65
                                                                          case.2522.xlsGet hashmaliciousBrowse
                                                                          • 104.31.87.113
                                                                          https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.comGet hashmaliciousBrowse
                                                                          • 104.27.129.197
                                                                          case.2522.xlsGet hashmaliciousBrowse
                                                                          • 104.31.87.113
                                                                          coinomi-1.20.0.apkGet hashmaliciousBrowse
                                                                          • 162.159.200.1
                                                                          Purchase Order.exeGet hashmaliciousBrowse
                                                                          • 172.67.143.180
                                                                          http://fonts.mafia-server.netGet hashmaliciousBrowse
                                                                          • 104.18.40.210
                                                                          caw.exeGet hashmaliciousBrowse
                                                                          • 162.159.138.232
                                                                          Direct Deposit.xlsxGet hashmaliciousBrowse
                                                                          • 104.16.19.94
                                                                          CLOUDFLARENETUSnotif8372.xlsGet hashmaliciousBrowse
                                                                          • 104.24.117.11
                                                                          notif8372.xlsGet hashmaliciousBrowse
                                                                          • 172.67.222.45
                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                          • 104.31.87.226
                                                                          2020-11-27-ZLoader-DLL-example-01.dllGet hashmaliciousBrowse
                                                                          • 172.67.155.205
                                                                          2020-11-27-ZLoader-DLL-example-02.dllGet hashmaliciousBrowse
                                                                          • 172.67.155.205
                                                                          2020-11-27-ZLoader-DLL-example-03.dllGet hashmaliciousBrowse
                                                                          • 104.27.143.240
                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                          • 104.31.86.226
                                                                          Final_report_2020.htmlGet hashmaliciousBrowse
                                                                          • 104.16.18.94
                                                                          norit.dllGet hashmaliciousBrowse
                                                                          • 104.31.69.174
                                                                          380000_USD_INV_011740_NOV_2020.jarGet hashmaliciousBrowse
                                                                          • 104.20.22.46
                                                                          380000_USD_INV_011740_NOV_2020.jarGet hashmaliciousBrowse
                                                                          • 104.20.23.46
                                                                          https://tinyurl.com/y9xs2oe6Get hashmaliciousBrowse
                                                                          • 104.20.138.65
                                                                          case.2522.xlsGet hashmaliciousBrowse
                                                                          • 104.31.87.113
                                                                          https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.comGet hashmaliciousBrowse
                                                                          • 104.27.129.197
                                                                          case.2522.xlsGet hashmaliciousBrowse
                                                                          • 104.31.87.113
                                                                          coinomi-1.20.0.apkGet hashmaliciousBrowse
                                                                          • 162.159.200.1
                                                                          Purchase Order.exeGet hashmaliciousBrowse
                                                                          • 172.67.143.180
                                                                          http://fonts.mafia-server.netGet hashmaliciousBrowse
                                                                          • 104.18.40.210
                                                                          caw.exeGet hashmaliciousBrowse
                                                                          • 162.159.138.232
                                                                          Direct Deposit.xlsxGet hashmaliciousBrowse
                                                                          • 104.16.19.94

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          No created / dropped files found

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Entropy (8bit):7.171493979360729
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.24%
                                                                          • InstallShield setup (43055/19) 0.43%
                                                                          • Win32 Executable Delphi generic (14689/80) 0.15%
                                                                          • Windows Screen Saver (13104/52) 0.13%
                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                          File name:MT103---USD42880.45---20201127--dbs--9900.exe
                                                                          File size:1289728
                                                                          MD5:d7545487bde794de42b3a655f3664c8d
                                                                          SHA1:f4728d4c214b0282efc7d0779cd673d4b68e7da0
                                                                          SHA256:4d39dfd975de3e9aca4e430390618b2e548db3f3d4bf2d0409f643be7da2a91e
                                                                          SHA512:7d4d4ec5c0aaca0c51f1313769c74428a6615d6919392465ce10a357d81480dd4f80cc6c9c5d7b9d1e5dfe24ed5d6eb152e3e194d50ef81c2fd105768ea676af
                                                                          SSDEEP:24576:siLDfJXRq+fowpGG7By3Z72mwt8gKmX9hIbEIK:siLr5By3Z7NTgKA
                                                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                          File Icon

                                                                          Icon Hash:b2a8949ea686da6a

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x47d118
                                                                          Entrypoint Section:CODE
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                                                                          DLL Characteristics:
                                                                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:c7f986b767e22dea5696886cb4d7da70

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          add esp, FFFFFFF0h
                                                                          mov eax, 0047CE60h
                                                                          call 00007F2CF4BE5CB5h
                                                                          lea edx, dword ptr [ebx+eax]
                                                                          push 00000019h
                                                                          mov eax, dword ptr [004807A4h]
                                                                          mov eax, dword ptr [eax]
                                                                          call 00007F2CF4C3AE08h
                                                                          mov ecx, dword ptr [00480750h]
                                                                          mov eax, dword ptr [004807A4h]
                                                                          mov eax, dword ptr [eax]
                                                                          mov edx, dword ptr [0047C9ECh]
                                                                          call 00007F2CF4C3AE08h
                                                                          mov eax, dword ptr [00480750h]
                                                                          mov eax, dword ptr [eax]
                                                                          xor edx, edx
                                                                          call 00007F2CF4C3437Ah
                                                                          mov eax, dword ptr [004807A4h]
                                                                          mov eax, dword ptr [eax]
                                                                          mov byte ptr [eax+5Bh], 00000000h
                                                                          mov eax, dword ptr [004807A4h]
                                                                          mov eax, dword ptr [eax]
                                                                          call 00007F2CF4C3AE63h
                                                                          call 00007F2CF4BE37A6h
                                                                          nop
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x830000x22b0.idata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x910000xb1400.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000x8138.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x870000x18.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          CODE0x10000x7c17c0x7c200False0.522454053374data6.55138199518IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                          DATA0x7e0000x29540x2a00False0.412109375data4.92006813937IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                          BSS0x810000x114d0x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                          .idata0x830000x22b00x2400False0.355251736111data4.85312153514IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                          .tls0x860000x100x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x870000x180x200False0.05078125data0.206920017787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                          .reloc0x880000x81380x8200False0.584435096154data6.65713214053IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x910000xb14000xb1400False0.549854273184data7.13542941406IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountry
                                                                          RT_CURSOR0x9217c0x134data
                                                                          RT_CURSOR0x922b00x134data
                                                                          RT_CURSOR0x923e40x134data
                                                                          RT_CURSOR0x925180x134data
                                                                          RT_CURSOR0x9264c0x134data
                                                                          RT_CURSOR0x927800x134data
                                                                          RT_CURSOR0x928b40x134data
                                                                          RT_BITMAP0x929e80x1d0data
                                                                          RT_BITMAP0x92bb80x1e4data
                                                                          RT_BITMAP0x92d9c0x1d0data
                                                                          RT_BITMAP0x92f6c0x1d0data
                                                                          RT_BITMAP0x9313c0x1d0data
                                                                          RT_BITMAP0x9330c0x1d0data
                                                                          RT_BITMAP0x934dc0x1d0data
                                                                          RT_BITMAP0x936ac0x1d0data
                                                                          RT_BITMAP0x9387c0x1d0data
                                                                          RT_BITMAP0x93a4c0x1d0data
                                                                          RT_BITMAP0x93c1c0x5cdata
                                                                          RT_BITMAP0x93c780x5cdata
                                                                          RT_BITMAP0x93cd40x5cdata
                                                                          RT_BITMAP0x93d300x5cdata
                                                                          RT_BITMAP0x93d8c0x5cdata
                                                                          RT_BITMAP0x93de80x138data
                                                                          RT_BITMAP0x93f200x138data
                                                                          RT_BITMAP0x940580x138data
                                                                          RT_BITMAP0x941900x138data
                                                                          RT_BITMAP0x942c80x138data
                                                                          RT_BITMAP0x944000x138data
                                                                          RT_BITMAP0x945380x104data
                                                                          RT_BITMAP0x9463c0x138data
                                                                          RT_BITMAP0x947740x104data
                                                                          RT_BITMAP0x948780x138data
                                                                          RT_BITMAP0x949b00xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                          RT_ICON0x94a980x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                          RT_ICON0x94f000x988dataEnglishUnited States
                                                                          RT_ICON0x958880x10a8dataEnglishUnited States
                                                                          RT_ICON0x969300x25a8dataEnglishUnited States
                                                                          RT_ICON0x98ed80x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 240, next used block 251658240EnglishUnited States
                                                                          RT_ICON0x9d1000x5488dataEnglishUnited States
                                                                          RT_ICON0xa25880x94a8dataEnglishUnited States
                                                                          RT_ICON0xaba300xa2a8dataEnglishUnited States
                                                                          RT_DIALOG0xb5cd80x52data
                                                                          RT_STRING0xb5d2c0x280data
                                                                          RT_STRING0xb5fac0x274data
                                                                          RT_STRING0xb62200x1ecdata
                                                                          RT_STRING0xb640c0x13cdata
                                                                          RT_STRING0xb65480x2c8data
                                                                          RT_STRING0xb68100xfcHitachi SH big-endian COFF object file, not stripped, 17664 sections, symbol offset=0x65007200, 83907328 symbols, optional header size 28672
                                                                          RT_STRING0xb690c0xf8data
                                                                          RT_STRING0xb6a040x128data
                                                                          RT_STRING0xb6b2c0x468data
                                                                          RT_STRING0xb6f940x37cdata
                                                                          RT_STRING0xb73100x39cdata
                                                                          RT_STRING0xb76ac0x3e8data
                                                                          RT_STRING0xb7a940xf4data
                                                                          RT_STRING0xb7b880xc4data
                                                                          RT_STRING0xb7c4c0x2c0data
                                                                          RT_STRING0xb7f0c0x478data
                                                                          RT_STRING0xb83840x3acdata
                                                                          RT_STRING0xb87300x2d4data
                                                                          RT_RCDATA0xb8a040x10data
                                                                          RT_RCDATA0xb8a140x398data
                                                                          RT_RCDATA0xb8dac0x494Delphi compiled form 'TLoginDialog'
                                                                          RT_RCDATA0xb92400x3c4Delphi compiled form 'TPasswordDialog'
                                                                          RT_RCDATA0xb96040x76f67GIF image data, version 89a, 577 x 188EnglishUnited States
                                                                          RT_RCDATA0x13056c0x11a42Delphi compiled form 'T__958758541'
                                                                          RT_GROUP_CURSOR0x141fb00x14Lotus unknown worksheet or configuration, revision 0x1
                                                                          RT_GROUP_CURSOR0x141fc40x14Lotus unknown worksheet or configuration, revision 0x1
                                                                          RT_GROUP_CURSOR0x141fd80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                          RT_GROUP_CURSOR0x141fec0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                          RT_GROUP_CURSOR0x1420000x14Lotus unknown worksheet or configuration, revision 0x1
                                                                          RT_GROUP_CURSOR0x1420140x14Lotus unknown worksheet or configuration, revision 0x1
                                                                          RT_GROUP_CURSOR0x1420280x14Lotus unknown worksheet or configuration, revision 0x1
                                                                          RT_GROUP_ICON0x14203c0x76dataEnglishUnited States
                                                                          RT_MANIFEST0x1420b40x2f0XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                          Imports

                                                                          DLLImport
                                                                          kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                          user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                          kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                          kernel32.dlllstrcpyA, lstrcmpiA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                          version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                          gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetROP2, GetPolyFillMode, GetPixel, GetPaletteEntries, GetObjectA, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                          user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                          kernel32.dllSleep
                                                                          oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                          ole32.dllCoUninitialize, CoInitialize
                                                                          oleaut32.dllGetErrorInfo, SysFreeString
                                                                          comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishUnited States

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Nov 28, 2020 00:05:45.428303957 CET49714443192.168.2.3162.159.137.232
                                                                          Nov 28, 2020 00:05:45.444849014 CET44349714162.159.137.232192.168.2.3
                                                                          Nov 28, 2020 00:05:45.445030928 CET49714443192.168.2.3162.159.137.232
                                                                          Nov 28, 2020 00:05:45.445923090 CET49714443192.168.2.3162.159.137.232
                                                                          Nov 28, 2020 00:05:45.462764978 CET44349714162.159.137.232192.168.2.3
                                                                          Nov 28, 2020 00:05:45.463264942 CET44349714162.159.137.232192.168.2.3
                                                                          Nov 28, 2020 00:05:45.463382006 CET49714443192.168.2.3162.159.137.232
                                                                          Nov 28, 2020 00:05:45.543860912 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.560765982 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.560965061 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.571419954 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.587831974 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.588376045 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.588417053 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.588447094 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.588498116 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.635109901 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.638703108 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.655452013 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.655683994 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.697613955 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.738403082 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.754874945 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779589891 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779622078 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779649019 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779668093 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779695034 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779728889 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779758930 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779793978 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779798985 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.779833078 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779869080 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779874086 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.779906034 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779932022 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779958010 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779980898 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.779988050 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780008078 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780036926 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780064106 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780076981 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780091047 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780122995 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780143976 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780158997 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780190945 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780211926 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780216932 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780252934 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780287981 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780301094 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780327082 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780361891 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780366898 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780411959 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780453920 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780462980 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780491114 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780518055 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780544043 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780555964 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780582905 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780599117 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780616045 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780647993 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780689001 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780694008 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780728102 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780766964 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780797005 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780805111 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780843019 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780854940 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780883074 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780910015 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780915022 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780952930 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.780985117 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.780991077 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781028986 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781068087 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781068087 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.781104088 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.781109095 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781147003 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781188011 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781224966 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.781229973 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781266928 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781301975 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.781302929 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781332970 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781344891 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.781371117 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781428099 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.781575918 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781610012 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.781666040 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798289061 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798341990 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798382044 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798420906 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798434019 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798469067 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798511982 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798532963 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798543930 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798557997 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798582077 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798595905 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798607111 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798629999 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798650980 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798660994 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798677921 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798701048 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798702002 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798727036 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798763990 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798767090 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798779011 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798788071 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798805952 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798830032 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798840046 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798851967 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798873901 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798896074 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798917055 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798933029 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.798937082 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798959970 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.798985004 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799007893 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799014091 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799038887 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799060106 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799081087 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799087048 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799103975 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799129009 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799149036 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799150944 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799173117 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799199104 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799225092 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799232960 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799247026 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799272060 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799288034 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799295902 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799319983 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799341917 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799348116 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799365997 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799388885 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799412966 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799427986 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799441099 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799463987 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799474001 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799485922 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799509048 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799527884 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.799544096 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.799609900 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816093922 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816124916 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816149950 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816171885 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816227913 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816384077 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816426992 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816466093 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816504955 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816540003 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816545010 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816555977 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816587925 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816633940 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816642046 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816673994 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816729069 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816735983 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816750050 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816800117 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816806078 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816813946 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816842079 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816879988 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816900969 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.816925049 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816967010 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.816977024 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817004919 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817032099 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817044020 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817071915 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817081928 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817082882 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817106009 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817147017 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817154884 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817182064 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817225933 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817250013 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817266941 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817307949 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817307949 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817347050 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817409039 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817451954 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817457914 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817493916 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817517996 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817534924 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817564964 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817574024 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817612886 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817651987 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817679882 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817694902 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817734957 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817751884 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817770958 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817787886 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817811966 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817851067 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817889929 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817910910 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817929983 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.817950964 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.817969084 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.818013906 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.818042994 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.818052053 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.818092108 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.818129063 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.818147898 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.818154097 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.818238974 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.832422018 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.832451105 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.832504034 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.834443092 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.834475040 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.834498882 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.834518909 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.834527969 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.834553957 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.834573030 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.834625006 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.834984064 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835012913 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835038900 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835062981 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835087061 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835098982 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835112095 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835139036 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835144997 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835163116 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835185051 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835187912 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835226059 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835237026 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835253000 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835277081 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835290909 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835299969 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835325003 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835354090 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835352898 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835378885 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835391998 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835397959 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835423946 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835443974 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835448027 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835472107 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835481882 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835498095 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835522890 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835527897 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835542917 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835566998 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835581064 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835592031 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835619926 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835638046 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835644960 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835665941 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835689068 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835711956 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835722923 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835736036 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835756063 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835762024 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835781097 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835783005 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835804939 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835818052 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835830927 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835855961 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835879087 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835885048 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835905075 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835916996 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835928917 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835953951 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.835967064 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.835979939 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836004019 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836004972 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836026907 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836050034 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836061001 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836074114 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836096048 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836118937 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836122990 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836142063 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836160898 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836169004 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836190939 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836203098 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836216927 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836240053 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836261988 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836266041 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836287975 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836302042 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836313963 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836338043 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836349010 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836365938 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836396933 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836405039 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836421013 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836446047 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836462021 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836471081 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836494923 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836498976 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836517096 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836544037 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836570978 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836577892 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836595058 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836605072 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836617947 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836643934 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836667061 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836667061 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836688995 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836711884 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836720943 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836735964 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836757898 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836764097 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836790085 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836795092 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836815119 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836838961 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836863041 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836869955 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836885929 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836909056 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836911917 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836935997 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836951017 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.836961985 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836988926 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.836996078 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837021112 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837044001 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837054968 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837068081 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837091923 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837105036 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837115049 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837141037 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837160110 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837167978 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837203026 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837218046 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837230921 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837259054 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837269068 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837284088 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837306976 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837332010 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837340117 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837356091 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837378025 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837378979 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837418079 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837419033 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837445974 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837466955 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837479115 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837491989 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837515116 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837531090 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837538004 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837563038 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837574005 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837585926 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837611914 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837625980 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837636948 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837660074 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837671041 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837685108 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837707043 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837728977 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837738991 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837750912 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837765932 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837774992 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837795019 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837800980 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837821007 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837826967 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837852001 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837857962 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837877035 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837902069 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837922096 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837925911 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837949991 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.837970972 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.837973118 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838000059 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838006020 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838027000 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838049889 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838073015 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838080883 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838097095 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838116884 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838119984 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838145971 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838155985 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838169098 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838195086 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838216066 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838229895 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838241100 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838254929 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838268042 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838293076 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838314056 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838332891 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838335991 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838346004 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838360071 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838386059 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838388920 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838392973 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838411093 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838433981 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838433981 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838457108 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838475943 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838495016 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838496923 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838517904 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838536978 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838537931 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838563919 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838576078 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838587999 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838608027 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838629007 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838639021 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838650942 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838668108 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838670969 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838691950 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838713884 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838716984 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838737011 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838749886 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838759899 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838781118 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838800907 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838820934 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838823080 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838840008 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838860035 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838871002 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838877916 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838886976 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838896036 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838916063 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838933945 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838934898 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838956118 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838970900 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838973999 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.838987112 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.838999987 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.839006901 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.839030981 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.839046955 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.839052916 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.839073896 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.839086056 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.839093924 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.839121103 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.839154005 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.840137959 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.848886013 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.848912001 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.848925114 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.848941088 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.848963976 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.848980904 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.848994017 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849005938 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849009037 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.849018097 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849033117 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849045992 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849221945 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.849708080 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849728107 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849744081 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849761009 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849781036 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849796057 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.849797010 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849814892 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849833012 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849854946 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849873066 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849884987 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849899054 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849905968 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.849910021 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.849980116 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.850089073 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.907406092 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907465935 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907505989 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907553911 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907593966 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.907596111 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907639027 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907679081 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907708883 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.907720089 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907757998 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907798052 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907804966 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.907835960 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907864094 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.907890081 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907907009 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907912016 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.907921076 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907938957 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907952070 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.907954931 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907977104 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907998085 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.907998085 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908024073 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908042908 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908049107 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908056021 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908065081 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908081055 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908087015 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908094883 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908113003 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908128977 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908143044 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908143997 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908159971 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908169985 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908178091 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908195972 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908204079 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908216953 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908217907 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908236027 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908252001 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908267021 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908268929 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908287048 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908299923 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908303022 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908319950 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908337116 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908337116 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908356905 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908375025 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908387899 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908390999 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908410072 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908411980 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908427954 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908444881 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908454895 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908462048 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908476114 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908479929 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908500910 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908514023 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908519030 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908535957 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908551931 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908567905 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908582926 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908588886 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908596039 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908596992 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908610106 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908626080 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908636093 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908643961 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908664942 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908670902 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908684015 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908699989 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908714056 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908716917 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908735037 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908750057 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908750057 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908766985 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908777952 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908783913 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908806086 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908823013 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908842087 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908853054 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908859015 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908864021 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908875942 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908888102 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908891916 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908909082 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908920050 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908926964 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908947945 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908951044 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908966064 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908982038 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.908993959 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.908998013 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909013987 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909027100 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909029961 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909046888 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909049034 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909059048 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909075975 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909085989 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909089088 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909112930 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909131050 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909147024 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909149885 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909164906 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909183025 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909198999 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909215927 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909233093 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909251928 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909270048 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909286022 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909298897 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909301996 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909306049 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909311056 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909318924 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909321070 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909326077 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909336090 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909336090 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909353971 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909368992 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909377098 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909404039 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909406900 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909425020 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909442902 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909451962 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909460068 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909476995 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909492970 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909504890 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909508944 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909523010 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909534931 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909539938 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909558058 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909563065 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909574986 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909591913 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909591913 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909609079 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909625053 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909631968 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909646034 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909646988 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909663916 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909678936 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909692049 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909696102 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909713030 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909728050 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909732103 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909744978 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909759998 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909766912 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909780025 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909800053 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909810066 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909815073 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909832001 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909842014 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909847021 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909859896 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909862995 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909881115 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909895897 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909905910 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909914970 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909919024 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909933090 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909950018 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909965038 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.909977913 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.909997940 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910013914 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910024881 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910032988 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910051107 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910052061 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910072088 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910087109 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910092115 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910110950 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910115957 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910129070 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910145998 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910165071 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910173893 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910181046 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910198927 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910211086 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910219908 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910226107 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910238981 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910255909 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910268068 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910273075 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910291910 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910300016 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910309076 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910326004 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910341978 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910356045 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910362959 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910382986 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910392046 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910401106 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910407066 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910418034 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.910445929 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.910639048 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.911154032 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911166906 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911174059 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911191940 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911215067 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911222935 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.911231995 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911250114 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911262989 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.911267042 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911287069 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.911287069 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.911336899 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.911952972 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.915827990 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915849924 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915868044 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915885925 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915903091 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915921926 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915939093 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915952921 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.915956020 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915966034 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.915971994 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.915973902 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.915997028 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916003942 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916016102 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916033983 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916035891 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916047096 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916064978 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916085958 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916095018 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916110992 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916131020 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916134119 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916156054 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916157961 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916173935 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916189909 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916203976 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916214943 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916224003 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916225910 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916244984 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916263103 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916282892 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916295052 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916296959 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916320086 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916337013 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916353941 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916366100 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916373968 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916377068 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916394949 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916413069 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916429996 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916434050 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916446924 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916457891 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916464090 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916480064 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916496038 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916498899 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916511059 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916512966 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916532993 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916551113 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916568041 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916567087 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916584969 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916589975 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916600943 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916618109 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916632891 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916640043 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916650057 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916661978 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916671991 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916691065 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916702986 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916707039 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916723967 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916738033 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916738033 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916771889 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916798115 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916821003 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916841030 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916848898 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916862011 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916883945 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916903973 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916913986 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916927099 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916949034 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916949034 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916971922 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.916974068 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.916996002 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917017937 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917022943 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917042017 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917058945 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917081118 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917090893 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917108059 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917131901 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917133093 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917152882 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917160034 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917186022 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917207003 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917215109 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917229891 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917243958 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917264938 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917268038 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917287111 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917306900 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917320967 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917327881 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917349100 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917354107 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917371035 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917412996 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917416096 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917445898 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.917458057 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:45.917467117 CET44349715162.159.129.233192.168.2.3
                                                                          Nov 28, 2020 00:05:45.918338060 CET49715443192.168.2.3162.159.129.233
                                                                          Nov 28, 2020 00:05:49.113576889 CET49715443192.168.2.3162.159.129.233

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Nov 28, 2020 00:05:39.377357960 CET6418553192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:39.413207054 CET53641858.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:40.531349897 CET6511053192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:40.566946030 CET53651108.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:41.344980955 CET5836153192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:41.372140884 CET53583618.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:42.388803959 CET6349253192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:42.417777061 CET53634928.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:43.434027910 CET6083153192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:43.465171099 CET53608318.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:44.502682924 CET6010053192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:44.529831886 CET53601008.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:45.299616098 CET5319553192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:45.326739073 CET53531958.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:45.375690937 CET5014153192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:45.402848005 CET53501418.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:45.512635946 CET5302353192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:45.540005922 CET53530238.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:46.103368044 CET4956353192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:46.131063938 CET53495638.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:47.257292032 CET5135253192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:47.293032885 CET53513528.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:50.389448881 CET5934953192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:50.425154924 CET53593498.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:51.466330051 CET5708453192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:51.493590117 CET53570848.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:52.523111105 CET5882353192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:52.558619976 CET53588238.8.8.8192.168.2.3
                                                                          Nov 28, 2020 00:05:53.632405043 CET5756853192.168.2.38.8.8.8
                                                                          Nov 28, 2020 00:05:53.659518957 CET53575688.8.8.8192.168.2.3

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                          Nov 28, 2020 00:05:45.375690937 CET192.168.2.38.8.8.80x2d18Standard query (0)discord.comA (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.512635946 CET192.168.2.38.8.8.80xc863Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                          Nov 28, 2020 00:05:45.402848005 CET8.8.8.8192.168.2.30x2d18No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.402848005 CET8.8.8.8192.168.2.30x2d18No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.402848005 CET8.8.8.8192.168.2.30x2d18No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.402848005 CET8.8.8.8192.168.2.30x2d18No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.402848005 CET8.8.8.8192.168.2.30x2d18No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.540005922 CET8.8.8.8192.168.2.30xc863No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.540005922 CET8.8.8.8192.168.2.30xc863No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.540005922 CET8.8.8.8192.168.2.30xc863No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.540005922 CET8.8.8.8192.168.2.30xc863No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                          Nov 28, 2020 00:05:45.540005922 CET8.8.8.8192.168.2.30xc863No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)

                                                                          HTTPS Packets

                                                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                          Nov 28, 2020 00:05:45.588447094 CET162.159.129.233443192.168.2.349715CN=ssl711320.cloudflaressl.com CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Oct 27 01:00:00 CET 2020 Thu Sep 25 02:00:00 CEST 2014 Thu Jan 01 01:00:00 CET 2004Thu May 06 01:59:59 CEST 2021 Tue Sep 25 01:59:59 CEST 2029 Mon Jan 01 00:59:59 CET 2029
                                                                          CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Sep 25 02:00:00 CEST 2014Tue Sep 25 01:59:59 CEST 2029
                                                                          CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029

                                                                          Code Manipulations

                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          Analysis Process: MT103---USD42880.45---20201127--dbs--9900.exe PID: 5504 Parent PID: 5516

                                                                          General

                                                                          Start time:00:05:43
                                                                          Start date:28/11/2020
                                                                          Path:C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe'
                                                                          Imagebase:0x400000
                                                                          File size:1289728 bytes
                                                                          MD5 hash:D7545487BDE794DE42B3A655F3664C8D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:Borland Delphi
                                                                          Yara matches:
                                                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000000.00000002.214074450.0000000004C67000.00000020.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                                                          • Rule: Methodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICO, Description: Detects possible shortcut usage for .URL persistence, Source: 00000000.00000002.214074450.0000000004C67000.00000020.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.214175689.0000000004CC0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.214642043.0000000005126000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: MT103---USD42880.45---20201127--dbs--9900.exe PID: 2416 Parent PID: 5504

                                                                          General

                                                                          Start time:00:05:46
                                                                          Start date:28/11/2020
                                                                          Path:C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\Desktop\MT103---USD42880.45---20201127--dbs--9900.exe
                                                                          Imagebase:0x400000
                                                                          File size:1289728 bytes
                                                                          MD5 hash:D7545487BDE794DE42B3A655F3664C8D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.211862077.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Disassembly

                                                                          Code Analysis

                                                                          Reset < >

                                                                            Analysis Process: MT103---USD42880.45---20201127--dbs--9900.exe PID: 5504 Parent PID: 5516 MT103---USD42880.45---20201127--dbs--9900.exeCOMMON

                                                                            Executed Functions

                                                                            Non-executed Functions

                                                                            Function 02314000, Relevance: .6, Instructions: 575COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000003.205752607.0000000002314000.00000004.00000001.sdmp, Offset: 02314000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c7444d80bcc43bd3cbe0d67715fd3e86fb075a69aecf0a521b20d86ac1164daa
                                                                            • Instruction ID: 8eec3e80aec8386255ba7f266d4b06117b349b51486f6d3788797340bd1cd1f1
                                                                            • Opcode Fuzzy Hash: c7444d80bcc43bd3cbe0d67715fd3e86fb075a69aecf0a521b20d86ac1164daa
                                                                            • Instruction Fuzzy Hash: ED02466104E7C29FD7138B7498B6295BFB0AE0732471E19DBC0C1CF0A3E25D595ACB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02C6A4F4, Relevance: .4, Instructions: 405COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000003.206334602.0000000002C50000.00000004.00000001.sdmp, Offset: 02C50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 317939104f80abfdf5e30a90ff3889e37dbc05892a3eb9f56427ef7cb70f396b
                                                                            • Instruction ID: 5b1ca4af4883fc93a9871585a3329b11047f37887fc25a458f7b5d5b629c433f
                                                                            • Opcode Fuzzy Hash: 317939104f80abfdf5e30a90ff3889e37dbc05892a3eb9f56427ef7cb70f396b
                                                                            • Instruction Fuzzy Hash: 05E12734A006459FDB10DF69C9C8AAEB3F6FF88300B2586A5E945A7761CB34EE41DF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 023144FE, Relevance: .3, Instructions: 258COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000003.205752607.0000000002314000.00000004.00000001.sdmp, Offset: 02314000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5368590dd5eca2385c86811324ca497633822e1bae06f4fcc543b0aeb8d4ca4f
                                                                            • Instruction ID: 19a4be3ab5e37278f3f065568a34f81c4150f909ecffe30b8c7dc1b00a54f85d
                                                                            • Opcode Fuzzy Hash: 5368590dd5eca2385c86811324ca497633822e1bae06f4fcc543b0aeb8d4ca4f
                                                                            • Instruction Fuzzy Hash: 31618B6204E7D29FC7178B3888A5296BFB0EE5331470E45DBC1C0CF4A3E659984BCB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02C7896C, Relevance: .1, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000003.206334602.0000000002C50000.00000004.00000001.sdmp, Offset: 02C50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ce15b72c0ec80aa4f1425314821ecd01fa30d8155a94511a65b21c6b66bde3ca
                                                                            • Instruction ID: c2f81c6b9d665d22d17d91f897af8b1a073a6865252bc747db6288f9a8154788
                                                                            • Opcode Fuzzy Hash: ce15b72c0ec80aa4f1425314821ecd01fa30d8155a94511a65b21c6b66bde3ca
                                                                            • Instruction Fuzzy Hash: A321D570A04614DFCB10EFA8E98495EB7F9EB49714F2081B5E900B3360DB30AE05DF98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02C78C98, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000003.206334602.0000000002C50000.00000004.00000001.sdmp, Offset: 02C50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 49c2d5ca23b0060dbc721b8883c47d4682d1f6133cb6a91f5ad2fc3400271a14
                                                                            • Instruction ID: 107087111cce6480450dedb75c63bd8dbe0ad2ac4c5f6a884f97b9935556b593
                                                                            • Opcode Fuzzy Hash: 49c2d5ca23b0060dbc721b8883c47d4682d1f6133cb6a91f5ad2fc3400271a14
                                                                            • Instruction Fuzzy Hash: 76C09247F1AC0107FF288820CA6277E906387D36A1F19F67A8001F34C8D42CCA81100E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02C663A4, Relevance: 5.2, Strings: 4, Instructions: 187COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000003.206334602.0000000002C50000.00000004.00000001.sdmp, Offset: 02C50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ,$0ND$0ND$?
                                                                            • API String ID: 0-1964996382
                                                                            • Opcode ID: 5e7ec865a988939fdc8c258cc47677784f2879ccbc4a969fa65e8338f09fc76f
                                                                            • Instruction ID: 77e5de9969806fe6f6c8b691d3678914c63f7d8c8c4ad453467bf8ce3d77aae0
                                                                            • Opcode Fuzzy Hash: 5e7ec865a988939fdc8c258cc47677784f2879ccbc4a969fa65e8338f09fc76f
                                                                            • Instruction Fuzzy Hash: 8961F130A042509BEB10EF79DCC46BA7BFABF49300B144574E940E725AEB38E909DB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02CAD7BC, Relevance: 5.1, Strings: 4, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000003.206334602.0000000002C50000.00000004.00000001.sdmp, Offset: 02C50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: E$,E$8E$XE
                                                                            • API String ID: 0-3100681216
                                                                            • Opcode ID: 4847cf71b0e4e1d8b74baacff1e7673f89bbc534e493cb30b178788910f26731
                                                                            • Instruction ID: 97762ae319fbb37c9844c5961e8e6a618079861e3143718f1cc61d964ba19e52
                                                                            • Opcode Fuzzy Hash: 4847cf71b0e4e1d8b74baacff1e7673f89bbc534e493cb30b178788910f26731
                                                                            • Instruction Fuzzy Hash: 9C21E2343000C28BD318B7F8DE7162B7317EB81309B508576A5459FB66DEB9AC11AF9E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Analysis Process: MT103---USD42880.45---20201127--dbs--9900.exe PID: 2416 Parent PID: 5504 MT103---USD42880.45---20201127--dbs--9900.exeCOMMON

                                                                            Executed Functions

                                                                            Function 00419E0A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID: BMA$BMA
                                                                            • API String ID: 2738559852-2163208940
                                                                            • Opcode ID: a90904d2f0fe5d7442ba9a7d6fbeb6fe8d94dc0783ee2c1d0c428ee05d50dc8a
                                                                            • Instruction ID: 5d1017a6b7a3f61ef929f560f457a09aa62f35b7b00cd7c856d57ee8ac8acfe5
                                                                            • Opcode Fuzzy Hash: a90904d2f0fe5d7442ba9a7d6fbeb6fe8d94dc0783ee2c1d0c428ee05d50dc8a
                                                                            • Instruction Fuzzy Hash: 80F0E2B2200108AFCB14CF99CC81EEB77A9EF8C754F168659BE0DA7241D630E8518BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 37%
                                                                            			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A960(_t13, _t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                            0x00419e13
                                                                            0x00419e1f
                                                                            0x00419e27
                                                                            0x00419e32
                                                                            0x00419e4d
                                                                            0x00419e55
                                                                            0x00419e59

                                                                            APIs
                                                                            • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID: BMA$BMA
                                                                            • API String ID: 2738559852-2163208940
                                                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                            • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                            • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00419EBA, Relevance: 1.5, APIs: 1, Instructions: 42nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: 93c7da9e8481e9573365020c2d93cea0b49ab82337b8f6c19a48f08dbd78052e
                                                                            • Instruction ID: 8726f5cabe7bef5ba8b55a1fca51c60bb304094a4436e90cccc4b1a11e54bdf7
                                                                            • Opcode Fuzzy Hash: 93c7da9e8481e9573365020c2d93cea0b49ab82337b8f6c19a48f08dbd78052e
                                                                            • Instruction Fuzzy Hash: FCF01DB62002086BCB14DF89DC41DE777ADEF88654F018559FA0DA7241D535E9618BF4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00419D5B, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00419D5B(void* __eax, void* __edi, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t24;

				gs =  *((intOrPtr*)(__edi - 0x1374aaed));
				_t18 = _a4;
				_t4 = _t18 + 0xc40; // 0xc40
				E0041A960(_a4, __edi, _a4, _t4,  *((intOrPtr*)(_t18 + 0x10)), 0, 0x28);
				_t24 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t24;
			}




                                                                            0x00419d5d
                                                                            0x00419d63
                                                                            0x00419d6f
                                                                            0x00419d77
                                                                            0x00419dad
                                                                            0x00419db1

                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 178541f66a80bf3792152f96d5e28645a6c5374acccca5f25511394ef9c3fd86
                                                                            • Instruction ID: 2349382a15051ea922d5de5ccc01c8584be96759ce29dfe90dbc13897c478118
                                                                            • Opcode Fuzzy Hash: 178541f66a80bf3792152f96d5e28645a6c5374acccca5f25511394ef9c3fd86
                                                                            • Instruction Fuzzy Hash: DA01B2B2241108BBCB48CF88DC95EEB77A9EF8C754F158648FA0D97240D630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A960(_a4, _t31, _a4, _t3,  *((intOrPtr*)(_t15 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                            0x00419d6f
                                                                            0x00419d77
                                                                            0x00419dad
                                                                            0x00419db1

                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                            • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                            • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_a4, _t21, _a4, _t3,  *((intOrPtr*)(_t10 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                            0x00419f4f
                                                                            0x00419f57
                                                                            0x00419f79
                                                                            0x00419f7d

                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                            • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                            • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00419F3A, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 58%
                                                                            			E00419F3A(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				0x5556();
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E0041A960(_a4, _t21, _a4, _t3,  *((intOrPtr*)(_t10 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                            0x00419f3a
                                                                            0x00419f43
                                                                            0x00419f4f
                                                                            0x00419f57
                                                                            0x00419f79
                                                                            0x00419f7d

                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: f77ddfb872ef14309cf16d710b4419e7db88ed05d8403da265cd6a519c47ac49
                                                                            • Instruction ID: da14881f2456c58eb03399d2fed72aa58758c4cee9fd99dc05165da14bef2e63
                                                                            • Opcode Fuzzy Hash: f77ddfb872ef14309cf16d710b4419e7db88ed05d8403da265cd6a519c47ac49
                                                                            • Instruction Fuzzy Hash: 4CF01CB1210218AFDB14DF99CC81EEB77ADEF88754F158549BE1CA7241C630E951CBE4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00419E8B, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 58%
                                                                            			E00419E8B(void* __esi, intOrPtr _a4, void* _a8) {
				long _t9;
				void* _t11;
				void* _t12;
				void* _t16;
				void* _t17;

				asm("adc ebp, 0xffffffeb");
				_t16 = _t17;
				_t6 = _a4;
				_t2 = _t6 + 0x10; // 0x300
				_t3 = _t6 + 0xc50; // 0x40a923
				E0041A960(_a4, _t12, _a4, _t3,  *_t2, 0, 0x2c);
				_t11 = _a8;
				_push(_t16);
				_push(es);
				_t9 = NtClose(_t11);
				asm("rcr byte [esi+0x5d], 1");
				return _t9;
			}








                                                                            0x00419e8b
                                                                            0x00419e91
                                                                            0x00419e93
                                                                            0x00419e96
                                                                            0x00419e9f
                                                                            0x00419ea7
                                                                            0x00419eac
                                                                            0x00419ead
                                                                            0x00419eb0
                                                                            0x00419eb5
                                                                            0x00419eb6
                                                                            0x00419eb9

                                                                            APIs
                                                                            • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: bc489dbdcee63b287931ad088dca9d4b1fc670f3e2d308664d81b19a07bcb7d3
                                                                            • Instruction ID: e88bf5a89d87d46d0b7fa85e75fcf4985f2a4a7ca98cc2733f79dbb698dc5ad4
                                                                            • Opcode Fuzzy Hash: bc489dbdcee63b287931ad088dca9d4b1fc670f3e2d308664d81b19a07bcb7d3
                                                                            • Instruction Fuzzy Hash: BCE0C2752002046BD710EB98CC84EDB3B28EF44320F05464ABA1DAF381C530E510C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 65%
                                                                            			E00419E90(void* __esi, intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t10;
				void* _t11;
				void* _t15;
				void* _t16;

				_t15 = _t16;
				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_a4, _t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t10 = _a8;
				_push(_t15);
				_push(es);
				_t8 = NtClose(_t10);
				asm("rcr byte [esi+0x5d], 1");
				return _t8;
			}








                                                                            0x00419e91
                                                                            0x00419e93
                                                                            0x00419e96
                                                                            0x00419e9f
                                                                            0x00419ea7
                                                                            0x00419eac
                                                                            0x00419ead
                                                                            0x00419eb0
                                                                            0x00419eb5
                                                                            0x00419eb6
                                                                            0x00419eb9

                                                                            APIs
                                                                            • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                            • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                            • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B396E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 5b1aef52c8948a3279341c9a50c6343d62447cffd393d7ed1a001eb0a3d69567
                                                                            • Instruction ID: a3e5de7bce38ffcfba87b98b438bcaddd15cbc8711e9c073208946ffc40114ce
                                                                            • Opcode Fuzzy Hash: 5b1aef52c8948a3279341c9a50c6343d62447cffd393d7ed1a001eb0a3d69567
                                                                            • Instruction Fuzzy Hash: AC90027230108812D2106159844474A0045D7D0341F55C465A4414698E86D589A1B161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 4f390c51f3607b50f453239bfda98f93bd68ba1a813b360d0e71f060924ef88e
                                                                            • Instruction ID: 2ccffe05b20781e40bc2dbcc1c4e3711b80d9aea51ea9803c36be0ff10fe18ac
                                                                            • Opcode Fuzzy Hash: 4f390c51f3607b50f453239bfda98f93bd68ba1a813b360d0e71f060924ef88e
                                                                            • Instruction Fuzzy Hash: F990027230100812D2807159444464A0045D7D1341F91C069A0015694ECA558B69B7E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 8f39c31ffbc31beb1f688bc67f58a4e5d033b2cbce1852c0ec6e7f18591b287b
                                                                            • Instruction ID: f62e71e55d3d8c14b7b5c19f94e19fc52319cc9dea5462978b00bec459d57995
                                                                            • Opcode Fuzzy Hash: 8f39c31ffbc31beb1f688bc67f58a4e5d033b2cbce1852c0ec6e7f18591b287b
                                                                            • Instruction Fuzzy Hash: 4490027230100423D211615945447070049D7D0381F91C466A0414598E96968A62F161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 95%
                                                                            			E00409A90(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t24;
				signed int _t31;
				signed int _t33;
				void* _t34;
				signed int _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041B810( &_v284, 0x104);
						E0041BE80( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DC0(_t39, _t50, _t52, E00414D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							__eflags = _t31;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							__eflags = _t50 - 0x62;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							L8:
							_t33 = E004080C0( &_v24,  &_v840);
							_t55 = _t56 + 8;
							__eflags = _t33;
							if(__eflags != 0) {
								goto L9;
							}
							goto L10;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						_t10 = _t52 + 0x474;
						 *_t10 =  *(_t52 + 0x474) ^  *_t9;
						__eflags =  *_t10;
						_t39 = 1;
						goto L8;
						L9:
						__eflags = _t39;
					} while (__eflags == 0);
					L10:
					_t34 = E00408140(__eflags, _t52,  &_v24); // executed
					__eflags = _t39;
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						_t16 = _t52 + 0x55c;
						 *_t16 =  *(_t52 + 0x55c) + 0xffffffba;
						__eflags =  *_t16;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					_t21 = _t52 + 0x32;
					 *_t21 =  *(_t52 + 0x32) +  *_t20 + 1;
					__eflags =  *_t21;
					return 1;
				} else {
					return _t24;
				}
			}






















                                                                            0x00409a9b
                                                                            0x00409aa3
                                                                            0x00409aa5
                                                                            0x00409aaa
                                                                            0x00409aaf
                                                                            0x00409ac2
                                                                            0x00409ac7
                                                                            0x00409ad0
                                                                            0x00409adc
                                                                            0x00409aef
                                                                            0x00409af4
                                                                            0x00409af7
                                                                            0x00409b00
                                                                            0x00409b12
                                                                            0x00409b17
                                                                            0x00409b1a
                                                                            0x00409b1c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00409b1e
                                                                            0x00409b1f
                                                                            0x00409b22
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00409b24
                                                                            0x00409b31
                                                                            0x00409b3c
                                                                            0x00409b41
                                                                            0x00409b44
                                                                            0x00409b46
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00409b46
                                                                            0x00409b26
                                                                            0x00409b29
                                                                            0x00409b29
                                                                            0x00409b29
                                                                            0x00409b2f
                                                                            0x00000000
                                                                            0x00409b48
                                                                            0x00409b48
                                                                            0x00409b48
                                                                            0x00409b4c
                                                                            0x00409b51
                                                                            0x00409b5a
                                                                            0x00409b5c
                                                                            0x00409b5e
                                                                            0x00409b64
                                                                            0x00409b68
                                                                            0x00409b6b
                                                                            0x00409b6b
                                                                            0x00409b6b
                                                                            0x00409b6b
                                                                            0x00409b72
                                                                            0x00409b75
                                                                            0x00409b7a
                                                                            0x00409b7a
                                                                            0x00409b7a
                                                                            0x00409b87
                                                                            0x00409ab6
                                                                            0x00409ab6
                                                                            0x00409ab6

                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: efcf0ab6665c7b0157fd04bcb744907f430064515781423b38bce05023b8fb6d
                                                                            • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                                                            • Opcode Fuzzy Hash: efcf0ab6665c7b0157fd04bcb744907f430064515781423b38bce05023b8fb6d
                                                                            • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A062, Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 58%
                                                                            			E0041A062(void* __ebx, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t21;
				void* _t22;

				_t22 = _t21 + __ebx;
				asm("sbb [ebp+0x1], dl");
				asm("sbb dl, [es:ebp+edx*2-0x75]");
				_push(_t22);
				_t7 = _a4;
				_t3 = _t7 + 0xc74; // 0xc74
				E0041A960(_a4, 0xc5090173, _a4, _t3,  *((intOrPtr*)(_t7 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}






                                                                            0x0041a062
                                                                            0x0041a064
                                                                            0x0041a06d
                                                                            0x0041a070
                                                                            0x0041a073
                                                                            0x0041a07f
                                                                            0x0041a087
                                                                            0x0041a09d
                                                                            0x0041a0a1

                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: e3c4fccbc22d6770613f576f581199c9142d242031d1cdb3ce23b22906e0141d
                                                                            • Instruction ID: 58fce22880ef83a00f9a9d96d3b8db8d7d78fc2b8f9b9a37fd9d07fa734fb183
                                                                            • Opcode Fuzzy Hash: e3c4fccbc22d6770613f576f581199c9142d242031d1cdb3ce23b22906e0141d
                                                                            • Instruction Fuzzy Hash: DFF0EDB52142086FCB24DF75CC84EEB3B29EF88320F198158FC8D97281C131EA15CAA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A960(_a4, _t15, _a4, _t3,  *((intOrPtr*)(_t7 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                            0x0041a07f
                                                                            0x0041a087
                                                                            0x0041a09d
                                                                            0x0041a0a1

                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                            • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                            • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0041A030(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041A960(_a4, _t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_t7 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                            0x0041a047
                                                                            0x0041a05d
                                                                            0x0041a061

                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                            • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                            • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B3967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 1b4879db4274f3171cef31fbd5744ca80e2e1c6ef837a6ecac4242be94a49109
                                                                            • Instruction ID: dfe5502e60f3d25e7dabb76d08adab7f574915ef45c7bec785732c87c6220f4d
                                                                            • Opcode Fuzzy Hash: 1b4879db4274f3171cef31fbd5744ca80e2e1c6ef837a6ecac4242be94a49109
                                                                            • Instruction Fuzzy Hash: 89B09B729064C5D5D711D76046087177944F7D0741F26C0A5D1020681B4778D591F5B5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 00BAB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00BAB323
                                                                            • write to, xrefs: 00BAB4A6
                                                                            • <unknown>, xrefs: 00BAB27E, 00BAB2D1, 00BAB350, 00BAB399, 00BAB417, 00BAB48E
                                                                            • Go determine why that thread has not released the critical section., xrefs: 00BAB3C5
                                                                            • an invalid address, %p, xrefs: 00BAB4CF
                                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00BAB2DC
                                                                            • This failed because of error %Ix., xrefs: 00BAB446
                                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00BAB305
                                                                            • *** then kb to get the faulting stack, xrefs: 00BAB51C
                                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00BAB314
                                                                            • *** Inpage error in %ws:%s, xrefs: 00BAB418
                                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 00BAB352
                                                                            • The critical section is owned by thread %p., xrefs: 00BAB3B9
                                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00BAB38F
                                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00BAB47D
                                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 00BAB48F
                                                                            • a NULL pointer, xrefs: 00BAB4E0
                                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00BAB39B
                                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00BAB3D6
                                                                            • read from, xrefs: 00BAB4AD, 00BAB4B2
                                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00BAB484
                                                                            • The resource is owned exclusively by thread %p, xrefs: 00BAB374
                                                                            • The resource is owned shared by %d threads, xrefs: 00BAB37E
                                                                            • *** enter .cxr %p for the context, xrefs: 00BAB50D
                                                                            • *** enter .exr %p for the exception record, xrefs: 00BAB4F1
                                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00BAB476
                                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00BAB53F
                                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00BAB2F3
                                                                            • The instruction at %p tried to %s , xrefs: 00BAB4B6
                                                                            • The instruction at %p referenced memory at %p., xrefs: 00BAB432
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                            • API String ID: 0-108210295
                                                                            • Opcode ID: ebc84babbb4d16e35a405a4a3a86106219356561d5011902f11a98a5baae1853
                                                                            • Instruction ID: 3b2e619e78a45a478071066a5a91e1fa3a87196a4a68258015f8993e02767122
                                                                            • Opcode Fuzzy Hash: ebc84babbb4d16e35a405a4a3a86106219356561d5011902f11a98a5baae1853
                                                                            • Instruction Fuzzy Hash: 59811339A04210FFCB21AA168C86E7B3BA6EF5BB51F0184C4F4152B263D7618D51DBB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2C9BF, Relevance: 14.2, Strings: 11, Instructions: 412COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00B6AA1A
                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00B6AC2C
                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00B6AAC8
                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00B6AC0A
                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00B6AA11
                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00B6AB0E
                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 00B6AC27
                                                                            • @, xrefs: 00B6ABA3
                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00B6AAA0
                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00B6ABF3
                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00B6A8EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                            • API String ID: 0-4009184096
                                                                            • Opcode ID: a592516facdb1be0fc75ceef1f1c373b4e0d5918a2e3de80de1374647ad56a33
                                                                            • Instruction ID: e818a0517e8b5f44dafef5c8d8e3bc8dff0242abc9af04f26f9a5be2c4695616
                                                                            • Opcode Fuzzy Hash: a592516facdb1be0fc75ceef1f1c373b4e0d5918a2e3de80de1374647ad56a33
                                                                            • Instruction Fuzzy Hash: 12026CB1D006289BDF319B14DD81BAEB7F8EB44704F5041DAA60DB7282DB749E84CF99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB4496, Relevance: 10.4, Strings: 8, Instructions: 417COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                            • API String ID: 0-1357697941
                                                                            • Opcode ID: cb2f6f81aa2416d8f371cff7b100069e405a8c93db03f714942be9ea1bffe927
                                                                            • Instruction ID: 43ad1afb4b8020f091bee5d6b95957bb1ddda3871f4606a1e564d54b87a3339f
                                                                            • Opcode Fuzzy Hash: cb2f6f81aa2416d8f371cff7b100069e405a8c93db03f714942be9ea1bffe927
                                                                            • Instruction Fuzzy Hash: B4F13431610649EFCB25CFA9C490BFAB7F5FF09300F1485AAF08697292CBB0A945CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB31DC, Relevance: 10.2, Strings: 8, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                            • API String ID: 0-2224505338
                                                                            • Opcode ID: b6fa3a0d0f31e459ba275a590e1afbbfb54c715678064130c68459552cdbdb0a
                                                                            • Instruction ID: 17377fb602ffdd8cfc8b5e99671d2c02958e6ebf5545e25fca20ca17ce5ff36f
                                                                            • Opcode Fuzzy Hash: b6fa3a0d0f31e459ba275a590e1afbbfb54c715678064130c68459552cdbdb0a
                                                                            • Instruction Fuzzy Hash: D351D532251288EFC711DBD4C995EBAB3F4FB08F60F1585AAF506AB352C7B09E40C625
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B278A0, Relevance: 8.5, Strings: 6, Instructions: 989COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$MUI$R$T${
                                                                            • API String ID: 0-2515562510
                                                                            • Opcode ID: 9a275efbdb82fc0c7833738ee568d6632be61c0e5d1d6bdd1788475adcf68cfa
                                                                            • Instruction ID: 84a9b16829a3480d751c0dfa51010a56118b99b8dbb9d56051868d87be7dcb02
                                                                            • Opcode Fuzzy Hash: 9a275efbdb82fc0c7833738ee568d6632be61c0e5d1d6bdd1788475adcf68cfa
                                                                            • Instruction Fuzzy Hash: 96922770E08228CFDB24CFA4D890BAEBBF5FF45304F148299E859AB295DB349D41CB55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1A309, Relevance: 8.2, Strings: 6, Instructions: 687COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-523794902
                                                                            • Opcode ID: 64e4af7425df3ceaf45fd5671caa1879cfdb7786a86d44ee8bf1c5d9aad2afba
                                                                            • Instruction ID: 02c89e84318126e931449f73be52a04adb37397ed8a7ad36a6538f7cef0a65bb
                                                                            • Opcode Fuzzy Hash: 64e4af7425df3ceaf45fd5671caa1879cfdb7786a86d44ee8bf1c5d9aad2afba
                                                                            • Instruction Fuzzy Hash: 5442D0306097819FD715DF28C494BAABBE5FF88304F5849ADF4868B352D738E981CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2C63D, Relevance: 7.6, Strings: 6, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlGetAssemblyStorageRoot, xrefs: 00B6A768, 00B6A7A2, 00B6A7C2
                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00B6A7A7
                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00B6A7C7
                                                                            • SXS: %s() passed the empty activation context, xrefs: 00B6A76D
                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00B6A788
                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00B6A780
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                            • API String ID: 0-861424205
                                                                            • Opcode ID: 304ee9ff7720bd3cfbd52a8daea8d24fa31969888e82016945af5eb3146ec60d
                                                                            • Instruction ID: c25a31bf6467c011eb80df8ac9907f8304f4b63c8327de9e55dc349424956396
                                                                            • Opcode Fuzzy Hash: 304ee9ff7720bd3cfbd52a8daea8d24fa31969888e82016945af5eb3146ec60d
                                                                            • Instruction Fuzzy Hash: 5A312876B40225BBEB219A969C82F6E7BFDEF51B50F0441D5F90577280D6709E00CBE2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B12430, Relevance: 6.7, Strings: 5, Instructions: 461COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                            • API String ID: 0-3393094623
                                                                            • Opcode ID: 910a69ae97b4eb37ba52bffab1950df63d163cf881d2d17f1cea6509dcb22755
                                                                            • Instruction ID: ea78ccd00b98a3217456664a7bc7fcc436d29e830512b7345dcfb4225783713a
                                                                            • Opcode Fuzzy Hash: 910a69ae97b4eb37ba52bffab1950df63d163cf881d2d17f1cea6509dcb22755
                                                                            • Instruction Fuzzy Hash: FC028C715083518BD734CF24C080BABB7E5FF99700F944AAEE99997290E770DD98CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B864B5, Relevance: 6.4, Strings: 5, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Item:$ Language:$ Name:$SR - $Type:
                                                                            • API String ID: 0-3082644519
                                                                            • Opcode ID: 9eb5e707f62e884b2d0c6e2ccd1192dcc760e532142139f8064671591ac0e595
                                                                            • Instruction ID: 31b89bd80fe562939e4f26962656c1d2c204c37f26faa6236129811e5b26be39
                                                                            • Opcode Fuzzy Hash: 9eb5e707f62e884b2d0c6e2ccd1192dcc760e532142139f8064671591ac0e595
                                                                            • Instruction Fuzzy Hash: 63419371A0026C6BCB21EB65CC99BEAB7FCEF45304F1401D5A448A7255DF349E84CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF40E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                            • API String ID: 0-188067316
                                                                            • Opcode ID: 2afb8655ab08e407d4f8e9494026ac8980ae9ad3b9d3ed6481d2b6c0e6bf30d7
                                                                            • Instruction ID: 79c81c1f321fc72561951012e2f42355326a932f08c3ccb4fdd84f3177416a13
                                                                            • Opcode Fuzzy Hash: 2afb8655ab08e407d4f8e9494026ac8980ae9ad3b9d3ed6481d2b6c0e6bf30d7
                                                                            • Instruction Fuzzy Hash: EC014C32121284AED329E7A8E55EF6277F4EB00B71F2944ABF6054B791CBA49844C128
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B15600, Relevance: 6.2, Strings: 3, Instructions: 2418COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                            • API String ID: 0-3178619729
                                                                            • Opcode ID: ac5894eca2a222490ccf198e1234d8e93aaa4289b106204d15ae05534cb837b1
                                                                            • Instruction ID: 2a9af3771794eb9785b425c1c6a841f2d7cbfe1b701145a745523289cefdf221
                                                                            • Opcode Fuzzy Hash: ac5894eca2a222490ccf198e1234d8e93aaa4289b106204d15ae05534cb837b1
                                                                            • Instruction Fuzzy Hash: 0D236B70A00655DFDB28CF68C480BE9B7F1FF49304F6481E9E859AB385D735A986CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B206C0, Relevance: 5.9, Strings: 4, Instructions: 901COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 2994545307-3570731704
                                                                            • Opcode ID: a2bfc02e7fec84c93cba3f89148f51d7914c799a2a9a12f66684fbbaf0a2308b
                                                                            • Instruction ID: b0cbfa1d1b6f163ad17b51a6d2d7a864895fbfb5dd1e7e556059515141239c79
                                                                            • Opcode Fuzzy Hash: a2bfc02e7fec84c93cba3f89148f51d7914c799a2a9a12f66684fbbaf0a2308b
                                                                            • Instruction Fuzzy Hash: E9823571A11668CFEB24DB18D890BA9B7F5FF45300F1581EAE84DAB292D7349E80CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2701D, Relevance: 5.6, Strings: 4, Instructions: 569COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                            • API String ID: 0-3266796247
                                                                            • Opcode ID: cd8ae2ad4b4a72c998fa2a9523f5b27b5a8eb76a66e473d0dffe9634e0ba698e
                                                                            • Instruction ID: 24c2adaada8ed4d89ebc6e46af7826bb7969bf15b35134328cb0469abaf3a6a8
                                                                            • Opcode Fuzzy Hash: cd8ae2ad4b4a72c998fa2a9523f5b27b5a8eb76a66e473d0dffe9634e0ba698e
                                                                            • Instruction Fuzzy Hash: 2B32AD31A882698BDF26CF14D884BE9B7F5EF55340F2041EAE84DA7251DB349E81DF48
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1A830, Relevance: 5.4, Strings: 4, Instructions: 350COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • HEAP[%wZ]: , xrefs: 00B622D7, 00B623E7
                                                                            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00B622F3
                                                                            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00B62403
                                                                            • HEAP: , xrefs: 00B622E6, 00B623F6
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                            • API String ID: 0-1657114761
                                                                            • Opcode ID: 1788455467e2d81fcdf4ce313f3fdb17d68d63b538f4db8e9843e8d89ede6c9a
                                                                            • Instruction ID: 500f5dd9837eaff018710b1ca90a99db28273e99c54f9526f1ef1c7bb846447c
                                                                            • Opcode Fuzzy Hash: 1788455467e2d81fcdf4ce313f3fdb17d68d63b538f4db8e9843e8d89ede6c9a
                                                                            • Instruction Fuzzy Hash: 1AD1D230A016459FDB18CF68C590BBAB7F1FF48300F6585A9E85A9B742E734BD81CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2C707, Relevance: 5.3, Strings: 4, Instructions: 251COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00B6A7E1, 00B6A8B9
                                                                            • SXS: %s() passed the empty activation context, xrefs: 00B6A7E6
                                                                            • .Local, xrefs: 00B2C9A4
                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00B6A8BE
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                            • API String ID: 0-1239276146
                                                                            • Opcode ID: 1089a275baa91628508ee9f414cad70385f31e52983a67e1aadf5d7717046c85
                                                                            • Instruction ID: 6e28baa25b4bac3033384ba2a0e237c6fd6f4f20381963b9559fadf88c1d4873
                                                                            • Opcode Fuzzy Hash: 1089a275baa91628508ee9f414cad70385f31e52983a67e1aadf5d7717046c85
                                                                            • Instruction Fuzzy Hash: 89A19E35940229DBDB24CF54EC84BA9B7F5FF58314F2441EAE809AB251D7349E81CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B27620, Relevance: 5.2, Strings: 4, Instructions: 220COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit$MUI${
                                                                            • API String ID: 0-3203766739
                                                                            • Opcode ID: 2da54f7defb024fb450f845e3960b010996b84138127b329318782ada2802b6c
                                                                            • Instruction ID: f3a9f127f6b634583a1c57da250058fadf4ff7735da9f1920220d128b90735aa
                                                                            • Opcode Fuzzy Hash: 2da54f7defb024fb450f845e3960b010996b84138127b329318782ada2802b6c
                                                                            • Instruction Fuzzy Hash: 0B81D231948269CBDB21CF54D894BAE77F1FF05314F2442D5E819AB2A0DB789E80CB99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1D1EF, Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00B6344A
                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00B634D0
                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00B63513
                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00B6348D
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                            • API String ID: 0-1468400865
                                                                            • Opcode ID: d3f5eca9155474e60a7b2aa41cc6964d03107d07555a0e6050ac3b98ed83820b
                                                                            • Instruction ID: 5703c1f516044cf3d5773c772457214617d235b2c938db023edc31cc689aece8
                                                                            • Opcode Fuzzy Hash: d3f5eca9155474e60a7b2aa41cc6964d03107d07555a0e6050ac3b98ed83820b
                                                                            • Instruction Fuzzy Hash: 7E71CEB1904304AFCB20DF54C885B9B7BE8EF55750F9049A8F9598B283D734D988DBD2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1A229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                            • API String ID: 2994545307-2586055223
                                                                            • Opcode ID: 9a3881ebc8f2d3969ee475f76f7cf7d96d46e417fd0bbff1dd5ac6313679c619
                                                                            • Instruction ID: d9ba7fcab1d1f8f8af6f0c53846f52bee68b343aef0afc5ab3807d0c25b12baf
                                                                            • Opcode Fuzzy Hash: 9a3881ebc8f2d3969ee475f76f7cf7d96d46e417fd0bbff1dd5ac6313679c619
                                                                            • Instruction Fuzzy Hash: C951F371205680AFD722DB68C845FA777F8FF80B50F1809A4F5558B292DB78E940CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF751A, Relevance: 5.1, Strings: 4, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                            • API String ID: 0-1391187441
                                                                            • Opcode ID: 3a916c27bad923b411bfb0167b0dd034d4d654325599bae383f98cb7341ebe1d
                                                                            • Instruction ID: a3c4acd118af9050d221b09551b5da28724165ac8de255561796098300e0685d
                                                                            • Opcode Fuzzy Hash: 3a916c27bad923b411bfb0167b0dd034d4d654325599bae383f98cb7341ebe1d
                                                                            • Instruction Fuzzy Hash: 7C31F232A01218AFDB11DBD5C885FAEB7F8FF08720F2481A5F905A7291D770ED40CA60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB3518, Relevance: 5.1, Strings: 4, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                                                            • API String ID: 0-4256168463
                                                                            • Opcode ID: c68e9b6629aa64ef5990f701ffb4e7ceec0ac94b67470c9873396739313987d6
                                                                            • Instruction ID: 7c90822f139967c75ea0265081d796a33c9a4a9946bcdde7a1382743ca2d5dce
                                                                            • Opcode Fuzzy Hash: c68e9b6629aa64ef5990f701ffb4e7ceec0ac94b67470c9873396739313987d6
                                                                            • Instruction Fuzzy Hash: 59012632120204AFC730EBA8C585BF673F8EB55B10F008896F4069B392DBB0EE44C664
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1B477, Relevance: 4.2, Strings: 3, Instructions: 405COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-4253913091
                                                                            • Opcode ID: ae6a9bae6e9b2f7d8bcad937c8f5f14e27f2eb7c17fc168816c289ef4da1dc5b
                                                                            • Instruction ID: d81242df883504459527bc8b5e01dec434a690ed1bd5ab53b84c7e6ae6bb03b0
                                                                            • Opcode Fuzzy Hash: ae6a9bae6e9b2f7d8bcad937c8f5f14e27f2eb7c17fc168816c289ef4da1dc5b
                                                                            • Instruction Fuzzy Hash: D1E17970A006459FEB19CF68C895FBAB7F6FB58300F2481A9E4169B391D774ED81CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B062A0, Relevance: 4.0, Strings: 3, Instructions: 291COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                            • API String ID: 0-1145731471
                                                                            • Opcode ID: d3393c03f8666e2fbb8790af880d15622cfa10b4ef49f55df5f70ac3fe2fd0f3
                                                                            • Instruction ID: 69ac72aa5cf4480b9a94e625c2f02e3bf6845368196bdd1ebf2c96a46fc6aca7
                                                                            • Opcode Fuzzy Hash: d3393c03f8666e2fbb8790af880d15622cfa10b4ef49f55df5f70ac3fe2fd0f3
                                                                            • Instruction Fuzzy Hash: ADB18B71A006199BDF25CB68D981BADBBF5AF54314F1881EAE811EB2D4D730EC60CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B08794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00B59C18
                                                                            • LdrpDoPostSnapWork, xrefs: 00B59C1E
                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 00B59C28
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                            • API String ID: 0-1948996284
                                                                            • Opcode ID: 8a5754f3d97dbf651646aa68f46bf57f2d8970c76e6652e9154a36912449d45e
                                                                            • Instruction ID: ec4d7e227f024a7a3878d53dd91aa310d95744e15ea552af3abc8ab6da1e89ab
                                                                            • Opcode Fuzzy Hash: 8a5754f3d97dbf651646aa68f46bf57f2d8970c76e6652e9154a36912449d45e
                                                                            • Instruction Fuzzy Hash: FF91C371A00716DBDF18DF59C481ABA7BF5FF44315B5481E9E885AB291DF30AE01CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF8239, Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                            • API String ID: 0-2779062949
                                                                            • Opcode ID: e91bd251a90da8967ea4143ef90cc9f5f56db50ea5620837155fa6c0b61f9001
                                                                            • Instruction ID: bd5c01839a8a258c48f63397266048801d5c7bb2660dff6109df9aeb3044d449
                                                                            • Opcode Fuzzy Hash: e91bd251a90da8967ea4143ef90cc9f5f56db50ea5620837155fa6c0b61f9001
                                                                            • Instruction Fuzzy Hash: 60A15A319016299BDF31DF64CC89BAAB7F8EF45711F1401EAE908A7250DB75AE88CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1B73D, Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-1334570610
                                                                            • Opcode ID: a5d17b752a6b66376368ecef57291dd81be1c074fd823f1389b2b9b2f54f3084
                                                                            • Instruction ID: eee5498e3bbfd12511452ffc68fdee4c5d08cc643fd0333ccc5f931ea0543def
                                                                            • Opcode Fuzzy Hash: a5d17b752a6b66376368ecef57291dd81be1c074fd823f1389b2b9b2f54f3084
                                                                            • Instruction Fuzzy Hash: 7C61B070600645DFDB28DF28C585BAABBE5FF44704F6485AEE8498F292D770EC81CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BA23E3, Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • HEAP[%wZ]: , xrefs: 00BA254F
                                                                            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 00BA256F
                                                                            • HEAP: , xrefs: 00BA255C
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                            • API String ID: 0-3815128232
                                                                            • Opcode ID: c103a470c21c08f7a9a440f0fb3cae39eb5ddefb9bf88dfafe6afc091278a4a5
                                                                            • Instruction ID: be93dd700a2bb64a2d22e34dd79de8829855aa9978649630d77479aa2fe0bd36
                                                                            • Opcode Fuzzy Hash: c103a470c21c08f7a9a440f0fb3cae39eb5ddefb9bf88dfafe6afc091278a4a5
                                                                            • Instruction Fuzzy Hash: 595125341082608AE734CF2EC89577277E1EB5E744F6448DAE9C68B381DB35DC46EB20
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00AFE68C
                                                                            • @, xrefs: 00AFE6C0
                                                                            • InstallLanguageFallback, xrefs: 00AFE6DB
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                            • API String ID: 0-1757540487
                                                                            • Opcode ID: c88ad38854cca0bc3ae0de89af6ce590fd7a21da741d0a39e6da2553d8ab57ce
                                                                            • Instruction ID: b3ea1579d69de7da6ca45fd70b8b971226dbbfc641d368cb0a5dc38151aafe70
                                                                            • Opcode Fuzzy Hash: c88ad38854cca0bc3ae0de89af6ce590fd7a21da741d0a39e6da2553d8ab57ce
                                                                            • Instruction Fuzzy Hash: 57518D725083459BC724DF64C450BBBB3E8EF88716F1509AEFA8597250FB34DD4887A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1B8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-2558761708
                                                                            • Opcode ID: 4bd0398415105f6c1946a7160fc7cd3ed36c3eed09d14bbb7704bf8817159738
                                                                            • Instruction ID: a1720b98e7bac811968b97d369287be1a732ab7a407564c25f9aac865ce08f56
                                                                            • Opcode Fuzzy Hash: 4bd0398415105f6c1946a7160fc7cd3ed36c3eed09d14bbb7704bf8817159738
                                                                            • Instruction Fuzzy Hash: 0211EE313155019FDB28DB24C495FBAB3E5EB40B60F6481A9F14ACB250DB34D881D655
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B834A0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 00B835C1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: CallFilterFunc@8
                                                                            • String ID: @
                                                                            • API String ID: 4062629308-2766056989
                                                                            • Opcode ID: f7ea702ce85dcb611ecdec3d502b74e3280f86c9c439db7eb6fa418388066a75
                                                                            • Instruction ID: 9bc5f99367204a06f9f096b75387526f58573b299687964cec4150beccf57942
                                                                            • Opcode Fuzzy Hash: f7ea702ce85dcb611ecdec3d502b74e3280f86c9c439db7eb6fa418388066a75
                                                                            • Instruction Fuzzy Hash: F2418071904254EBCB21AF99C941AAEBBF8EF55F00F1441AAF905DB361EB70CA40CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0B62E, Relevance: 2.8, Strings: 2, Instructions: 349COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpLoadResourceFromAlternativeModule, xrefs: 00B5A937
                                                                            • 'LDR: %s(), invalid image format of MUI file , xrefs: 00B5A93C
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 'LDR: %s(), invalid image format of MUI file $LdrpLoadResourceFromAlternativeModule
                                                                            • API String ID: 0-411237641
                                                                            • Opcode ID: 9b679fd4fe76c653e9662a25bc96ad306da1da3c72e89ad14de8b2abe6d1d1b8
                                                                            • Instruction ID: 70226f0758a31571a5a6a2cbb3bd29c39eb17f416ecf1d6a4a173807264628d6
                                                                            • Opcode Fuzzy Hash: 9b679fd4fe76c653e9662a25bc96ad306da1da3c72e89ad14de8b2abe6d1d1b8
                                                                            • Instruction Fuzzy Hash: 40D188316083819FDB25CF24C480F6ABBE9FB88744F1489ADF9959B2A1DB70DD45CB42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BBE539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `$`
                                                                            • API String ID: 0-197956300
                                                                            • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                            • Instruction ID: b485f6157c49d1e47a0891339e9c0592fa0cba1a5e4b78dc78aa82381f1b659d
                                                                            • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                            • Instruction Fuzzy Hash: E7918F316043419FE724CE25C841BABB7E5EF84714F1489ADF9A5CB291EBB4ED04CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B751BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: Legacy$UEFI
                                                                            • API String ID: 2994545307-634100481
                                                                            • Opcode ID: d4b1c991d5588df9d1f115808d8ee581d13405b34e6e027b4f5d5b09a791cc6a
                                                                            • Instruction ID: 22f1f4f6e98ff35af30995d365d5725545c8563292aea9c35410ab286f4e84e0
                                                                            • Opcode Fuzzy Hash: d4b1c991d5588df9d1f115808d8ee581d13405b34e6e027b4f5d5b09a791cc6a
                                                                            • Instruction Fuzzy Hash: 66517071E04A099FDB24DFA8C880AADB7F4FF44740F2580ADE55AEB251D7B09D40CB14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B284E0, Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpResGetMappingSize Enter, xrefs: 00B284FA
                                                                            • LdrpResGetMappingSize Exit, xrefs: 00B2850C
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                                                                            • API String ID: 0-1497657909
                                                                            • Opcode ID: 43d2713fba5a1a655252caccd03746e2fb63cbf6945555e73a41b2be8d3f88ad
                                                                            • Instruction ID: 8dd399f05ba352316f30127cc8ee2fb329f24b80f187f5a645e7868a3e702c10
                                                                            • Opcode Fuzzy Hash: 43d2713fba5a1a655252caccd03746e2fb63cbf6945555e73a41b2be8d3f88ad
                                                                            • Instruction Fuzzy Hash: 6C51C171A01665DFDB11CFA8E880BAE77F5FF24744F144596E805AB291EB78DD40CB20
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF4439, Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0$Flst
                                                                            • API String ID: 0-758220159
                                                                            • Opcode ID: 5cb27113dc11e697179af63ad360d679f03af255dccafbea7110016887d007fa
                                                                            • Instruction ID: fb9eccea393b2c511d6286d9595f38bed51bbfce76256e5744909b6840f64b1e
                                                                            • Opcode Fuzzy Hash: 5cb27113dc11e697179af63ad360d679f03af255dccafbea7110016887d007fa
                                                                            • Instruction Fuzzy Hash: 7E418CB1A00648CFDB24CFD9C480BAEFBF5EF58315F24806EE24AAB645D7719945CB84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B061A7, Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 00B061CE
                                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 00B061DD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                            • API String ID: 0-2876891731
                                                                            • Opcode ID: 0b8cbd4e554d35fe27691a454a8e2def5e436452ac20bed7b8aceb53b7b4d7dc
                                                                            • Instruction ID: 7d752032ac76752a19e30b84f08eb61ce8a0c106cadcff3ae3f1b6ce1856d75c
                                                                            • Opcode Fuzzy Hash: 0b8cbd4e554d35fe27691a454a8e2def5e436452ac20bed7b8aceb53b7b4d7dc
                                                                            • Instruction Fuzzy Hash: 8541AC70A04249DBDB219FA9D884BAA7BF5FF85304F2844E5EC04EB2E1EA35DD50CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2D4B0, Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlpInitializeAssemblyStorageMap, xrefs: 00B6B0B2
                                                                            • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 00B6B0B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                            • API String ID: 0-2653619699
                                                                            • Opcode ID: c6d3c4605eb2f836c19b1d3722b57e4d7c84c341b1b159246c01dc74c6e24550
                                                                            • Instruction ID: 1224cee89bf4d83af98678c9ebd611734090129b18acffe2183f3e84458f109f
                                                                            • Opcode Fuzzy Hash: c6d3c4605eb2f836c19b1d3722b57e4d7c84c341b1b159246c01dc74c6e24550
                                                                            • Instruction Fuzzy Hash: 7D11E972B00224BBE7249A49AD41F6B76F9DB84B14F2480A9BA18DB340E775DD4097A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0C1C0, Relevance: 2.1, Strings: 1, Instructions: 876COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: MUI
                                                                            • API String ID: 0-1339004836
                                                                            • Opcode ID: 1fd0cb6748a047a79d9de2faa4a3758a0e2fa6b476eb91817b1618403cc745c6
                                                                            • Instruction ID: 03007ef6d3586d19a2a5330832a0cfaacdf6359b85c747805f477a4701910ac7
                                                                            • Opcode Fuzzy Hash: 1fd0cb6748a047a79d9de2faa4a3758a0e2fa6b476eb91817b1618403cc745c6
                                                                            • Instruction Fuzzy Hash: 89722B75E00219CBDB24CF68C8807ADBFF1FB48714F2482AAE859AB291D7709D85DF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0D5E0, Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: /i
                                                                            • API String ID: 0-3259200781
                                                                            • Opcode ID: f19f03519a976f5601a7040787cc68af9f3a651aff0bd376773c237ec0a3ca49
                                                                            • Instruction ID: 5eee8522c14d62d886668cbdaf3ab7ee7fb75f3a60fd14cebb2ab9af1794e235
                                                                            • Opcode Fuzzy Hash: f19f03519a976f5601a7040787cc68af9f3a651aff0bd376773c237ec0a3ca49
                                                                            • Instruction Fuzzy Hash: D9E1AE70A007598FDB24CF68C880BAABBF2FF45304F1441E9E909AB2D1DB74AD85CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B22581, Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: PATH
                                                                            • API String ID: 0-1036084923
                                                                            • Opcode ID: 9fddfc9cc89194665aea9dd99ced6a4d6287a0362da891f997b4d2e6da9b6d92
                                                                            • Instruction ID: aab84704010d28eda3fb872ec0ddeaf156fc0bb84cfbc0e1becbbf60f4ab7748
                                                                            • Opcode Fuzzy Hash: 9fddfc9cc89194665aea9dd99ced6a4d6287a0362da891f997b4d2e6da9b6d92
                                                                            • Instruction Fuzzy Hash: 17C16E72D04629ABCB25DF99E881AADB7F1FF48700F5441A9F405EB3A0DB34AD41DB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2D7CA, Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: f9e51fa7ed1cb36f85b7a86adbf40520465290fbffd2fdb35cf32ec65272afcf
                                                                            • Instruction ID: 004dac8d094e86d10e21e5cc363fcd66262d318659c38a29b5a8a2a8e3e314f9
                                                                            • Opcode Fuzzy Hash: f9e51fa7ed1cb36f85b7a86adbf40520465290fbffd2fdb35cf32ec65272afcf
                                                                            • Instruction Fuzzy Hash: EB613971D00229ABDF21DFA5D844BAEBBF4FF85710F2041A9E818B7290D7759E81DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                            • Instruction ID: 7fc93ce4d0affd0c0e3793ef209e9205f715f1fdaf1b41e730a41ac9f16b8a28
                                                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                            • Instruction Fuzzy Hash: 2F519A71104711AFC321CF28C841A6BBBF8FF48710F108A6EF99597290EBB4E954CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B73540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: BinaryHash
                                                                            • API String ID: 0-2202222882
                                                                            • Opcode ID: 78eba14d87b2dfe1e4ef34aa28396146d4ac02c975caf2a4f9b9b6df6832d894
                                                                            • Instruction ID: 7ebb228bfe51aea45362f5f577fe9d8e041540115e41e18fc10023500697612d
                                                                            • Opcode Fuzzy Hash: 78eba14d87b2dfe1e4ef34aa28396146d4ac02c975caf2a4f9b9b6df6832d894
                                                                            • Instruction Fuzzy Hash: 0F4174B1D0052CAADF21DA50CC81FEEB7BCAB44714F1081E5A619AB241DB709F88DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BC05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-2679148245
                                                                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                            • Instruction ID: 158991a919583dbce21714383edd7730fb607a167f941836867d58e7f00d0c64
                                                                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                            • Instruction Fuzzy Hash: BA31F132614305ABE720EF64CC85F9B77D9EB84754F044279F958AB281E770ED14CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B014A9, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #
                                                                            • API String ID: 0-1885708031
                                                                            • Opcode ID: 7214fd34cf6f3db3f10b96e9e4271c303fd579c4ef9ef36f97b02541178c6b54
                                                                            • Instruction ID: 959b00115d509bfb1cf83462de4a9966d404f1c4f877d66e17d864c2b31df8c4
                                                                            • Opcode Fuzzy Hash: 7214fd34cf6f3db3f10b96e9e4271c303fd579c4ef9ef36f97b02541178c6b54
                                                                            • Instruction Fuzzy Hash: 6941BC71A0021A9BCF299F48C890BBEBBF5FFA5701F5045DAE946AB280DB30DD45C791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B24020, Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00B240E8
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                            • API String ID: 0-996340685
                                                                            • Opcode ID: b3ec262e3df4e9b1b1f42d0b66dcba179d00ca9cdcf756e272c458b691fe8c7c
                                                                            • Instruction ID: 7e06f03ba40088d44ebf3f4b5c3b78cf54e05c42e90893a90d436188ff129b74
                                                                            • Opcode Fuzzy Hash: b3ec262e3df4e9b1b1f42d0b66dcba179d00ca9cdcf756e272c458b691fe8c7c
                                                                            • Instruction Fuzzy Hash: 7641C375A007569AC724DFB4D4416E7FBF4EF19300F10486ED6AED3640E334A594CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B73884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: BinaryName
                                                                            • API String ID: 0-215506332
                                                                            • Opcode ID: 8345462fb3887d525c5a96e14abd6a44dc67a8b3d405414f202eeec04887c193
                                                                            • Instruction ID: dca27f66a1833ed61b6e7283f26bf08c64a674541fa001a6ba0761308c14e510
                                                                            • Opcode Fuzzy Hash: 8345462fb3887d525c5a96e14abd6a44dc67a8b3d405414f202eeec04887c193
                                                                            • Instruction Fuzzy Hash: ED31353290151AAFDB15CA58C845DABB7F4EB80B20F11C1A9EA2AA7280D7709F00D7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 0e9809ecabd8a4681b7285a851bba1aea498460f0631744babc1175dfb6e4210
                                                                            • Instruction ID: 7e65cd95c208dfc2952401ad9e88ae3b6cdda2b1d76193893d69c89300b549b5
                                                                            • Opcode Fuzzy Hash: 0e9809ecabd8a4681b7285a851bba1aea498460f0631744babc1175dfb6e4210
                                                                            • Instruction Fuzzy Hash: 9931C2B15483159FC711DF28D8819ABBBE8FB89754F1009AEF998D3250D634DD04CB97
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Actx
                                                                            • API String ID: 0-89312691
                                                                            • Opcode ID: 6a1b3770b9d797fc3786878a0cca0c3b1d556b5c4b9e4892a5ece049f61f46b5
                                                                            • Instruction ID: 161ea5dcefd256e2a5e1a29ded642559c9dee8ee6d0be423d17d54d624b7b9a0
                                                                            • Opcode Fuzzy Hash: 6a1b3770b9d797fc3786878a0cca0c3b1d556b5c4b9e4892a5ece049f61f46b5
                                                                            • Instruction Fuzzy Hash: 66119D397046038BEB244E1D88907B672D6EB96764FB845BAE466CB3E1DB74CCC1C340
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB60F5, Relevance: .6, Instructions: 558COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 51e50755e99fe6232c65285f09627a8cf4397639dfccfcce8e52059ae2f2fe85
                                                                            • Instruction ID: efe33ee45f0fa5f4d6c18188d96f2515f833a1b786e1df87c69238b82eaca9d0
                                                                            • Opcode Fuzzy Hash: 51e50755e99fe6232c65285f09627a8cf4397639dfccfcce8e52059ae2f2fe85
                                                                            • Instruction Fuzzy Hash: 4F228F756046118FDB18CF18C490ABAB3E1FF88314B148AADE996CB391DB74EC46CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B14120, Relevance: .4, Instructions: 444COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 68bc540c9931da8bdc024d5005d4d010054844fe9431c4b9788e69f3e13a61a1
                                                                            • Instruction ID: bdf42eb6a6dcf65955db8c852f755905cd02b0b649d878b319279c03fd7f722a
                                                                            • Opcode Fuzzy Hash: 68bc540c9931da8bdc024d5005d4d010054844fe9431c4b9788e69f3e13a61a1
                                                                            • Instruction Fuzzy Hash: ECF18E705082518BC728CF19C480ABAB7E1FF98714F9449AEF896CB390E734DD95CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B034B1, Relevance: .4, Instructions: 424COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 96c2f874d3dc5b4d9421a7b36a81a3dd36c3f429a932a27a4c5ea318a08f9dc6
                                                                            • Instruction ID: 6832c9cd7e4a0763d26d3dea716a6218367334f925b81a418f7d286a2ede919a
                                                                            • Opcode Fuzzy Hash: 96c2f874d3dc5b4d9421a7b36a81a3dd36c3f429a932a27a4c5ea318a08f9dc6
                                                                            • Instruction Fuzzy Hash: 4AF150B1E046199BCF15CF95D885AAEBBF9EF48B10F1481E9E905AB380EB34DD41CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B220A0, Relevance: .4, Instructions: 420COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6fef8282d63a88a522c81453c072f86e7e348516f46600b59048cf3965e51184
                                                                            • Instruction ID: 0e18f8ac5ce01c010af0923ed8471fb1604ecea8ad36d0bc9387ac164a933142
                                                                            • Opcode Fuzzy Hash: 6fef8282d63a88a522c81453c072f86e7e348516f46600b59048cf3965e51184
                                                                            • Instruction Fuzzy Hash: 74F11031A08751EFD735CB28D880B6A77E1EF94324F1489ADE899DB290D739DC51CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF6800, Relevance: .4, Instructions: 373COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0ffca300b6c686abc918841fcb5871967fd4feeb9941a8d2f7a03bf1811f9836
                                                                            • Instruction ID: 4381d6fc6ffa0ebab3f1893f458d9d3da24553f436e273e234a0747df45acec0
                                                                            • Opcode Fuzzy Hash: 0ffca300b6c686abc918841fcb5871967fd4feeb9941a8d2f7a03bf1811f9836
                                                                            • Instruction Fuzzy Hash: 9FD1D071A002099BCB14DFA8C881BBA77F4EF08314F1486ADF956DB291E734ED45CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B265A0, Relevance: .4, Instructions: 368COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7b6e482d0927df5420fcd47c5643b13909b85097e843aea2cbe5bf91b9ea409b
                                                                            • Instruction ID: 2c9dba169c8a242c4d1c9b02ca454d6afb7cb76c5d2cffaacf60946977a6ec8c
                                                                            • Opcode Fuzzy Hash: 7b6e482d0927df5420fcd47c5643b13909b85097e843aea2cbe5bf91b9ea409b
                                                                            • Instruction Fuzzy Hash: 42E19F75A00259CFCB18CF59D880AA9B7F1FF58310F2481A9E859EB391D734ED85CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B14670, Relevance: .4, Instructions: 367COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c366c43b6fb8b1872b90747f139604dc9b6c41882b2ab50a88bf5b26d57a9499
                                                                            • Instruction ID: fca0483127d06f49f88e6409b0e863194be71b849012f439c328a29aa24170e2
                                                                            • Opcode Fuzzy Hash: c366c43b6fb8b1872b90747f139604dc9b6c41882b2ab50a88bf5b26d57a9499
                                                                            • Instruction Fuzzy Hash: 84E1AC70A002499FCB19CF58C884BAEBBF2EF85314F6480E9D815AB390D734EE85CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF88E0, Relevance: .3, Instructions: 346COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2049068cf63646fc497d381c49d313ea06540129b0e26160465acbce504530ac
                                                                            • Instruction ID: e7159adfa4bc0578bad9f7babf5b05b64af449a03b3a71dabd58927385f010d1
                                                                            • Opcode Fuzzy Hash: 2049068cf63646fc497d381c49d313ea06540129b0e26160465acbce504530ac
                                                                            • Instruction Fuzzy Hash: 59D1EC7260460AAFC711DF64C981BAAB7F8FF48740F1045A8F5899B3A1CB78ED41CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1B236, Relevance: .3, Instructions: 305COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                            • Instruction ID: c15ecd3b666e809f57a8703fa1e2589683389d2fcc27373bf2b85f3357f40195
                                                                            • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                            • Instruction Fuzzy Hash: ABB1BF31B00A099BDB15CBA9C891FBEBBF5EF84300F6441E9E55197382D7349D81CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0849B, Relevance: .3, Instructions: 290COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 51815e5d17ce8ff3c057acd3b5ac71dfc7a250f185565c3a8d2d59781871cddc
                                                                            • Instruction ID: 920615e58181ee81db89d90fa7135b89a69ed3b65c01a60d513b8fb708dcc5e9
                                                                            • Opcode Fuzzy Hash: 51815e5d17ce8ff3c057acd3b5ac71dfc7a250f185565c3a8d2d59781871cddc
                                                                            • Instruction Fuzzy Hash: 62B16B70E04249DFDB15DFA8D980AADBBF5FF48304F2041A9E405AB395DB71AE45CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0161A, Relevance: .3, Instructions: 288COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f6f0da3377f9823a7eb232e7ce826043c4cb660893b1b56b8d4d25e20a8d15fc
                                                                            • Instruction ID: d04a20012edf224ca82322c740b74b42508e7b6e0a780085393a26540cac4c4c
                                                                            • Opcode Fuzzy Hash: f6f0da3377f9823a7eb232e7ce826043c4cb660893b1b56b8d4d25e20a8d15fc
                                                                            • Instruction Fuzzy Hash: 47A13971900215AFDB26DF68CC82FAA7BF9EB49711F5144D4F900AB2A1DB749C51CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B237EB, Relevance: .3, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d759113d61a26e79989b381a22d4411b00c1f36a1e3be3023a999e83ab574ed
                                                                            • Instruction ID: 5206dcec2cec162ef9c851cbe697d20ac033a3e44b6e82026cadaf1a2fdff6bf
                                                                            • Opcode Fuzzy Hash: 2d759113d61a26e79989b381a22d4411b00c1f36a1e3be3023a999e83ab574ed
                                                                            • Instruction Fuzzy Hash: 0EB15AB1900619DFCB15DF99D980BADBBF5FB49700F1441AEE50AAB361DB38AA01CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2513A, Relevance: .3, Instructions: 258COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 31676f71cb97affebecdc4378797cfc5789d334635cc7964fb372110cc748293
                                                                            • Instruction ID: 78123465023b6e74de7c40f2cdd3e043707061e3e77687456c8eff7cac3e832c
                                                                            • Opcode Fuzzy Hash: 31676f71cb97affebecdc4378797cfc5789d334635cc7964fb372110cc748293
                                                                            • Instruction Fuzzy Hash: 3CC110755083808FD364CF28C480A6AFBE1FF88304F144AAEF8999B392D775E845CB42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B203E2, Relevance: .3, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c90389467e9b1d6207d31875ae3542e4f154e6819d23ed634695b4178d907344
                                                                            • Instruction ID: 8052a4c659ed7788ae56979f4bb94e35bf020c5d6071a2ef5d6d70cae60ee6eb
                                                                            • Opcode Fuzzy Hash: c90389467e9b1d6207d31875ae3542e4f154e6819d23ed634695b4178d907344
                                                                            • Instruction Fuzzy Hash: 90912B31E00664AFDB21AB68D885BAE77F4EF05714F1542E1FA24AB3D2DB789D40C781
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFC600, Relevance: .2, Instructions: 225COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 80ffac855f830f5c2494a34d93dbef87505d4cc0a4601cc7285bd5e81a280311
                                                                            • Instruction ID: 2bf6bfe82ca01551165d9befa95fd61fdcf92b8728b13fba1be766c5fa46b38c
                                                                            • Opcode Fuzzy Hash: 80ffac855f830f5c2494a34d93dbef87505d4cc0a4601cc7285bd5e81a280311
                                                                            • Instruction Fuzzy Hash: 6B81A07568C6019BCB25CF54C891A7E73E5FF84358F2848AAFD459B241DB38ED40CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BBB2E8, Relevance: .2, Instructions: 206COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd40af58d8379db385d142a40c98771f57221678d2a13a87adfc4fcf31262ed7
                                                                            • Instruction ID: 08a235606d850a1c38d9e3a543878d23ebc8102e66d72a8cfb1a4fa07278c92b
                                                                            • Opcode Fuzzy Hash: cd40af58d8379db385d142a40c98771f57221678d2a13a87adfc4fcf31262ed7
                                                                            • Instruction Fuzzy Hash: EE719172204750AFC711DF65C8C5EABBBE8EF88744F0445ADF9459B216DBB0D804CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2138B, Relevance: .2, Instructions: 206COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                            • Instruction ID: 8c526bfefd8fc88e6d6ba5bb27c98444e1b5b7c2813100b1dbfa79269575c111
                                                                            • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                            • Instruction Fuzzy Hash: 9181AF71A007459FCB24DF68C485BAABBF5FF58300F1089A9E95AC7751D334EA51CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B197ED, Relevance: .2, Instructions: 202COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 405a8a1738961b58d11418169992d09495736fc8a003f96df7d7605c4c89b285
                                                                            • Instruction ID: 12c7e0c68020e56b2cbd8d30d58ad9202e8e665ee0998ce3097f6ae78d20debe
                                                                            • Opcode Fuzzy Hash: 405a8a1738961b58d11418169992d09495736fc8a003f96df7d7605c4c89b285
                                                                            • Instruction Fuzzy Hash: 3971E1356042919FC311DF28C490BAAB3E4FF85750F5885E9E899CB352DB34ED81CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B8B8D0, Relevance: .2, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4e6d94c5f3ab15040549d42d4a25e1e76128049f1ccdb6407b1339d3c90565d1
                                                                            • Instruction ID: 3e13ff36112e4322c6a5f401c78a35825cddc692fc1080c58cee6ed78b045c10
                                                                            • Opcode Fuzzy Hash: 4e6d94c5f3ab15040549d42d4a25e1e76128049f1ccdb6407b1339d3c90565d1
                                                                            • Instruction Fuzzy Hash: 53710E32240B01EFDB36EF24C881F66B7E5EB40720F2545A8E6558B2B1DBB1E941CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0F370, Relevance: .2, Instructions: 194COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 523b24ec66e303ddb414291b71d147df5f6ef3e32e6e0578ba64bf97e4cda63a
                                                                            • Instruction ID: 89b10f60d9b104faff8773745207c1013fd77b50f2449b77d37986b6ae4dc746
                                                                            • Opcode Fuzzy Hash: 523b24ec66e303ddb414291b71d147df5f6ef3e32e6e0578ba64bf97e4cda63a
                                                                            • Instruction Fuzzy Hash: FB61DB32B042168BCB258F58C8806BEBBF1EF95310B6880F9EC55DB785DB34D946C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB56B6, Relevance: .2, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 834f000e8ee22074905adf0bfdad379bf8ff49317fcf16435bb574b0e31abf51
                                                                            • Instruction ID: 7e410638ccbf6e7d0dffc41f7ede6251ea7abc8772857eb60e55e05467e70c4d
                                                                            • Opcode Fuzzy Hash: 834f000e8ee22074905adf0bfdad379bf8ff49317fcf16435bb574b0e31abf51
                                                                            • Instruction Fuzzy Hash: 91819075A00609DFCB18CF68C880BAABBF1FF58310F1481A9E819DB345DB74EA51CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB171, Relevance: .2, Instructions: 166COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 859a1eb12b769982122034bd6dace8346811934e302961779582ea1fc9b1a1eb
                                                                            • Instruction ID: a785c025a9332f83d5b43905af6447442b53bd0c231a1ba3398cfc5d29bf3028
                                                                            • Opcode Fuzzy Hash: 859a1eb12b769982122034bd6dace8346811934e302961779582ea1fc9b1a1eb
                                                                            • Instruction Fuzzy Hash: 4151CE71D002598EEF218F64C846BAEBBF0EF04719F2042E9EC59AB281D7704D899B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B295EC, Relevance: .2, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 32c1a8e6a09e5bb48d6c069dc5f36142e311fa0212b8e573561f58c1224092c3
                                                                            • Instruction ID: adc00ccc35907b25e88bd338b6476a4b09b7ae5d989631ee2eb259d8b33216f0
                                                                            • Opcode Fuzzy Hash: 32c1a8e6a09e5bb48d6c069dc5f36142e311fa0212b8e573561f58c1224092c3
                                                                            • Instruction Fuzzy Hash: 9D51CE71A0061AEFDB16DF64D885BBEB7F8FF54311F1041A9E41A972A0DB789D10CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF8760, Relevance: .2, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e071a218df035798d556e04d7a041afcbba84b84a005531a9e7e5ff35d1ae27d
                                                                            • Instruction ID: a23d07d32c387206ce86fd1e983159a123fdc9753cbc3ffc6c07468b20499a1f
                                                                            • Opcode Fuzzy Hash: e071a218df035798d556e04d7a041afcbba84b84a005531a9e7e5ff35d1ae27d
                                                                            • Instruction Fuzzy Hash: 4451D232A01648DBDB269B95C950B7A77F5FF90BD0F1844A9FA019B661CA39DD00CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BBB581, Relevance: .2, Instructions: 163COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5bdac51ea684e6497633ed10e6bf41f37160ee4f170a99942aa190626fc0f7d2
                                                                            • Instruction ID: 11fae2c66ebb382bb9ac3e5f089010e4915ccf767de6283e0f6dced54724d6d2
                                                                            • Opcode Fuzzy Hash: 5bdac51ea684e6497633ed10e6bf41f37160ee4f170a99942aa190626fc0f7d2
                                                                            • Instruction Fuzzy Hash: B551A0316047428FD325DF28C9A5FFAB7E0FF80714F1845A9A8468B291EBE4DC45CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF52A5, Relevance: .2, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4c9b962b1ecd812c1fdcd3080b0235ca255a8674481042011b2909fb42eefce4
                                                                            • Instruction ID: 70a59cc347bec9683d7caca068c4a72d10fd746318645935ed3b4856f2514584
                                                                            • Opcode Fuzzy Hash: 4c9b962b1ecd812c1fdcd3080b0235ca255a8674481042011b2909fb42eefce4
                                                                            • Instruction Fuzzy Hash: EB51F031145742ABC321EF68C842B67BBE4FF50710F20499EF99587692EB70EC44CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BBB0C7, Relevance: .2, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 605d2057845feecc0dca306e4ac965de874db8c78a250418bfa8de21a169c40a
                                                                            • Instruction ID: 5d2a61248b41f3cb0c2373f53fb73830e3d501233ce7eed8d059864cd649364f
                                                                            • Opcode Fuzzy Hash: 605d2057845feecc0dca306e4ac965de874db8c78a250418bfa8de21a169c40a
                                                                            • Instruction Fuzzy Hash: 6E51B272A10608ABDB15CF58CC91FFEB7F5EF44310F1485A9E916AB290D7B49A04CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BC740D, Relevance: .1, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                            • Instruction ID: 66c6d754e7602005bdb992421fc1d885e5f97144bdca7a2e3959d97c72b2fdd5
                                                                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                            • Instruction Fuzzy Hash: D2513571640606EFCB15CF14C881E96BBF5FF55304F1581AAE9089F262E771EA86CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF5050, Relevance: .1, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5cc39de2904c6b6aebf2c7a6a853d63480ffa4539876bfeed019048576ccd358
                                                                            • Instruction ID: 6b9c255b4919254e1ab70187bff4d799ebb6923242039a827137eea63621b873
                                                                            • Opcode Fuzzy Hash: 5cc39de2904c6b6aebf2c7a6a853d63480ffa4539876bfeed019048576ccd358
                                                                            • Instruction Fuzzy Hash: F341E6366087129BD320FF68C880B6AB7E4EF44710F104AA9FE955B292DB70EC45C7D9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF1618, Relevance: .1, Instructions: 132COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d5da6465dbb5ef86afbf92f484b660ca6bace1b90e73b3cd6d7027e34441e04
                                                                            • Instruction ID: 3acf1c00b21eec948bc6a4d57a0cf657c6bf6f438143185b1279e16e844c2db9
                                                                            • Opcode Fuzzy Hash: 2d5da6465dbb5ef86afbf92f484b660ca6bace1b90e73b3cd6d7027e34441e04
                                                                            • Instruction Fuzzy Hash: 20419B39A10219DACB14EFE8C440AFEB7B5BF48700F2541AAF919E7250D7359D41CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1F86D, Relevance: .1, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d64bf170a10ec27696b4df2a70415afc37cd178725721818b3b9b65e07ff09d
                                                                            • Instruction ID: 8bd0814dc17409bc57259c590375fed75e7c9b906edc2dcb6dd1e057bb36923d
                                                                            • Opcode Fuzzy Hash: 2d64bf170a10ec27696b4df2a70415afc37cd178725721818b3b9b65e07ff09d
                                                                            • Instruction Fuzzy Hash: 3B419E71A00606EFDB21AFA8C881BFEB6F5EF58754F6401A9E445E7251DB78DC80CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B86365, Relevance: .1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                                                            • Instruction ID: 690e77991ac8a52412aeef988f3cb283eac3d1f972e45e5888968020597215d6
                                                                            • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                                                            • Instruction Fuzzy Hash: DA41CF76A00105EBCB25EF68CC91BAF77B9EF44710F1980A8E9069B3A1D731DE01C7A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF649B, Relevance: .1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c548bd0be273e6df34ddb8ddfe165cf8d577d1c27edca7b0e0485c48ed63c309
                                                                            • Instruction ID: 507942251c653cdaedcdfef41f514b6fb810715d787217f5bef2c68f76212b8e
                                                                            • Opcode Fuzzy Hash: c548bd0be273e6df34ddb8ddfe165cf8d577d1c27edca7b0e0485c48ed63c309
                                                                            • Instruction Fuzzy Hash: 8D418C725083069ED311DF68D941B6BB7E9FF84B54F00096AFA90E7250E730DE098BA3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF9450, Relevance: .1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3fdd712a2fa0cfcb15263e76a605d83d9ed9224d7ed9c5f299158a8fb8885060
                                                                            • Instruction ID: ff63a32d4f3a911910b4e9d338e27f3f8cc4f3d4a7f1954b5297e4eb97d505d7
                                                                            • Opcode Fuzzy Hash: 3fdd712a2fa0cfcb15263e76a605d83d9ed9224d7ed9c5f299158a8fb8885060
                                                                            • Instruction Fuzzy Hash: 28415E31E002199BCB29DE9984807BB73F1EB64B56F2580EAFE458B340D7359F45C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B00100, Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5f1fa48b8ebe8bbfba366901a618c0bd618abac4dbe07e676038b57eabcab580
                                                                            • Instruction ID: 9daae61a26455618ea804332e438a2f59d8f698ba1c1907873ab507e1d218cce
                                                                            • Opcode Fuzzy Hash: 5f1fa48b8ebe8bbfba366901a618c0bd618abac4dbe07e676038b57eabcab580
                                                                            • Instruction Fuzzy Hash: 49417731A55644CFCF51AF68CD907AA7BF0FF24355FA441E5E811BB2A2DB348944CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0B433, Relevance: .1, Instructions: 109COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                                                                            • Instruction ID: d7515b5bf9c26a2e5e48be2e053395ea7ad4eee9241046c54059438dc8f55abf
                                                                            • Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                                                                            • Instruction Fuzzy Hash: 5D41A032600644ABDB119BA8CC84FDEBFE9EF04750F1485E6E455A7392C774AE84CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF5210, Relevance: .1, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ff717d81480de347461592aeb974c931be94c911fdad6f267113dc4aa2311eb7
                                                                            • Instruction ID: e10533581b67843c059a865794515502fb7f1350d6716cad37a80e3d395f08a0
                                                                            • Opcode Fuzzy Hash: ff717d81480de347461592aeb974c931be94c911fdad6f267113dc4aa2311eb7
                                                                            • Instruction Fuzzy Hash: 54311432651A04EBC722ABA8C881BB677F5FF10761F214BA9FE550B1E1DB70EC44D690
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2A61C, Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3de09f6273294548997b2d8931bcb72f35ce32ed25e170cf1f644525661d4600
                                                                            • Instruction ID: fdb16c52f4d7253002d2d3f2412481f1ff6c5cc9c00bdb29222922f9b3e4e874
                                                                            • Opcode Fuzzy Hash: 3de09f6273294548997b2d8931bcb72f35ce32ed25e170cf1f644525661d4600
                                                                            • Instruction Fuzzy Hash: 15416A75A00225DFCB15CF68E890B99BBF1FB49314F1880A9E808AF355C774AD41CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B017B5, Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 094fbf04bb4441335e663feb1588b074b3638a15a289eeb2da0b65c306933ca8
                                                                            • Instruction ID: 5a34693aa57374e328e5579b48017df8c3f6f8fe52b48cc487712c758dee3c63
                                                                            • Opcode Fuzzy Hash: 094fbf04bb4441335e663feb1588b074b3638a15a289eeb2da0b65c306933ca8
                                                                            • Instruction Fuzzy Hash: A7416175A007289FDB25CF68DC81BAABBF5EF45710F1145E9F54CA7280DB309E448B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B77016, Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d15ab989af35000462376230d69b9b64760b928fb0bf7061a5f67358465b241b
                                                                            • Instruction ID: b678727e64cf53777041c1c4c40493e9cc0d21e99c33fdceb466ecfee56d1461
                                                                            • Opcode Fuzzy Hash: d15ab989af35000462376230d69b9b64760b928fb0bf7061a5f67358465b241b
                                                                            • Instruction Fuzzy Hash: BB31A8726087519FC311DF28C941A6AB7F5FF88700F058A69F86997791EB30ED04C7A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1C182, Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                            • Instruction ID: 7e7e5dbc5405ffa8df99e0666464985ee9c5e8057d898ebf52b86081b4a09b65
                                                                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                            • Instruction Fuzzy Hash: 9A312671741546BAD704EBB4C481BEAFBE4FF52340F5441EAE41857242CB386995D7D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF8466, Relevance: .1, Instructions: 102COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 50ec351b8c456ad0de9217c599ae75b8445b29b31deb17abdb353d806f773c36
                                                                            • Instruction ID: b8b39842f942fd45fd561afd6b9af62bafd4a221c029b1349a5da6c53086cb65
                                                                            • Opcode Fuzzy Hash: 50ec351b8c456ad0de9217c599ae75b8445b29b31deb17abdb353d806f773c36
                                                                            • Instruction Fuzzy Hash: 7731D171240616DFCB21DFA9C841B6AFBF8EF10B40F1084A9F6459B251DFB8D940CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B75623, Relevance: .1, Instructions: 99COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ea57ebee8aa4dbfbb04f879b6819bc8b9435dac7fc59a29e94b31c0f61bd2f7d
                                                                            • Instruction ID: f8ea0c72ea2ab9026075086a11fda48be89df56813fbee931e70d7b9e3e06d86
                                                                            • Opcode Fuzzy Hash: ea57ebee8aa4dbfbb04f879b6819bc8b9435dac7fc59a29e94b31c0f61bd2f7d
                                                                            • Instruction Fuzzy Hash: BA318771645F819BE7365768CD89B6437E4EF01764F2843E0E9394B6E2DBA8DC40C210
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B253C5, Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f388c5d0f63f021384a9b7c2473644ea647d3f05984d29705078d8d3a4efe04
                                                                            • Instruction ID: ddab04306438cf8fdd482bc94d38e391e3190b3147470dac8983d69f15931c01
                                                                            • Opcode Fuzzy Hash: 0f388c5d0f63f021384a9b7c2473644ea647d3f05984d29705078d8d3a4efe04
                                                                            • Instruction Fuzzy Hash: E1410630608B558FCB319B74D4517AFBAE2EF11308F1404AED09AAB341DB395945DBB5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF381B, Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c1600f45cb45b523b9e2c08ccd881fe10fb9e42032dcf5218e9525cd56622929
                                                                            • Instruction ID: 403c5720bbcf54b58479f908d45fce44c89113d3ba77d615ca6ece1e9d2efacb
                                                                            • Opcode Fuzzy Hash: c1600f45cb45b523b9e2c08ccd881fe10fb9e42032dcf5218e9525cd56622929
                                                                            • Instruction Fuzzy Hash: D0219372901619AFCB219FA9C841FAABBF8EF05750F1081A5FA14D7291D770DE41CBD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB080, Relevance: .1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 16c98109714031d364d38efe0870adddc85e8429dbafe480884f65a36ce83ba6
                                                                            • Instruction ID: de3abb6d492bb74223e78d19f3823b4cb9ff4088fa7cea324887351387c479e5
                                                                            • Opcode Fuzzy Hash: 16c98109714031d364d38efe0870adddc85e8429dbafe480884f65a36ce83ba6
                                                                            • Instruction Fuzzy Hash: D0319C726102049FC721DF28C881A66B7F9FF89310F2046AAF9558B291DB31ED01CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF3880, Relevance: .1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d44d9a5710d5ee31d2b82a903bd2e7078f26ce30c7a94c458c6e1d089c0077c6
                                                                            • Instruction ID: 98f5dd5c46146357760d3ddffa2d4b970bb104815a8f24f25726ab5abe126b9a
                                                                            • Opcode Fuzzy Hash: d44d9a5710d5ee31d2b82a903bd2e7078f26ce30c7a94c458c6e1d089c0077c6
                                                                            • Instruction Fuzzy Hash: 43319E72E01219AFDB21DFE9C880ABEBBF9EB08350F1145A5FA15E7250D6749F409BD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BBA189, Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: da1063f8d803fd54bd041ee085277a9d9b42dcd2a479b17811d20bfd5e9e4ce5
                                                                            • Instruction ID: 07bc3868568e2cc96cc070cfca5c209c2cb624f923193a45c0f774deefa9c16b
                                                                            • Opcode Fuzzy Hash: da1063f8d803fd54bd041ee085277a9d9b42dcd2a479b17811d20bfd5e9e4ce5
                                                                            • Instruction Fuzzy Hash: 7131DF71E00606ABCB219F99D881BBABBF8EF55754F1000E9F505EB291DAB1DD008B92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2A70E, Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e31dc320fd77a3962b4a2fa085269acc3a8d03b0605a113ccb169ca03662cc60
                                                                            • Instruction ID: a3af4a8485472abbee2beb62d378143db5667306844a627637a179bc5da2e9e6
                                                                            • Opcode Fuzzy Hash: e31dc320fd77a3962b4a2fa085269acc3a8d03b0605a113ccb169ca03662cc60
                                                                            • Instruction Fuzzy Hash: 4A31AFB16682919BC711CB28ECE1F6577F9FB84710F1409DAE0098B260DF709D41CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B261A0, Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 138f2f5862b02b785ec3d1bde6652f944d147fa86c77a4d3f1a891715063ea22
                                                                            • Instruction ID: dbfb8fcf52e8c27d9d5213e7799c528a02abca0a63a8138ffde68af7ee534d65
                                                                            • Opcode Fuzzy Hash: 138f2f5862b02b785ec3d1bde6652f944d147fa86c77a4d3f1a891715063ea22
                                                                            • Instruction Fuzzy Hash: CF318C716097118FD320CF19C940B26B7E4FB88B04F1549ADF9989B351EBB4EC04CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF6730, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0ce79f774ccce6013706880ab11e60b603b52e1c619ecf6374c1dbec5c7120d5
                                                                            • Instruction ID: 3cd06bb139311b79fd753828cb62c18064542214b18bedd4452baddb551f1df1
                                                                            • Opcode Fuzzy Hash: 0ce79f774ccce6013706880ab11e60b603b52e1c619ecf6374c1dbec5c7120d5
                                                                            • Instruction Fuzzy Hash: 9431DC35601A09AFCB12AF64DA81BAABBF2FF84314F5054A5FD1147A61DB31EC30CB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004163C0, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 38%
                                                                            			E004163C0(signed int __ebx, signed int __ecx, void* __edx, signed int* __esi, long long __fp0, intOrPtr _a92) {
				signed int _t22;
				signed int _t23;
				signed char _t27;
				signed int _t28;
				signed char _t29;
				signed int _t42;
				signed int _t52;
				void* _t55;
				signed char _t56;
				signed int _t61;
				signed int* _t62;
				signed int* _t63;
				signed int _t74;
				long long _t82;

				_t82 = __fp0;
				_t62 = __esi;
				_push(__esi);
				_t55 = __edx + 1 - 1;
				asm("movsb");
				asm("salc");
				_pop(_t22);
				asm("smsw ebx");
				asm("cmc");
				_push(0x4e);
				 *((intOrPtr*)(__ecx + 0x38e0f450)) = 0x4852fd1;
				asm("scasb");
				_t23 = _t22 ^ 0x72394a60;
				 *(_t55 + 0x2eb5350a) =  ~( *(_t55 + 0x2eb5350a));
				asm("repe inc ebx");
				asm("xlatb");
				_t42 = __ebx ^ _t23;
				_push(__ecx |  *(__ecx + _t23 * 2 - 0x13));
				asm("les esp, [ebx+0x3e]");
				asm("fcom2 st6");
				_pop(_t61);
				asm("pushfd");
				do {
					_pop(_t56);
					asm("arpl [eax-0x150f9de5], sp");
					asm("cmpsb");
					_push(0x30dd8930);
					asm("ss stosd");
					 *0x8e840c80 = 0x30dd892f;
					_push(es);
					_t61 = 0x50f824cd;
					asm("fldcw word [edi+0x3f]");
					asm("cmpsb");
					_t27 = 0x20;
					asm("sbb eax, 0x8b818a71");
					asm("into");
					_t52 = 0x30dd892f |  *(_t62 - 0x33);
					_t74 = _t52;
					do {
						asm("int 0x85");
						if(_t74 != 0) {
							__eflags = _a92 - 0x4e;
							asm("out 0xbb, eax");
							asm("popad");
							_t61 = _t61 & 0xffffffc0;
							_t27 = _t27 + 0x72;
							asm("insd");
							_t42 = _t42 ^  *(_t56 - 0x48667700);
							__eflags = _t42;
							goto L9;
						} else {
							if(_t74 != 0) {
								goto L9;
							} else {
								goto L5;
							}
						}
						L12:
						asm("aas");
						_t29 = _t28 | 0x7c4dafa4;
						_t63 =  &(_t62[0]);
						asm("sbb byte [edi-0x75], 0xab");
						_push(_t56);
						 *(_t61 + 0x2d) =  *(_t61 + 0x2d) ^ _t29;
						asm("pushad");
						asm("retf");
						asm("wait");
						asm("retf 0x2639");
						asm("sbb al, 0x38");
						asm("pushfd");
						asm("xlatb");
						 *0xb83c5a67 = _t29 - 1;
						do {
							 *((long long*)(_t63 + 0x6b + _t52 * 4)) = _t82;
							asm("aas");
							_t63 =  &(_t63[0]);
						} while (_t63 >= 0);
						goto 0x391cb934;
						 *0xd4 =  *0xd4 - 0xd4;
						asm("adc dh, [edi]");
						asm("sahf");
						asm("salc");
						return 0xbadbac;
						L9:
						_t13 = _t27;
						_t27 = _t56;
						_t56 = _t13;
					} while (__eflags != 0);
					_pop(ds);
					_t28 = _t42;
					asm("adc [eax], edx");
					_t42 = (_t27 & 0x000000b3) + 1;
					__eflags = _t42;
					if(_t42 != 0) {
						L7:
						asm("salc");
						 *_t62 = _t52;
					} else {
						asm("outsb");
						asm("hlt");
						_t28 =  *0x3d4de0c3;
						__eflags = _t28 - 0x3f1e6f56;
					}
					goto L12;
					L5:
					_t28 = 0x1525a0ba;
					_t62 = _t62 - 1;
				} while (_t62 != 0);
				asm("in eax, 0xd4");
				asm("cmc");
				goto L7;
			}

















                                                                            0x004163c0
                                                                            0x004163c0
                                                                            0x004163c6
                                                                            0x004163cb
                                                                            0x004163cc
                                                                            0x004163cd
                                                                            0x004163ce
                                                                            0x004163cf
                                                                            0x004163d2
                                                                            0x004163d3
                                                                            0x004163d5
                                                                            0x004163df
                                                                            0x004163e0
                                                                            0x004163e5
                                                                            0x004163f0
                                                                            0x004163f2
                                                                            0x004163f4
                                                                            0x004163f6
                                                                            0x004163f7
                                                                            0x004163fa
                                                                            0x004163fc
                                                                            0x004163fd
                                                                            0x00416402
                                                                            0x00416402
                                                                            0x00416403
                                                                            0x00416412
                                                                            0x00416416
                                                                            0x00416417
                                                                            0x00416419
                                                                            0x0041641e
                                                                            0x0041641f
                                                                            0x00416424
                                                                            0x00416427
                                                                            0x00416428
                                                                            0x00416429
                                                                            0x0041642e
                                                                            0x0041642f
                                                                            0x0041642f
                                                                            0x00416431
                                                                            0x00416431
                                                                            0x00416433
                                                                            0x00416468
                                                                            0x0041646c
                                                                            0x0041646e
                                                                            0x0041646f
                                                                            0x00416472
                                                                            0x00416474
                                                                            0x00416475
                                                                            0x00416475
                                                                            0x00000000
                                                                            0x00416435
                                                                            0x00416435
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00416435
                                                                            0x00416499
                                                                            0x00416499
                                                                            0x0041649a
                                                                            0x0041649f
                                                                            0x004164a0
                                                                            0x004164a4
                                                                            0x004164a5
                                                                            0x004164a8
                                                                            0x004164a9
                                                                            0x004164aa
                                                                            0x004164ab
                                                                            0x004164ad
                                                                            0x004164b8
                                                                            0x004164ba
                                                                            0x004164bb
                                                                            0x004164bf
                                                                            0x004164c5
                                                                            0x004164c9
                                                                            0x004164d9
                                                                            0x004164d9
                                                                            0x004164df
                                                                            0x004164e4
                                                                            0x004164e5
                                                                            0x004164f6
                                                                            0x004164f7
                                                                            0x004164f8
                                                                            0x0041647b
                                                                            0x0041647b
                                                                            0x0041647b
                                                                            0x0041647b
                                                                            0x0041647b
                                                                            0x0041647e
                                                                            0x00416481
                                                                            0x00416482
                                                                            0x00416484
                                                                            0x00416484
                                                                            0x00416485
                                                                            0x00416443
                                                                            0x00416443
                                                                            0x00416444
                                                                            0x00416487
                                                                            0x00416489
                                                                            0x0041648f
                                                                            0x00416490
                                                                            0x00416495
                                                                            0x00416495
                                                                            0x00000000
                                                                            0x00416437
                                                                            0x00416437
                                                                            0x0041643c
                                                                            0x0041643c
                                                                            0x00416440
                                                                            0x00416442
                                                                            0x00000000

                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213378752.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c4edd17907fc2ff8809a83d2d477c8567b2dc59e277f6203a5407f8b8ce9c6c7
                                                                            • Instruction ID: 4541a61a756cd2c5ab3c1d0790e5c48f1094265a1db0d08209c18fd0a4958647
                                                                            • Opcode Fuzzy Hash: c4edd17907fc2ff8809a83d2d477c8567b2dc59e277f6203a5407f8b8ce9c6c7
                                                                            • Instruction Fuzzy Hash: 7221117A0161824FD313CA2CDD825DBBF74F941314765538AC8C187583C316E887C39A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF78D6, Relevance: .1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
                                                                            • Instruction ID: cb916554201a0282f86230fc60dde3b312c945020c57834e404f858af76fdbcb
                                                                            • Opcode Fuzzy Hash: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
                                                                            • Instruction Fuzzy Hash: AD3127B2605504AFD711CF58CC81B6AB7FAEF46710F1840E9B948CB352D635DD41CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2E730, Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 98eb282b4d680b1c299f360c54cb92d373c3c821f7de87f484c27642d61f6e88
                                                                            • Instruction ID: 83c602d6f136f59b503d3ced25f1d086a7838777f1b828915275102ae7132d03
                                                                            • Opcode Fuzzy Hash: 98eb282b4d680b1c299f360c54cb92d373c3c821f7de87f484c27642d61f6e88
                                                                            • Instruction Fuzzy Hash: 55316B75A14249AFD744CF69D881F9ABBE8FB09314F1482A6F918CB351D731ED80CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2D715, Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 446c9dedb9c1a9153563e5c51f0489f9a265362357ab40cd9362941a3b1148d9
                                                                            • Instruction ID: 3ec18b9c3d8e04388965988a67dd4b1557661048ddb39b0c8855d395ae6fd83b
                                                                            • Opcode Fuzzy Hash: 446c9dedb9c1a9153563e5c51f0489f9a265362357ab40cd9362941a3b1148d9
                                                                            • Instruction Fuzzy Hash: 6431BCB26082559FCB01DF28E880A5A7BE9FF89710F0005A9FC55D73A1DB34DC44CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF9100, Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2cf9ed70e0af55fdf801f4b663089183f00f9926eb08b7545b818d145893ca75
                                                                            • Instruction ID: 8243c998a1ff5f9f27c729dbc78231346aec731c0f70aff40036ab0825e2a79a
                                                                            • Opcode Fuzzy Hash: 2cf9ed70e0af55fdf801f4b663089183f00f9926eb08b7545b818d145893ca75
                                                                            • Instruction Fuzzy Hash: 3A310871A0068ADFDB61DFE8C488BBEB7F1BB48310F1482A9E50867351C734AD80CB55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2F527, Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                                                            • Instruction ID: e0a8facaf1329b1d07357d06118d776adc837d3d15f269e5cee7f38ccccc1a80
                                                                            • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                                                            • Instruction Fuzzy Hash: 3B317631600659EFD721CF68D881FAAB7F8EF44350F2045B9E8198B291EB70EE41CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB233, Relevance: .1, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: edd72d1fdc9b1ad1002d7185e68ac80bf48ffb06c1d34823f291d5cc80e00705
                                                                            • Instruction ID: 7cfde56a0451deb1c179cda9006175b6ff8ad79f6b6a23d400f9f7265f1532d8
                                                                            • Opcode Fuzzy Hash: edd72d1fdc9b1ad1002d7185e68ac80bf48ffb06c1d34823f291d5cc80e00705
                                                                            • Instruction Fuzzy Hash: 36213632350245AFCB39AFA5C882ABEB7F9FF15740F1040B8F20587251DB319C40CA94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B10050, Relevance: .1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 310ba25d796a6e9f666391db52e3c4883b4071e66abf8ed6e26c875d36c65203
                                                                            • Instruction ID: 91515e980830e6713ec12c1c61a5895d824e3e2e4ba2c471eb48e76dc540714a
                                                                            • Opcode Fuzzy Hash: 310ba25d796a6e9f666391db52e3c4883b4071e66abf8ed6e26c875d36c65203
                                                                            • Instruction Fuzzy Hash: 76318D31611B04CFD725DF28C885B96B3E5FF88714F2445ADE49AC7AA0EB75AC41CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BCF1B5, Relevance: .1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b23936c3c686bb1b48c761300e88bca6ba03397cf3a308676b06888ec5899a58
                                                                            • Instruction ID: 2c1e1b9b9db016594c137ebb3873223070bfeb609e6346595e32b17d7570936d
                                                                            • Opcode Fuzzy Hash: b23936c3c686bb1b48c761300e88bca6ba03397cf3a308676b06888ec5899a58
                                                                            • Instruction Fuzzy Hash: 3C21CF7AA00516ABDB219F89D884FAABBF6EF45710F1180F9F9049B250D730AD50CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B390AF, Relevance: .1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                            • Instruction ID: 2075c5244fde72c7c404fb082c64b9e99aa4a346ac2dcbabc5b7778317015562
                                                                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                            • Instruction Fuzzy Hash: AD218E71A00605EFDB20DF59C884EAAF7F8EB54310F2488AAE999A7210D370ED40CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B86652, Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d29c71a3e29a2f6ca9992847962cf302947bbfdb8060120a805c9c2338dd0c09
                                                                            • Instruction ID: 7ad0119c0ecc6c4837cc0819f306628fe5ee71fa6cf1847916138efe95528305
                                                                            • Opcode Fuzzy Hash: d29c71a3e29a2f6ca9992847962cf302947bbfdb8060120a805c9c2338dd0c09
                                                                            • Instruction Fuzzy Hash: B021C376A00711ABD6256E289C45761B7E4FB1137CF1503A5EC20936F1D772EC90C7E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B028AE, Relevance: .1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2339c4f33dd9b87cdb9de4abbc25fc6e232aa0ea6899f596258a1e9c45cd357e
                                                                            • Instruction ID: 2a99f4ba089d0d0eb5725a57d6d84be2dfb7500dff5a80fecef17f55de77ea3b
                                                                            • Opcode Fuzzy Hash: 2339c4f33dd9b87cdb9de4abbc25fc6e232aa0ea6899f596258a1e9c45cd357e
                                                                            • Instruction Fuzzy Hash: 5821D475789B809BE722976C9C48B243BE4EF05774F2842E0FD219B6E2DF689C448210
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BC070D, Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                            • Instruction ID: bb37fa21691782f39f0459bec38fe4df3714c45e1a037da93cb63f644484fb5d
                                                                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                            • Instruction Fuzzy Hash: A321F5362042049FD705DF18C880FAABBE5EFC4750F0485ADF9959B382DA30ED09CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF519E, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5dd9d3f6f21abe3cdb8bef1629fae43d3597312a5e2c71b3a067ce5c40f2e59e
                                                                            • Instruction ID: 40d03b8e1a734db05432a040069e3fa10c94fc22d01b81752695bdfdc19c3586
                                                                            • Opcode Fuzzy Hash: 5dd9d3f6f21abe3cdb8bef1629fae43d3597312a5e2c71b3a067ce5c40f2e59e
                                                                            • Instruction Fuzzy Hash: 33110635901605ABCB20BFB9C541BBABBF5EF16710F2407EAFA4697680D631EC85C650
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B8D1F9, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7e6d3e10d19d6cc3fac0a952f31e7f00204c39b4d471431d557cb4fe4f0dd64c
                                                                            • Instruction ID: 6225342587925d29cd5ed2602c79773e9f10bb02da9d49bf8cfe0bf4d0cc4688
                                                                            • Opcode Fuzzy Hash: 7e6d3e10d19d6cc3fac0a952f31e7f00204c39b4d471431d557cb4fe4f0dd64c
                                                                            • Instruction Fuzzy Hash: 21212972A00209FBDF11AF94D840FAEB7F9EB88321F204496F954A72A1D635DD51DB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B77794, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f4afbc5ecc01bac46e6c5687a14f1f01dcd0ece88cfa7fa409f3debb3c169c64
                                                                            • Instruction ID: 845a977c034d248c816c370d227b52fbc94fa4140e39ffba3726c3272a617e58
                                                                            • Opcode Fuzzy Hash: f4afbc5ecc01bac46e6c5687a14f1f01dcd0ece88cfa7fa409f3debb3c169c64
                                                                            • Instruction Fuzzy Hash: CE219D72944604AFC725DF69D894EABB7F9EF48340F1045A9F51AC7750EA34ED00CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF12D4, Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                                                            • Instruction ID: 0d48ae7aba77a8406f3242cdcfa4573a0dbeb03b5017af027aedf86022de561e
                                                                            • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                                                            • Instruction Fuzzy Hash: 3511D072600609EFD7219F94D841FAAB7B8EB84790F204169FB058F550D671EE449B54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B212BD, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0a1b31ef0a284c4fd35f55ac893780234bda501e42eef3386dcec01f376214f2
                                                                            • Instruction ID: 0a09da247f17b0a96c5118dd952ff84e987887f8fa3e3e4e2a29a8489b7d0cda
                                                                            • Opcode Fuzzy Hash: 0a1b31ef0a284c4fd35f55ac893780234bda501e42eef3386dcec01f376214f2
                                                                            • Instruction Fuzzy Hash: 64213871600A50EFD734CF6DD881BAAB3EAFB58350F1088ADE59EC7651DA30AC40DB64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF9240, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ddb69db7f48dc6f42f0513cfe5c83f6dab44b1f39bb5710a6b9a906276d68132
                                                                            • Instruction ID: faf3019c457461446005a5f256c254fef6bd8d14740b61d5c5d0bb19ff087b40
                                                                            • Opcode Fuzzy Hash: ddb69db7f48dc6f42f0513cfe5c83f6dab44b1f39bb5710a6b9a906276d68132
                                                                            • Instruction Fuzzy Hash: EE213632040A44DFC722EF68CA41F6AB7F9EF18704F1445A8B1098B6A2CB35E981CB84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2B390, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 258bde48248c06c87e92f6e94e15616ae8b30f71e47b29238d0e085aba1e1298
                                                                            • Instruction ID: f82649221beea29d5cba4d563d0590bdfb4e70c66825ef4ad1a4e6e70036a104
                                                                            • Opcode Fuzzy Hash: 258bde48248c06c87e92f6e94e15616ae8b30f71e47b29238d0e085aba1e1298
                                                                            • Instruction Fuzzy Hash: DF116B333051209FCB29DA159D81A6B73D6EBC5330B3441B9ED1AE7380CE359C02C6D9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF3138, Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                                                            • Instruction ID: cf59b500b116957e7c5cfea4e8b9e9d2f90753537fae963585d3fe38c9364166
                                                                            • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                                                            • Instruction Fuzzy Hash: 3C11D371900308EFDF25CBA0C804F76B7F5EB85314F2086E9E5019B240EB71AE02DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B84257, Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3f7a19b68ce9a1c645ac5357d93dd620de77272e17d88c877cfd63006d6fbf2e
                                                                            • Instruction ID: 2b9279404277ce1f5d45168d841407458f400559efe618bbe6a9d1337167c3b9
                                                                            • Opcode Fuzzy Hash: 3f7a19b68ce9a1c645ac5357d93dd620de77272e17d88c877cfd63006d6fbf2e
                                                                            • Instruction Fuzzy Hash: 01215670514A46CFCB24EF64D980A18BBF1FB85314B2082EEE1198F2B1EF31D881CB02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B22397, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fc0f502fb51848aacd2a9187528beb49f16050647a0ca48db7b4aec3d9307bc7
                                                                            • Instruction ID: 223b3f5b89ba390dd0d010f33983923a81beb8b76ce74adf67a0d915b832f6e4
                                                                            • Opcode Fuzzy Hash: fc0f502fb51848aacd2a9187528beb49f16050647a0ca48db7b4aec3d9307bc7
                                                                            • Instruction Fuzzy Hash: B81108326447517FD720AB29BC81B25B2D8EF50710F1484A6F60EDB2A1CE78E8818758
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B746A7, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                            • Instruction ID: c900e4b6673a39182e11fc917343a1d04537583a07db91bf7379bc1488961d50
                                                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                            • Instruction Fuzzy Hash: 5B11C272904208BBC7059F5CD8818BEB7F9EF99304F1080AAF94487351DB318D55D7A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA63B, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 37e20149a53c51955d012c17ff7d14c48cc9fb8fcf4b3873d74e6d44a8a8b3b4
                                                                            • Instruction ID: 77c9187644083748144d1423ba1739501185cb4b9bd18c32bf4770667b647faf
                                                                            • Opcode Fuzzy Hash: 37e20149a53c51955d012c17ff7d14c48cc9fb8fcf4b3873d74e6d44a8a8b3b4
                                                                            • Instruction Fuzzy Hash: 77118F7B510AC2AAC7358F58EDC1A6133B5FB54B99BA40064E908EF3B1DF358C81D364
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B028FD, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fa3d94d0a1c907636d5fefdb8c3dd595b067d259b5fd28d9bd352dce707a7a3b
                                                                            • Instruction ID: f75387b773a55d956a268c3c181fe69d0f2dc8137638eb0d6d1cbf73ac277e97
                                                                            • Opcode Fuzzy Hash: fa3d94d0a1c907636d5fefdb8c3dd595b067d259b5fd28d9bd352dce707a7a3b
                                                                            • Instruction Fuzzy Hash: BE112635388680ABE3219369ED89F263BE8EFC5B50F1440F5BD419B2D1DEA4DC04C165
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B337F5, Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bee8d127d7f368213dc88d7c544205844b621400666b76b419af541d4f176b60
                                                                            • Instruction ID: d5ed2727330ac91a95fd14cf43bcb56acf068ea8b9a7650dba23d709f79657e5
                                                                            • Opcode Fuzzy Hash: bee8d127d7f368213dc88d7c544205844b621400666b76b419af541d4f176b60
                                                                            • Instruction Fuzzy Hash: 9E01D2B2A45611ABC3378B1A9940E2BBBE6DF95F60F3540E9F9498B211DB30CE41C7C0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BC98FE, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f01069bf61ec56b49909b8355252b6947888ac24265097709ff5fdbc5c6fb7eb
                                                                            • Instruction ID: 5edae46a5a0b5060e68071d08ad8e81df90e41b1d0315536dd65f83a04321d36
                                                                            • Opcode Fuzzy Hash: f01069bf61ec56b49909b8355252b6947888ac24265097709ff5fdbc5c6fb7eb
                                                                            • Instruction Fuzzy Hash: 8D11A930A00605DFDB28EF98C585BAEB7F5AF04710B6085CCE405AB352CBB5AC81CF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2002D, Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                            • Instruction ID: 41df7f9eeb897afe563ce0910b84dad8c4e0b2482702262ba50c18ce6d3fefa9
                                                                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                            • Instruction Fuzzy Hash: 3F110472615A948FE722AB28E984B363BE4EF41754F1D00F0ED0887693DB2CCC81C760
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA745, Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a942c302f636061c1d315ab4ffa59c97c8cc97d739084e495e95c93937d071cc
                                                                            • Instruction ID: c525f5e9166bf3d174efa566518eca4ff5fe380d66a01a5299a65134b6b75cf7
                                                                            • Opcode Fuzzy Hash: a942c302f636061c1d315ab4ffa59c97c8cc97d739084e495e95c93937d071cc
                                                                            • Instruction Fuzzy Hash: 8C01C0722412069BC320EB69EC41F6AB7F8EB41325F1442EAF5088B392CE38DC45C7D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF86A0, Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2838a12bfa7fb0c301611d14f3f4a56a391a4934558db612db6c0909e9ac3aae
                                                                            • Instruction ID: 30b8926186806857a1ff0ce1ce4b8a7f47572ba7a44600cfd0015c78be960190
                                                                            • Opcode Fuzzy Hash: 2838a12bfa7fb0c301611d14f3f4a56a391a4934558db612db6c0909e9ac3aae
                                                                            • Instruction Fuzzy Hash: 45114972505B199BCB309F59D840B72BBF4FF55760720856DF995CB680EB38D800DB64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0766D, Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                            • Instruction ID: 8aaeb9b22207f9f3c25ed2e5dd231c0eed26362987d7db57adc435e4cd382699
                                                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                            • Instruction Fuzzy Hash: 68017572B44519ABC720DE5EDC41E5BBAEDEB84760B2445B4B909CF290DE32ED0197A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF9080, Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 92e5cf85010c215bdd27ae9b55ff5ea62cf5d52672963c1ddb3f7786d2309d5b
                                                                            • Instruction ID: 1e8a0ef5fed56c9a8e02b8ffffc39b2385cdbf25bb9150a4c288aa0d162348c0
                                                                            • Opcode Fuzzy Hash: 92e5cf85010c215bdd27ae9b55ff5ea62cf5d52672963c1ddb3f7786d2309d5b
                                                                            • Instruction Fuzzy Hash: 2B01FF72601A088FC3259F09D880B22BBF9EB85324F2140B6F2068F7A1CB74DC81CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B8C450, Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                            • Instruction ID: b50429de916f83b36c67769b1b3fcb79f70955d4b8f20f0cd1e17f8c52506285
                                                                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                            • Instruction Fuzzy Hash: B701C0B2180605BFD622AF65CC81EA2BBADFB54790F154165F114426B0CB31ACE0CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF8190, Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dcd48015a680727a273efd6b12749b475cbf1055f74c7fb8418cbe1bcf60fbb8
                                                                            • Instruction ID: 336929de6f17d72cfb63a6ad10634f40aa7250a6fd808cc71419f02331e5ab11
                                                                            • Opcode Fuzzy Hash: dcd48015a680727a273efd6b12749b475cbf1055f74c7fb8418cbe1bcf60fbb8
                                                                            • Instruction Fuzzy Hash: 2301D873141608ABC3319B91CC40EB7B7EDEB81760F254269F6294B281DF34ED42C794
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BC4015, Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 97a92f8051ae0fa9ab302469abe3bc5a74fa71da01add4160fb6da97cccde395
                                                                            • Instruction ID: 4d74422e24a5294d907a0f1cc2db298cd435e91e7b84c21b31f2027ea235f506
                                                                            • Opcode Fuzzy Hash: 97a92f8051ae0fa9ab302469abe3bc5a74fa71da01add4160fb6da97cccde395
                                                                            • Instruction Fuzzy Hash: DB018F722419457FC221AB79CE81E67B7ECEF45760B0002A9B60883A52CF34EC51C6E4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF31E0, Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                                                            • Instruction ID: f2a9c849f93d6dcc83b8c17ec4c88a164bb94bb76195c46ba38ff8bae34a9d64
                                                                            • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                                                            • Instruction Fuzzy Hash: 7101F132240709EFDB22E6A6D940AB773E9EFD1714F14446ABB468B511EE30EA01DB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF70C0, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                                                            • Instruction ID: 2cc9caa69fbc1e6dfdff068d659c5b1a0022e6804a9a052b93e7676850f62b51
                                                                            • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                                                            • Instruction Fuzzy Hash: 6B118732454B02DFD7329F55C880B26B7E1FF10722F1588ACEA994B5A2CB78EC81CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B83019, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 991cfa992c1a5cfe5cc8327b37a2361107759f9801351db97dd3c9d7aaa64241
                                                                            • Instruction ID: a8d94506c8a2ef003c05e55aa879461f706ee64c4262e2508707ae7bfb17d4b1
                                                                            • Opcode Fuzzy Hash: 991cfa992c1a5cfe5cc8327b37a2361107759f9801351db97dd3c9d7aaa64241
                                                                            • Instruction Fuzzy Hash: C21161B1A197089FC704DF69C84295BBBF4EF99710F00455EF958D7361E670E900CB96
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB138A, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1ae4c3b24b5bfbbebde27d408205f0f6f21c3c6726cfa69fe343b39e1799de35
                                                                            • Instruction ID: 0634cb3d240a2e0a83b3176fd6125dca6196280b77708ac991eba29e189a7277
                                                                            • Opcode Fuzzy Hash: 1ae4c3b24b5bfbbebde27d408205f0f6f21c3c6726cfa69fe343b39e1799de35
                                                                            • Instruction Fuzzy Hash: B9015671E00258AFCB14DFA9D842EAEB7F8EF44710F5040A6F904EB241DA749A41C795
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB14FB, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 37f631bab7f288be94ea516916caedb408f72449b5c11295a527cd7c0134baff
                                                                            • Instruction ID: 86893086d80fa6117889d017af4e3c9b854b1a5fbf63c5ee649fbcc319121bab
                                                                            • Opcode Fuzzy Hash: 37f631bab7f288be94ea516916caedb408f72449b5c11295a527cd7c0134baff
                                                                            • Instruction Fuzzy Hash: E0019271A00248AFCB14DFA8D842FAEB7F8EF44700F5040A6F914EB281DA70DA00CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BC8450, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                                                                            • Instruction ID: dba522a12a4b49657cd3f288c71ffd25f641ea547cdf9a5268ead501d748a0ca
                                                                            • Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                                                                            • Instruction Fuzzy Hash: 900171322006029FD7299A65E845FA6B7EAFFC5710F04489DE5468B750DE70F840CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB18CA, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f30ca4e0870709e3bb9ba05075d703351f2827528558be671f233c9d593af53a
                                                                            • Instruction ID: 0d47cee1698cc5d9ee0573db6f6c7e28acdbbb2efb2ca9019b356e592c93cd2e
                                                                            • Opcode Fuzzy Hash: f30ca4e0870709e3bb9ba05075d703351f2827528558be671f233c9d593af53a
                                                                            • Instruction Fuzzy Hash: 91019271A01648ABC704DFA9D846EAEB7F8EF44710F5040A6F945AB381DA749A01C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB1843, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 852f9e83c649ce40db3c81302800ba85c6b0fd7eab5776b28fe98d344882078e
                                                                            • Instruction ID: 141c67fb6a2e449ea85a169379ddea7404950ca8f91791b62869e7c7fce388ce
                                                                            • Opcode Fuzzy Hash: 852f9e83c649ce40db3c81302800ba85c6b0fd7eab5776b28fe98d344882078e
                                                                            • Instruction Fuzzy Hash: 8A019271E01248ABCB04EFA8D846EAEBBF8EF44710F1040A6F904AB381DA749A00C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF95F0, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                                                            • Instruction ID: 271c95fa4b3e13a7b73832beaa058c5776f7eb41adccf1eeb8d5943d69098c87
                                                                            • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                                                            • Instruction Fuzzy Hash: AD012F72A00248ABD7609B98C800F3A73E9DB81B20F204199BE05CB290EB34ED048B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF58EC, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 29b74fcf5054aea05fb1b0c683362eb1ba2fa8230db6d4d62bb2d6ac5c1682ca
                                                                            • Instruction ID: b11b17c8ee9602a159e5de44296fd97f1288af047890edc4f1986acc14c29057
                                                                            • Opcode Fuzzy Hash: 29b74fcf5054aea05fb1b0c683362eb1ba2fa8230db6d4d62bb2d6ac5c1682ca
                                                                            • Instruction Fuzzy Hash: AF01DF31E00908DBC718EBB9CC91ABE77E8EF44360F5440A9BB1A9B341DEA0DD018694
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0B02A, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                            • Instruction ID: 7b5859d8b7b71f465cad742d038d8e7c243276afa1b68d5501aa04dfabf16898
                                                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                            • Instruction Fuzzy Hash: 7E018F722049849FD326871CC988F677BE8EF45750F0940E1F919CBA91EB38DC80C621
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BC1074, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c175593a6f1294d60ea1dcaabceb3a88f4817f028c1e2fe8ad03bf765b4045c4
                                                                            • Instruction ID: da9c35bb0524662d194907e30c0741274711a3481865b945d7f7d135fe1a48b3
                                                                            • Opcode Fuzzy Hash: c175593a6f1294d60ea1dcaabceb3a88f4817f028c1e2fe8ad03bf765b4045c4
                                                                            • Instruction Fuzzy Hash: 160128725047819BC710DB6CC941F5A77E5EF85310F048AADF88593292DE30D880CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB129A, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e0313ea0aa0422ae6e496378f8706c0484cd50ce9c7489ec69bcbdcb388cd98e
                                                                            • Instruction ID: 3c53efb919dc20a5f7d2785a623cb530987cc991d7a141dd823f4df87645b29c
                                                                            • Opcode Fuzzy Hash: e0313ea0aa0422ae6e496378f8706c0484cd50ce9c7489ec69bcbdcb388cd98e
                                                                            • Instruction Fuzzy Hash: 7E018471E00258ABD714DFA9D846EBFB7F8EF44700F5040A6F905EB281DAB4D900C794
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB1751, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 869064efac77f31beda434a537e970dd8576e7314eeea71a636cc3908099ae69
                                                                            • Instruction ID: 5e1b39df90a94bbce2914317d23b8d20e1c461948170d63e1889d2ce31af5ff0
                                                                            • Opcode Fuzzy Hash: 869064efac77f31beda434a537e970dd8576e7314eeea71a636cc3908099ae69
                                                                            • Instruction Fuzzy Hash: A5018471E11218EBD710DFA9D846EAFB7F8EF84700F5040A6F905EB281DAB49900C794
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF7057, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 124f430c133a10fbf784820bcd1a96a0a230464cdbb2d4f0144824f0dcde94c9
                                                                            • Instruction ID: d850f28d7ecfd893a7c415469cfd14c094a658c8a3ab5e7e46851c049612d295
                                                                            • Opcode Fuzzy Hash: 124f430c133a10fbf784820bcd1a96a0a230464cdbb2d4f0144824f0dcde94c9
                                                                            • Instruction Fuzzy Hash: 61018B31204648ABD725DF98DD06FABB7F9EF44710F1001ADF90593191CBA1AA04C695
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB1E1, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                            • Instruction ID: 89287cc78d1594e16c393dce671c4b5f9b30ec38209f0441f52fbc5b0c9de225
                                                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                            • Instruction Fuzzy Hash: FC01D6322945849BD3229759C804FA97BF8EF41754F0840E1FE148B6B2EB74CC40C224
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB1229, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e3638384fcf3ba0dba3c6677f88bc293d5aee4ca7a8c4955c452fb07a8c6cbdf
                                                                            • Instruction ID: fca8a15809540b7a6a60088b0989ca2e9a70fb7135fb5203a7d479f8ab0100db
                                                                            • Opcode Fuzzy Hash: e3638384fcf3ba0dba3c6677f88bc293d5aee4ca7a8c4955c452fb07a8c6cbdf
                                                                            • Instruction Fuzzy Hash: 5701D631A00608ABDB04DFA9C8069EEB7B8EF04310F008096F510EB291DA7099008790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF1480, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                                                            • Instruction ID: e24f2ae8fdee45cde8beb18a442c44bd4232d950f873308610fd00d6de1e62c2
                                                                            • Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                                                            • Instruction Fuzzy Hash: 24F08C76B01108ABCB25DB89C941EBEB7BDEBC4700F1401AABA05E7740DA30AE0197D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB17D2, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 01a515e6b2fbc7cf6077d57d2e30ef688a3d8f18f81295b3c0fb4832a8947935
                                                                            • Instruction ID: 3aa66cd30d957ee5fe6b00d6eea86fa810690e1645cb4e5cf6f1e448de7d39c7
                                                                            • Opcode Fuzzy Hash: 01a515e6b2fbc7cf6077d57d2e30ef688a3d8f18f81295b3c0fb4832a8947935
                                                                            • Instruction Fuzzy Hash: 9701F432E00648ABD704DFB9C8069EEB7F8EF08310F4080EAF511EB281DEB099008790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF3591, Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                                                            • Instruction ID: cd48debbac761c353a501998b4d290415997b8b0933088061196860c571c634b
                                                                            • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                                                            • Instruction Fuzzy Hash: 5BF0AF72A01218AFEB14DBE98851BBAB7A8DF84710F1481A5FA01D7241DA71EE808690
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB131B, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 188528160fcc84e8c11cab6facdf0c79b058b6d3388338f80391c9bbc00925f3
                                                                            • Instruction ID: 1b1ccb2c3362471751aed7e7cf9e4215ef449e86ae2a08cbb052c947ab505857
                                                                            • Opcode Fuzzy Hash: 188528160fcc84e8c11cab6facdf0c79b058b6d3388338f80391c9bbc00925f3
                                                                            • Instruction Fuzzy Hash: 7C013C71A0564CAFCB04EFA9D546AAEB7F4FF08700F5040A9F905EB392EA74DA40CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB1608, Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 619132e809084e73d4dd9bff5749988929bd4a63dfaac0dba8dce34c2f682aef
                                                                            • Instruction ID: 3c09a8780dac2e46f751c5eefda0237600cd2818d518ac3387a90948fae93e1b
                                                                            • Opcode Fuzzy Hash: 619132e809084e73d4dd9bff5749988929bd4a63dfaac0dba8dce34c2f682aef
                                                                            • Instruction Fuzzy Hash: 77F06271E04648EFDB04DFA8D446EAEB7F4EF04300F5440A9F915EB391EA749900CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1C577, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e4598296bf8d211088f368a2bf0b57d02021f7999e8db2373842a127693483f9
                                                                            • Instruction ID: d79809bf9537a435e973feb188c73a801bf326fa06e2fe49bc100d2de73262b2
                                                                            • Opcode Fuzzy Hash: e4598296bf8d211088f368a2bf0b57d02021f7999e8db2373842a127693483f9
                                                                            • Instruction Fuzzy Hash: DDF09AB29956909ED731C7288046BA2BFEBDB25778FD484EBE40687642C7A4FCC0C354
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BB2073, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f817bd9f9305e343633d2e64928b837a1e3d2c52730a160207de2ae839a8cace
                                                                            • Instruction ID: 66b474729f85e45e49ede428fa97769d5d46475f7bf156e3667fb28d7e49713e
                                                                            • Opcode Fuzzy Hash: f817bd9f9305e343633d2e64928b837a1e3d2c52730a160207de2ae839a8cace
                                                                            • Instruction Fuzzy Hash: 96F0A06A4159C68BDF327B2869522F13BD4D756350F9904D6EC985F202CDB48C83CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B3927A, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                            • Instruction ID: 226771560708ffd11282db4eeb6281234ecdf72c12dfe57eeaf0280795c9f54c
                                                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                            • Instruction Fuzzy Hash: 9FE02232340A003BE721AE4ACC81F5337EDEF82720F1040B8B9041E283CAF6DC088BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1746D, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b23cc48772e4bf8a1d149d9f001dc9306ceaaea0e1ac6dd65a59b1b58b23a0d4
                                                                            • Instruction ID: 71e2bb27c1806baacb77cb65c2c8fa808e757186aeb7bbbf7507b7fa5e4cb2db
                                                                            • Opcode Fuzzy Hash: b23cc48772e4bf8a1d149d9f001dc9306ceaaea0e1ac6dd65a59b1b58b23a0d4
                                                                            • Instruction Fuzzy Hash: 06F0E93458C145AACF0197A8C481BF9BFF1EF14310FA405D5E851A72A1EF64DC80C785
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF354C, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d94b946c0b6175521fcbf3b7129af97c41af203d36a12df5f5cab2e94bafd89b
                                                                            • Instruction ID: 8b066da391cf5f1ac3f3e07136f593f34354088dfa07a1bc0ef2b2f88d452cfe
                                                                            • Opcode Fuzzy Hash: d94b946c0b6175521fcbf3b7129af97c41af203d36a12df5f5cab2e94bafd89b
                                                                            • Instruction Fuzzy Hash: C3F0EC3299228AAFC720D328C000F32BBD8DB01731F2540B5F805C7A22C768DE80D2A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB540, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bd799a432e2f64f7d83c27dd030e23fbae6994240cf0d3f0f1f11ad70090e808
                                                                            • Instruction ID: 897f60b8b26247632693fd67ff320b6158e1eecd3ac348d4c99b5dea72477e5e
                                                                            • Opcode Fuzzy Hash: bd799a432e2f64f7d83c27dd030e23fbae6994240cf0d3f0f1f11ad70090e808
                                                                            • Instruction Fuzzy Hash: BEF05E311205898FCB268B58C941F35B775EB51720F5542A8F9268B5E2DB38DD41C7D4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2A44B, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f721f4e91aa380ceefe7dba88a3b7909299582bbe28119d32c2386306d23bd20
                                                                            • Instruction ID: d2d9a454fa57d6251381cee562982c3453b69317df29fdba2feb6d576ac26575
                                                                            • Opcode Fuzzy Hash: f721f4e91aa380ceefe7dba88a3b7909299582bbe28119d32c2386306d23bd20
                                                                            • Instruction Fuzzy Hash: 1AE09272A41422ABD2115B58BC81F6673EDDBD5755F1940B5F508C7220DA68DD01C7E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFF358, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                            • Instruction ID: f337dc3f72ea97e38973a5430fe5083fe75cebd9244dc978bde67b24a863d29d
                                                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                            • Instruction Fuzzy Hash: 09E0D833A40128BFCB2196D99D06FAABBBDDB44B60F0001A5BA04DB150D5709D40C2D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF15C1, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                                                            • Instruction ID: 5b99ccdaf2f7740b8258301dfb3e12cd96fd32c045ccc62d930986f69e92d96f
                                                                            • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                                                            • Instruction Fuzzy Hash: 87E0223120028AD3DF31AB84C501FB6B3A9EFE1700F108071FA028F182DAA0EC81E3D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B24710, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                                                                            • Instruction ID: bc35198e95a1f75a7c43442162ec37570ef425e70621438582a71a45aed90463
                                                                            • Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                                                                            • Instruction Fuzzy Hash: A4F0A9BA3083109FCB05CF15E080AA53BE8EB46360F1400E4E8568B321DB35EC81CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B1E760, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a797ebcba2112cd1d3af4aad2f2315298aeafbf05647b2a8a4261aaedeb41178
                                                                            • Instruction ID: 49e5bb7986dbaddd1e6bcd8925282e86336d991facadbdc7cfb971c7133d3ca9
                                                                            • Opcode Fuzzy Hash: a797ebcba2112cd1d3af4aad2f2315298aeafbf05647b2a8a4261aaedeb41178
                                                                            • Instruction Fuzzy Hash: 0FF0E531554AA4EFE721D768C044F22BBD8EB15774F5444E9E605C7551C778DC80C260
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B841E8, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ab962b11e86066dfa9e4040349aca32ba6762c4f20f72f7a4d57c37c540d32ff
                                                                            • Instruction ID: 5dd3270b99716e1a253db0ac16560a6f057e49731eb5e4f1f53d8ade9527cf13
                                                                            • Opcode Fuzzy Hash: ab962b11e86066dfa9e4040349aca32ba6762c4f20f72f7a4d57c37c540d32ff
                                                                            • Instruction Fuzzy Hash: 31F01575921B80CECBA0EFA9D94170876E4F744310F2045AEA0088B2A5DF349D84DF02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BAD380, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                            • Instruction ID: 85b6d5f407ebcacedc87d0613262c62864266ac197912dd46b59ff73c36e21c1
                                                                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                            • Instruction Fuzzy Hash: AFE0C231288208BBDF226E44CC01FB97BA6DB507A0F204071FE095BBA1CA719C91E6C8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B2A185, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 090a99a3ed7141ade737aa4c22fe49f9d311293ad649a626c2a83f10a727150d
                                                                            • Instruction ID: 7ef908d6e121b1246164621abc0edb0102853d5fd64f5d8b7db543b611d2a95b
                                                                            • Opcode Fuzzy Hash: 090a99a3ed7141ade737aa4c22fe49f9d311293ad649a626c2a83f10a727150d
                                                                            • Instruction Fuzzy Hash: 32D02B2216008057CB1D6301AC54B2123D3E798761F3008DDF10B0B5E1DF60CCE0C10A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B216E0, Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 667aa2b011747ec4a0dbc0671a2b28e99cad711ad89d7ecf216c8d0222a9a5e8
                                                                            • Instruction ID: a249faae3813dc2daeca6ba27eaaa11ea9142abec469dd72a576f76ec7786552
                                                                            • Opcode Fuzzy Hash: 667aa2b011747ec4a0dbc0671a2b28e99cad711ad89d7ecf216c8d0222a9a5e8
                                                                            • Instruction Fuzzy Hash: AFD0A77110014052DA2E5B19A805B1932D2DBE0785F3804ECF10F594D1CFB4CC92E048
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B753CA, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                            • Instruction ID: 5dd8a2ddf468f4a523df7b4662387744493bb66ebf59619c2671699c4dbff71c
                                                                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                            • Instruction Fuzzy Hash: CEE0EC71944A849FCF22EB59CA90F5EB7F5FB44B40F154494B4196B6B1C664ED40CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF9515, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
                                                                            • Instruction ID: be1b99715267eb751a177568f3543d448870eae002a03c9c6259f1b56d492a7a
                                                                            • Opcode Fuzzy Hash: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
                                                                            • Instruction Fuzzy Hash: BDD0123220607497CB2A5795B914FB76A6A9F81B50F1A00AD79099394185148D42D6E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF8410, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9d63a7a9366a558d83ff9e5c605fe744b4251ca125b4ca25b65a2ce2486193bf
                                                                            • Instruction ID: 6179157a0de2958155e901987a08dd3c0f71ffa74856f2e44e6a59a63e8ab0a1
                                                                            • Opcode Fuzzy Hash: 9d63a7a9366a558d83ff9e5c605fe744b4251ca125b4ca25b65a2ce2486193bf
                                                                            • Instruction Fuzzy Hash: 26D05E32040148ABC701EB08DE81F053BADEB44710F000064B40C872A3CE34ECA1C684
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B235A1, Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                            • Instruction ID: 3b764aec40d03ee8d0424a5eea29c55e22afd1232a93511938145fcd763cf16f
                                                                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                            • Instruction Fuzzy Hash: 93D0A9314011909ADB01AB10E25876837F3FB20B08F6820E5904E0689EC33E8F0AD600
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B7A537, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                            • Instruction ID: 9e2ec2e218f0ddeb7a8a6d5fb55578712293ab7bf32dbf63c1bf8dabafc3b695
                                                                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                            • Instruction Fuzzy Hash: E1C01233180248BBCB126E81CC01F467F6AFB94B60F008010BA080A5618A32E9B0EA84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B076E2, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                            • Instruction ID: 915fa5be745719be8f5d8c122e1171dc0d2787a6e74e6be5277e75361c8d8c17
                                                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                            • Instruction Fuzzy Hash: C1C080706C55805ADB165704CD11B2079D0EB04704F4401DC7502094E1C759BC02C144
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B236CC, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                            • Instruction ID: 1330ab5cd3a2c210a4c0f07b96cc372496d9e4a7f0c635058d94c4032e0324f9
                                                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                            • Instruction Fuzzy Hash: A8C02BB0154440BBD7162F30CD01F1472D8F700F21FA403D47220454F1D63C9C00D100
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B24190, Relevance: .0, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                                                            • Instruction ID: 96f39aff74b2d068a4434627f74cf9e8f7365ba2164b05cc5099b3082bb231e0
                                                                            • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                                                            • Instruction Fuzzy Hash: 11C04879751A408FCF15CB2AD285F6A77F4FB44B44F1508E0E805CBB22EE28EC50CA50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00BC87CF, Relevance: .0, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7342938eed41a2186320ed702457316c2ea2c435f83f70e6a7ab4e9bc3603639
                                                                            • Instruction ID: 94944d6b3f15cdabf42d800a8037d15e1eed7a175a2e4d07be179065fd2d37ef
                                                                            • Opcode Fuzzy Hash: 7342938eed41a2186320ed702457316c2ea2c435f83f70e6a7ab4e9bc3603639
                                                                            • Instruction Fuzzy Hash: D6B01231212540DFD7026B20CB01B9977E9BF017C0F0900F0750085471D619C820D501
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B3B040, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 547f825c12db4526eccf79c9df74c92d03851aca1b2c22409812966a2ae62377
                                                                            • Instruction ID: 22a9b57aeb932bcbe95e5e8b9bf0b7b5dcc4f731914211b744d5b4a7df53b48b
                                                                            • Opcode Fuzzy Hash: 547f825c12db4526eccf79c9df74c92d03851aca1b2c22409812966a2ae62377
                                                                            • Instruction Fuzzy Hash: 249002A2701140534640B15948444065055E7E1341391C175A04445A0D86A88965F2A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B3A3B0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9110aaaa12a681ec3a565f06e5e88d10224286b4c4312b173b461ce24e7987b6
                                                                            • Instruction ID: f241851603fd2e348c5769ab06599ffdd4a450ba2a96dd4c57489844b576e5ce
                                                                            • Opcode Fuzzy Hash: 9110aaaa12a681ec3a565f06e5e88d10224286b4c4312b173b461ce24e7987b6
                                                                            • Instruction Fuzzy Hash: 4890027230144012D2407159848460B5045E7E0341F51C465E0415594D86558966F261
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B395F0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0dbed45be6d3325b216e9442eca390d17fc5bf0e6aabc3f57d58211b2fa8ecad
                                                                            • Instruction ID: 3621a63423d4bd8f5e707f8cc695f04b766c77d8ad431335b7debc4447c133cc
                                                                            • Opcode Fuzzy Hash: 0dbed45be6d3325b216e9442eca390d17fc5bf0e6aabc3f57d58211b2fa8ecad
                                                                            • Instruction Fuzzy Hash: C390027230100812D204615948446860045D7D0341F51C065A6014695F96A589A1B171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B395D0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: efc2789ffd6c2d9ca5ae6b2a1d3004e6ea546d4b325c94b4ae3d9853ea2d645a
                                                                            • Instruction ID: 7250ad4befdfbcccaa2a278367b2d8a19ed1684f66cc13d51267d3ebdda93baa
                                                                            • Opcode Fuzzy Hash: efc2789ffd6c2d9ca5ae6b2a1d3004e6ea546d4b325c94b4ae3d9853ea2d645a
                                                                            • Instruction Fuzzy Hash: E79002A230200013420571594454616404AD7E0341B51C075E10045D0EC56589A1B165
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39520, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f28c45dfd63051028531fb0ec975c428c326b0871a20e8f703b015a409d7bfc
                                                                            • Instruction ID: d273e1a71db533a2b3c35d034a16930d5f40b7aa8977394f240a0514afc1f886
                                                                            • Opcode Fuzzy Hash: 6f28c45dfd63051028531fb0ec975c428c326b0871a20e8f703b015a409d7bfc
                                                                            • Instruction Fuzzy Hash: AA9002E2301140A24600A2598444B0A4545D7E0341B51C06AE10445A0DC5658961F175
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39560, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 40a8ececd879c2b590bfb8bf6785a2c678b07309c63045ee38df715f95f686f1
                                                                            • Instruction ID: c5c73087061d08c46923c08960e25c20c14f4c7a218baee0b640d61099a1fe0a
                                                                            • Opcode Fuzzy Hash: 40a8ececd879c2b590bfb8bf6785a2c678b07309c63045ee38df715f95f686f1
                                                                            • Instruction Fuzzy Hash: E9900266321000120245A559064450B0485E7D6391391C069F14065D0DC6618975B361
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39540, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c884c9a001638b4d32447a33b3dfe17c6a035241faa06e82944728bf7083e6cc
                                                                            • Instruction ID: 315a7d089a20194aa0eddba0ce5ece223161e7d66bde03f7969670fc5fabb172
                                                                            • Opcode Fuzzy Hash: c884c9a001638b4d32447a33b3dfe17c6a035241faa06e82944728bf7083e6cc
                                                                            • Instruction Fuzzy Hash: A1900266311000130205A55907445070086D7D5391351C075F1005590DD6618971B161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B396D0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8d27d7d22d92ee91d3fbd6852c68f9a61493f8bf0596a83b0ee79fb56b9695ff
                                                                            • Instruction ID: c17d0c074dcd8e2122aeb1ca397d4ec0565a4a8be5628280def846064e44971d
                                                                            • Opcode Fuzzy Hash: 8d27d7d22d92ee91d3fbd6852c68f9a61493f8bf0596a83b0ee79fb56b9695ff
                                                                            • Instruction Fuzzy Hash: 2290027230100852D20061594444B460045D7E0341F51C06AA0114694E8655C961B561
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39610, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: efc11bb849b8a60c23dbad851914584daa7ed9a83169ab5182b50d860b7aa42a
                                                                            • Instruction ID: 3658ae792080e3965af63bfff70f9cb1e592d716672d4c4fa63798ac0e94511b
                                                                            • Opcode Fuzzy Hash: efc11bb849b8a60c23dbad851914584daa7ed9a83169ab5182b50d860b7aa42a
                                                                            • Instruction Fuzzy Hash: B790027270500812D250715944547460045D7D0341F51C065A0014694E87958B65B6E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39650, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 58e5db7f8b0a2e00f9769fcd7f37cc3d0064a5349f0151330bd9ebb7c698a304
                                                                            • Instruction ID: 014d3cda0320ef4eb361eb0c9e3e94ca53964fe4a2590d050eb3ddcebe653c7e
                                                                            • Opcode Fuzzy Hash: 58e5db7f8b0a2e00f9769fcd7f37cc3d0064a5349f0151330bd9ebb7c698a304
                                                                            • Instruction Fuzzy Hash: 9A90027230504852D24071594444A460055D7D0345F51C065A00546D4E96658E65F6A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B397A0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 94dbe62982ddd5264c11bd74b67f18470c87a473e3e1b3a7ba2c3ab5a123f116
                                                                            • Instruction ID: 5cc38451fdabfffd6a802bd578633bae8f294cf2297c973d2a2d89faa3546e24
                                                                            • Opcode Fuzzy Hash: 94dbe62982ddd5264c11bd74b67f18470c87a473e3e1b3a7ba2c3ab5a123f116
                                                                            • Instruction Fuzzy Hash: 4390026230100013D240715954586064045E7E1341F51D065E0404594DD9558966B262
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39780, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7e64cc7aaa03413a4e3fa25715eb756596774cede6a43ce4b9c40a8728aeee34
                                                                            • Instruction ID: d14fd4b8a9fa7fb983eb5b1e5108e08bcd4aa5755a4a6ef5b56b0d30a4907902
                                                                            • Opcode Fuzzy Hash: 7e64cc7aaa03413a4e3fa25715eb756596774cede6a43ce4b9c40a8728aeee34
                                                                            • Instruction Fuzzy Hash: B990026A31300012D2807159544860A0045D7D1342F91D469A0005598DC9558979B361
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39730, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: becc283e808a33ed68bb8847bf2959e0e90658ef656a1506bcd35378a2c38183
                                                                            • Instruction ID: 5846dcced18466b7ae3dfd574539f0822e91295ff1ac94679a2f00d781a80029
                                                                            • Opcode Fuzzy Hash: becc283e808a33ed68bb8847bf2959e0e90658ef656a1506bcd35378a2c38183
                                                                            • Instruction Fuzzy Hash: 0C90026270500412D240715954587060055D7D0341F51D065A0014594EC6998B65B6E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39710, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d2508e7f67595897a890d9be72211d17689a2f4bf8e949f8c4ba9f7aed9896c3
                                                                            • Instruction ID: 33b5bb375b3e7e37a29b290fdf98ee07696e98aa8f957d02707f620b96e5545e
                                                                            • Opcode Fuzzy Hash: d2508e7f67595897a890d9be72211d17689a2f4bf8e949f8c4ba9f7aed9896c3
                                                                            • Instruction Fuzzy Hash: 0D90027230100412D200659954486460045D7E0341F51D065A5014595FC6A589A1B171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B3A710, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: edc00c8207844fc2e83053255a1ad207d07e55cef4dafc4381c8e5e9f694462b
                                                                            • Instruction ID: bc70609c93f47d22d306fe8e7d4ee796a1e80445267d05abcac679478838c1f7
                                                                            • Opcode Fuzzy Hash: edc00c8207844fc2e83053255a1ad207d07e55cef4dafc4381c8e5e9f694462b
                                                                            • Instruction Fuzzy Hash: 39900272301000629600A6995844A4A4145D7F0341B51D069A4004594D85948971B161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B3A770, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cbcf3c86719339b449a0c838f8d13827b2283744d325426ce937b30a4fc5a077
                                                                            • Instruction ID: c842b6392381d5386d5a64acd679fb97a647575dab9c6557233e05e84c32a7cc
                                                                            • Opcode Fuzzy Hash: cbcf3c86719339b449a0c838f8d13827b2283744d325426ce937b30a4fc5a077
                                                                            • Instruction Fuzzy Hash: 9F90027630504452D60065595844A870045D7D0345F51D465A04145DCE86948971F161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39770, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f2c169c5005e1898de6682901149c1ea091e5868269d5cf50f4cc915a6bfc86f
                                                                            • Instruction ID: 9009ebef42259f2f4bf928d16e51f06e0c12ac82c7cde1e23bc990c88c71fa37
                                                                            • Opcode Fuzzy Hash: f2c169c5005e1898de6682901149c1ea091e5868269d5cf50f4cc915a6bfc86f
                                                                            • Instruction Fuzzy Hash: 2690026230504452D20065595448A060045D7D0345F51D065A10545D5EC6758961F171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39760, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a89dfae9a4e7f2dedcc263f3c6624eb2e99573dfa7ea4fa2be26d75a29fe67d8
                                                                            • Instruction ID: 084aae60850c734951ae1830618f9cd0ca3f87aa0075983267fad5c4642bf9f3
                                                                            • Opcode Fuzzy Hash: a89dfae9a4e7f2dedcc263f3c6624eb2e99573dfa7ea4fa2be26d75a29fe67d8
                                                                            • Instruction Fuzzy Hash: B390027230100413D200615955487070045D7D0341F51D465A0414598ED6968961B161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B398A0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 52716bf87fc5686f3ea7310405566dc0f05deb2c2b90661894ebdabc0e4fe83d
                                                                            • Instruction ID: 6b993392e363776512a712e9fe41252f4c3df9e13e243ed23b1fadc9f1e18d9a
                                                                            • Opcode Fuzzy Hash: 52716bf87fc5686f3ea7310405566dc0f05deb2c2b90661894ebdabc0e4fe83d
                                                                            • Instruction Fuzzy Hash: 3A90026230100412D202615944546060049D7D1385F91C066E1414595E86658A63F172
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B398F0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 265069334400e4d4d533234f8227cd7b003f9e342d7ba705be9eb97b7e8a2367
                                                                            • Instruction ID: 13e223360df77508ec09923e7e7d7252cf3e188f08d19095ce8b0c7beaa669db
                                                                            • Opcode Fuzzy Hash: 265069334400e4d4d533234f8227cd7b003f9e342d7ba705be9eb97b7e8a2367
                                                                            • Instruction Fuzzy Hash: 3490026270100512D20171594444616004AD7D0381F91C076A1014595FCA658AA2F171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39820, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 16c5a4ed339c96d9f7f1948fc2f238bc96933d353c16164acbfe09f2d718bf6d
                                                                            • Instruction ID: fced074679d47e644f4a5d9d38bd5bab081cda0f0cd3ff84afc0d4bd1ebf6133
                                                                            • Opcode Fuzzy Hash: 16c5a4ed339c96d9f7f1948fc2f238bc96933d353c16164acbfe09f2d718bf6d
                                                                            • Instruction Fuzzy Hash: 0790027234100412D241715944446060049E7D0381F91C066A0414594F86958B66FAA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39840, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 36b7217906f332efbb6e1d04c357f3c3cd7e45fd4b931a13377c04a12c00f68c
                                                                            • Instruction ID: ee9ffdf5c242ea678a079f0b07b8b22bf6d7ccd8be7c63869ae9870212cf120b
                                                                            • Opcode Fuzzy Hash: 36b7217906f332efbb6e1d04c357f3c3cd7e45fd4b931a13377c04a12c00f68c
                                                                            • Instruction Fuzzy Hash: F8900262342041625645B15944445074046E7E0381791C066A1404990D85669966F661
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B399A0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5dd03c383013d9959798be4ff5c08075b54b28d04211955f6abb867806a1d15a
                                                                            • Instruction ID: 61708d7f7085f96bc3d1433fa439b251dad812d16baa400015cf3419d708a18f
                                                                            • Opcode Fuzzy Hash: 5dd03c383013d9959798be4ff5c08075b54b28d04211955f6abb867806a1d15a
                                                                            • Instruction Fuzzy Hash: FD9002A234100452D20061594454B060045D7E1341F51C069E1054594E8659CD62B166
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B399D0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4eeff0f88b3b2879de4b40b52c408285f439ec0fe523c9d87a5343b4dfbb2615
                                                                            • Instruction ID: b7e5c719a48cf558853ded94f156fe3a6467612d357090a2a58d4a73938dd676
                                                                            • Opcode Fuzzy Hash: 4eeff0f88b3b2879de4b40b52c408285f439ec0fe523c9d87a5343b4dfbb2615
                                                                            • Instruction Fuzzy Hash: BB9002A231100052D204615944447060085D7E1341F51C066A2144594DC5698D71B165
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39910, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd5a9aeb08816b395fc5d355c3ccff45acd1852b202707cff868256050f96db4
                                                                            • Instruction ID: 8dffdbe2bd097471b622389b5829b8dc22994797b076bdf1c17c94ca95f86d44
                                                                            • Opcode Fuzzy Hash: cd5a9aeb08816b395fc5d355c3ccff45acd1852b202707cff868256050f96db4
                                                                            • Instruction Fuzzy Hash: 339002B230100412D240715944447460045D7D0341F51C065A5054594F86998EE5B6A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39950, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1aefcfc109c75b7e59292c9b86303cc645fddda4e7acc73458c19699a844bbb9
                                                                            • Instruction ID: 7ea3d676e276388dc05211c76a81b74d0be650dfbf926e2befdcfe280514892a
                                                                            • Opcode Fuzzy Hash: 1aefcfc109c75b7e59292c9b86303cc645fddda4e7acc73458c19699a844bbb9
                                                                            • Instruction Fuzzy Hash: E19002A230140413D240655948446070045D7D0342F51C065A2054595F8A698D61B175
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39A80, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f04548de93d9fc91016f912d9702c52274562ab1b3d8720aa3f59f7cf9e0570f
                                                                            • Instruction ID: 701353b2f7bc74ab62e6117807323d9230ebb2f27d5228910175ee863ccbf81a
                                                                            • Opcode Fuzzy Hash: f04548de93d9fc91016f912d9702c52274562ab1b3d8720aa3f59f7cf9e0570f
                                                                            • Instruction Fuzzy Hash: 4290026230144452D24062594844B0F4145D7E1342F91C06DA4146594DC9558965B761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39A20, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7c1787b69add0cf08af681f9fe186d9927f93e4a4f9592ed7c473f157e37ad3a
                                                                            • Instruction ID: 484e0238a327ef8179a7eb18160e143bdf12d66d8d3524079b2e0312c4d1e57a
                                                                            • Opcode Fuzzy Hash: 7c1787b69add0cf08af681f9fe186d9927f93e4a4f9592ed7c473f157e37ad3a
                                                                            • Instruction Fuzzy Hash: 9E900262701000524240716988849064045FBE1351751C175A0988590E85998975B6A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39A10, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 410819086b525885f75c5960b1101c54f95c61e9f5bf1b8abd969db79231c133
                                                                            • Instruction ID: b2739eeb8f189410fa68f74fa0b813a72eec3f03280f680318a8499e3b2ab8c4
                                                                            • Opcode Fuzzy Hash: 410819086b525885f75c5960b1101c54f95c61e9f5bf1b8abd969db79231c133
                                                                            • Instruction Fuzzy Hash: 1990027230140412D200615948487470045D7D0342F51C065A5154595F86A5C9A1B571
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39A00, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6960345f73e3d82a51efacec4fdbf2d32e4277bf2b453a47740cfb84a5e5e696
                                                                            • Instruction ID: 432bbcf294611fe7c06569689f106b685939c5dc38d046d1cf32418bd59e1c35
                                                                            • Opcode Fuzzy Hash: 6960345f73e3d82a51efacec4fdbf2d32e4277bf2b453a47740cfb84a5e5e696
                                                                            • Instruction Fuzzy Hash: DF90027230140412D2006159485470B0045D7D0342F51C065A1154595E86658961B5B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39A50, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f333fa93850aaa40c79e1887b4b8ca447f51a13137f7be49c1f4c7e616a776a7
                                                                            • Instruction ID: 3f7d5fd0a66fa772dd263e3c589ace5e6c9cc38087d060c699a4a54710b1e3a3
                                                                            • Opcode Fuzzy Hash: f333fa93850aaa40c79e1887b4b8ca447f51a13137f7be49c1f4c7e616a776a7
                                                                            • Instruction Fuzzy Hash: B290026231180052D30065694C54B070045D7D0343F51C169A0144594DC9558971B561
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39B00, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8be711f5eca01df24fd7169986369f539539027e66fc41a8f3e739353ae7c9b6
                                                                            • Instruction ID: 8d6a219d727ea21ee4454abf6a33f7123327d344def2f3e704e3984711888ade
                                                                            • Opcode Fuzzy Hash: 8be711f5eca01df24fd7169986369f539539027e66fc41a8f3e739353ae7c9b6
                                                                            • Instruction Fuzzy Hash: 3790026234100812D240715984547070046D7D0741F51C065A0014594E86568A75B6F1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B3AD30, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 31f65386a792225efaa6cfcd2ee12019b8273976b8c4081d60f3548fc6015b04
                                                                            • Instruction ID: 772f8860cc7fc698f3c81e974ad51df4339178e637a6ff58c5076a4e7e65c163
                                                                            • Opcode Fuzzy Hash: 31f65386a792225efaa6cfcd2ee12019b8273976b8c4081d60f3548fc6015b04
                                                                            • Instruction Fuzzy Hash: F3900272B05000229240715948546464046E7E0781B55C065A0504594D89948B65B3E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39FE0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b020629a7143c3e689c19321377e90fbe3b1f4f8586ee958e45e9eb0de73b36
                                                                            • Instruction ID: 528b491267a16359fe4103515072174284ca13c8dc46befc81367a40891e4583
                                                                            • Opcode Fuzzy Hash: 0b020629a7143c3e689c19321377e90fbe3b1f4f8586ee958e45e9eb0de73b36
                                                                            • Instruction Fuzzy Hash: 9590027231114412D210615984447060045D7D1341F51C465A0814598E86D589A1B162
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B39670, Relevance: .0, Instructions: 2COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction ID: 2f22123bb61061f9304a4e423fb2904fcc2e97270566438d94aabd13cc36f87f
                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF7CC0, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 198COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: 0c571444895041e31ca590a79c43f216bc97d57722fc5ca4d4150f5405b77cb5
                                                                            • Instruction ID: 04c68f696b4b79cfadecfb31c0313cb1bcade75df5f5d45cfcd372b9f08436bd
                                                                            • Opcode Fuzzy Hash: 0c571444895041e31ca590a79c43f216bc97d57722fc5ca4d4150f5405b77cb5
                                                                            • Instruction Fuzzy Hash: 1B61D3B1A0411AABCB10DF98C88197EF7F8FF09301B5082AAF955D7641E774DE549BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF40FD, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00B504BF
                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 00B505F1
                                                                            • Execute=1, xrefs: 00B5057D
                                                                            • ExecuteOptions, xrefs: 00B5050A
                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00B5058F
                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00B50566
                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00B505AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                            • API String ID: 0-484625025
                                                                            • Opcode ID: 3c75ce8c7ed5d6ec55703e5e303fdcfd20d781065d67922a6a37d96afe7958d4
                                                                            • Instruction ID: 175c5b383129915c9353122a233442714e8e388cf7f36fa8ce48159bbdc8e055
                                                                            • Opcode Fuzzy Hash: 3c75ce8c7ed5d6ec55703e5e303fdcfd20d781065d67922a6a37d96afe7958d4
                                                                            • Instruction Fuzzy Hash: 8461FA3160061DBADF20AB94DC86FBA73B9EF18311F1402D5F60597291DB709E85CF64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF77A0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B52953
                                                                            Strings
                                                                            • RTL: Re-Waiting, xrefs: 00B52988
                                                                            • RTL: Resource at %p, xrefs: 00B5296B
                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00B5295B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 885266447-605551621
                                                                            • Opcode ID: 57e48e8b0f9944a0cb384b60efe5b99c1af6f163ea5b91e9f4511d57633bfc80
                                                                            • Instruction ID: 52ce10310a3bfa55d45d6468cfa223c6c703c2b1b8c5172387a3ecb3503424e6
                                                                            • Opcode Fuzzy Hash: 57e48e8b0f9944a0cb384b60efe5b99c1af6f163ea5b91e9f4511d57633bfc80
                                                                            • Instruction Fuzzy Hash: 67313835A01635BBCB215B55CC81F6A77E4EF12B61F2002D4FD4567281CB11BC15D7E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B31CC7, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 193COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $$@
                                                                            • API String ID: 0-1194432280
                                                                            • Opcode ID: ae35c7a9b16bbc70044d32e2d123c29f204fba92b4380a353a8ffc565b7f4829
                                                                            • Instruction ID: 134f83f0f27f28b3d6b52e4334a6cfbc8f3f2a3525e2665120a3333f9164e9a5
                                                                            • Opcode Fuzzy Hash: ae35c7a9b16bbc70044d32e2d123c29f204fba92b4380a353a8ffc565b7f4829
                                                                            • Instruction Fuzzy Hash: A2811771D002699BDB21DF54CC45BEEB6B8AF09710F1085EAEA0DB7280D7749E85DFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B8FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B8FDFA
                                                                            Strings
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B8FE01
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B8FE2B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.213524549.0000000000AD0000.00000040.00000001.sdmp, Offset: 00AD0000, based on PE: true
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                            • API String ID: 885266447-3903918235
                                                                            • Opcode ID: a8f7aaefaafd70d193ff132db89748b218499834648eb10738fb4ebc286b0898
                                                                            • Instruction ID: 6ccbbfbfb57b6e2438b72a39b81a4f60de187ac0148b75f2b70af4c483682afc
                                                                            • Opcode Fuzzy Hash: a8f7aaefaafd70d193ff132db89748b218499834648eb10738fb4ebc286b0898
                                                                            • Instruction Fuzzy Hash: 60F0C236200642BBD6202A46DC02F23BB9AEB84731F244255F628561E1DA62BC60D7A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%