Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.GenericKDZ.73120.139.15119

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.GenericKDZ.73120.139.15119 (renamed file extension from 15119 to exe)
Analysis ID:356587
MD5:fac509b5175d3647945bdbf7ac010acc
SHA1:048a87d3a938217f555da58662da7bfe59971a9e
SHA256:44283ee3be33ad2077f6c8c18b1699f3d694cb936336523b299646f1a39ea8fc

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM_3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.rizrvd.com/bw82/"], "decoy": ["fundamentaliemef.com", "gallerybrows.com", "leadeligey.com", "octoberx2.online", "climaxnovels.com", "gdsjgf.com", "curateherstories.com", "blacksailus.com", "yjpps.com", "gmobilet.com", "fcoins.club", "foreverlive2027.com", "healthyfifties.com", "wmarquezy.com", "housebulb.com", "thebabyfriendly.com", "primajayaintiperkasa.com", "learnplaychess.com", "chrisbubser.digital", "xn--avenr-wsa.com", "exlineinsurance.com", "thrivezi.com", "tuvandadayvitos24h.online", "illfingers.com", "usmedicarenow.com", "pandabutik.com", "engageautism.info", "magnabeautystyle.com", "texasdryroof.com", "woodlandpizzahartford.com", "dameadamea.com", "sedaskincare.com", "ruaysatu99.com", "mybestaide.com", "nikolaichan.com", "mrcabinetkitchenandbath.com", "ondemandbarbering.com", "activagebenefits.net", "srcsvcs.com", "cbrealvitalize.com", "ismaelworks.com", "medkomp.online", "ninasangtani.com", "h2oturkiye.com", "kolamart.com", "acdfr.com", "twistedtailgatesweeps1.com", "ramjamdee.com", "thedancehalo.com", "joeisono.com", "glasshouseroadtrip.com", "okcpp.com", "riggsfarmfenceservices.com", "mgg360.com", "xn--oi2b190cymc.com", "ctfocbdwholesale.com", "openspiers.com", "rumblingrambles.com", "thepoetrictedstudio.com", "magiclabs.media", "wellnesssensation.com", "lakegastonautoparts.com", "dealsonwheeeles.com", "semenboostplus.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x254eb8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x255242:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x27c0d8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x27c462:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x260f55:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x288175:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x260a41:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x287c61:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x261057:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x288277:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x2611cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x2883ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x255c5a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x27ce7a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x25fcbc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x286edc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x2569d2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x27dbf2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x266047:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x28d267:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x2670ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 3 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166a9:$sqlite3step: 68 34 1C 7B E1
        • 0x167bc:$sqlite3step: 68 34 1C 7B E1
        • 0x166d8:$sqlite3text: 68 38 2A 90 C5
        • 0x167fd:$sqlite3text: 68 38 2A 90 C5
        • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
        2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 8 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.rizrvd.com/bw82/"], "decoy": ["fundamentaliemef.com", "gallerybrows.com", "leadeligey.com", "octoberx2.online", "climaxnovels.com", "gdsjgf.com", "curateherstories.com", "blacksailus.com", "yjpps.com", "gmobilet.com", "fcoins.club", "foreverlive2027.com", "healthyfifties.com", "wmarquezy.com", "housebulb.com", "thebabyfriendly.com", "primajayaintiperkasa.com", "learnplaychess.com", "chrisbubser.digital", "xn--avenr-wsa.com", "exlineinsurance.com", "thrivezi.com", "tuvandadayvitos24h.online", "illfingers.com", "usmedicarenow.com", "pandabutik.com", "engageautism.info", "magnabeautystyle.com", "texasdryroof.com", "woodlandpizzahartford.com", "dameadamea.com", "sedaskincare.com", "ruaysatu99.com", "mybestaide.com", "nikolaichan.com", "mrcabinetkitchenandbath.com", "ondemandbarbering.com", "activagebenefits.net", "srcsvcs.com", "cbrealvitalize.com", "ismaelworks.com", "medkomp.online", "ninasangtani.com", "h2oturkiye.com", "kolamart.com", "acdfr.com", "twistedtailgatesweeps1.com", "ramjamdee.com", "thedancehalo.com", "joeisono.com", "glasshouseroadtrip.com", "okcpp.com", "riggsfarmfenceservices.com", "mgg360.com", "xn--oi2b190cymc.com", "ctfocbdwholesale.com", "openspiers.com", "rumblingrambles.com", "thepoetrictedstudio.com", "magiclabs.media", "wellnesssensation.com", "lakegastonautoparts.com", "dealsonwheeeles.com", "semenboostplus.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeVirustotal: Detection: 36%Perma Link
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeReversingLabs: Detection: 29%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeJoe Sandbox ML: detected
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Compliance:

          barindex
          Uses 32bit PE filesShow sources
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Binary contains paths to debug symbolsShow sources
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 4x nop then jmp 05840BBEh0_2_05840040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_058422A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 4x nop then jmp 05840BBEh0_2_05840CC7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 4x nop then jmp 05840BBEh0_2_05840119
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 4x nop then jmp 05840BBEh0_2_05840007
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 4x nop then jmp 05840BBEh0_2_05840B81
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_05842290

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.rizrvd.com/bw82/
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          .NET source code contains very large stringsShow sources
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, FrmStart.csLong String: Length: 13656
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_004181B0 NtCreateFile,2_2_004181B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_00418260 NtReadFile,2_2_00418260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_004182E0 NtClose,2_2_004182E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_00418390 NtAllocateVirtualMemory,2_2_00418390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_004181AA NtCreateFile,2_2_004181AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041825C NtReadFile,2_2_0041825C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_004182DA NtClose,2_2_004182DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9860 NtQuerySystemInformation,LdrInitializeThunk,2_2_013D9860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_013D9660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D96E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_013D96E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9910 NtAdjustPrivilegesToken,2_2_013D9910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9950 NtQueueApcThread,2_2_013D9950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D99A0 NtCreateSection,2_2_013D99A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D99D0 NtCreateProcessEx,2_2_013D99D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9820 NtEnumerateKey,2_2_013D9820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013DB040 NtSuspendThread,2_2_013DB040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9840 NtDelayExecution,2_2_013D9840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D98A0 NtWriteVirtualMemory,2_2_013D98A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D98F0 NtReadVirtualMemory,2_2_013D98F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9B00 NtSetValueKey,2_2_013D9B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013DA3B0 NtGetContextThread,2_2_013DA3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9A20 NtResumeThread,2_2_013D9A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9A10 NtQuerySection,2_2_013D9A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9A00 NtProtectVirtualMemory,2_2_013D9A00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9A50 NtCreateFile,2_2_013D9A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9A80 NtOpenDirectoryObject,2_2_013D9A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013DAD30 NtSetContextThread,2_2_013DAD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9520 NtWaitForSingleObject,2_2_013D9520
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9560 NtWriteFile,2_2_013D9560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9540 NtReadFile,2_2_013D9540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D95F0 NtQueryInformationFile,2_2_013D95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D95D0 NtClose,2_2_013D95D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9730 NtQueryVirtualMemory,2_2_013D9730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9710 NtQueryInformationToken,2_2_013D9710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013DA710 NtOpenProcessToken,2_2_013DA710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013DA770 NtOpenThread,2_2_013DA770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9770 NtSetInformationFile,2_2_013D9770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9760 NtOpenProcess,2_2_013D9760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D97A0 NtUnmapViewOfSection,2_2_013D97A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9780 NtMapViewOfSection,2_2_013D9780
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9FE0 NtCreateMutant,2_2_013D9FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9610 NtEnumerateValueKey,2_2_013D9610
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9670 NtQueryInformationProcess,2_2_013D9670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9650 NtQueryValueKey,2_2_013D9650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D96D0 NtCreateKey,2_2_013D96D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 0_2_026496080_2_02649608
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 0_2_0264C52D0_2_0264C52D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 0_2_0264AB340_2_0264AB34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 0_2_05842C600_2_05842C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 0_2_05840F700_2_05840F70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 0_2_058400400_2_05840040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 0_2_058400070_2_05840007
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0040102F2_2_0040102F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_00408C4C2_2_00408C4C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_00408C502_2_00408C50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041B4932_2_0041B493
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041CD282_2_0041CD28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041CE772_2_0041CE77
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B41202_2_013B4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139F9002_2_0139F900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA8302_2_013BA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013968002_2_01396800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014510022_2_01451002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0146E8242_2_0146E824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C20A02_2_013C20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AB0902_2_013AB090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014628EC2_2_014628EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014620A82_2_014620A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0143CB4F2_2_0143CB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA3092_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B33602_2_013B3360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145231B2_2_0145231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01462B282_2_01462B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BAB402_2_013BAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CEBB02_2_013CEBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145DBD22_2_0145DBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014503DA2_2_014503DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BEB9A2_2_013BEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014423E32_2_014423E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C138B2_2_013C138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0143EB8A2_2_0143EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013E8BE82_2_013E8BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CABD82_2_013CABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB2362_2_013BB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0144FA2B2_2_0144FA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145E2C52_2_0145E2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014622AE2_2_014622AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014632A92_2_014632A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01461D552_2_01461D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01390D202_2_01390D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01462D072_2_01462D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B2D502_2_013B2D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014625DD2_2_014625DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C65A02_2_013C65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C25812_2_013C2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452D822_2_01452D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AD5E02_2_013AD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145D4662_2_0145D466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A841F2_2_013A841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB4772_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014544962_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0146DFCE2_2_0146DFCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014567E22_2_014567E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01461FF12_2_01461FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B6E302_2_013B6E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B56002_2_013B5600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145D6162_2_0145D616
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01462EF72_2_01462EF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01441EB62_2_01441EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: String function: 013ED08C appears 42 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: String function: 0139B150 appears 154 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: String function: 01425720 appears 51 times
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAsyncState.dllF vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.226319020.00000000057E0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLegacyPathHandling.dllN vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000000.217210974.000000000032E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000002.00000002.224992684.000000000161F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000002.00000002.224222430.000000000086E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeBinary or memory string: OriginalFilenameCLRSurrogateEntry.exe8 vs SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, FrmStart.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
          Source: classification engineClassification label: mal100.troj.evad.winEXE@3/1@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.logJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeVirustotal: Detection: 36%
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeReversingLabs: Detection: 29%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0040C8B1 push ss; iretd 2_2_0040C8B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041B3F2 push eax; ret 2_2_0041B3F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041B3FB push eax; ret 2_2_0041B462
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041B3A5 push eax; ret 2_2_0041B3F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041B45C push eax; ret 2_2_0041B462
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_00415CB8 push esi; ret 2_2_00415CB9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0041A5F2 push cs; retf 2_2_0041A5F3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013ED0D1 push ecx; ret 2_2_013ED0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 6.80894356258
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM_3Show sources
          Source: Yara matchFile source: 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe PID: 6528, type: MEMORY
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.274294c.1.raw.unpack, type: UNPACKEDPE
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_004088A0 rdtsc 2_2_004088A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe TID: 6532Thread sleep time: -101885s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe TID: 6564Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_004088A0 rdtsc 2_2_004088A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D9860 NtQuerySystemInformation,LdrInitializeThunk,2_2_013D9860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01393138 mov ecx, dword ptr fs:[00000030h]2_2_01393138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C513A mov eax, dword ptr fs:[00000030h]2_2_013C513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C513A mov eax, dword ptr fs:[00000030h]2_2_013C513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451951 mov eax, dword ptr fs:[00000030h]2_2_01451951
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B4120 mov eax, dword ptr fs:[00000030h]2_2_013B4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B4120 mov eax, dword ptr fs:[00000030h]2_2_013B4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B4120 mov eax, dword ptr fs:[00000030h]2_2_013B4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B4120 mov eax, dword ptr fs:[00000030h]2_2_013B4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B4120 mov ecx, dword ptr fs:[00000030h]2_2_013B4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468966 mov eax, dword ptr fs:[00000030h]2_2_01468966
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145E962 mov eax, dword ptr fs:[00000030h]2_2_0145E962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01399100 mov eax, dword ptr fs:[00000030h]2_2_01399100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01399100 mov eax, dword ptr fs:[00000030h]2_2_01399100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01399100 mov eax, dword ptr fs:[00000030h]2_2_01399100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A0100 mov eax, dword ptr fs:[00000030h]2_2_013A0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A0100 mov eax, dword ptr fs:[00000030h]2_2_013A0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A0100 mov eax, dword ptr fs:[00000030h]2_2_013A0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139B171 mov eax, dword ptr fs:[00000030h]2_2_0139B171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139B171 mov eax, dword ptr fs:[00000030h]2_2_0139B171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139C962 mov eax, dword ptr fs:[00000030h]2_2_0139C962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139395E mov eax, dword ptr fs:[00000030h]2_2_0139395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139395E mov eax, dword ptr fs:[00000030h]2_2_0139395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB944 mov eax, dword ptr fs:[00000030h]2_2_013BB944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB944 mov eax, dword ptr fs:[00000030h]2_2_013BB944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov ecx, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov ecx, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov eax, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov ecx, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov ecx, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov eax, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov ecx, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov ecx, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov eax, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov ecx, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov ecx, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B99BF mov eax, dword ptr fs:[00000030h]2_2_013B99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C61A0 mov eax, dword ptr fs:[00000030h]2_2_013C61A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C61A0 mov eax, dword ptr fs:[00000030h]2_2_013C61A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014519D8 mov eax, dword ptr fs:[00000030h]2_2_014519D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014689E7 mov eax, dword ptr fs:[00000030h]2_2_014689E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139519E mov eax, dword ptr fs:[00000030h]2_2_0139519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139519E mov ecx, dword ptr fs:[00000030h]2_2_0139519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014241E8 mov eax, dword ptr fs:[00000030h]2_2_014241E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C2990 mov eax, dword ptr fs:[00000030h]2_2_013C2990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4190 mov eax, dword ptr fs:[00000030h]2_2_013C4190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BC182 mov eax, dword ptr fs:[00000030h]2_2_013BC182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CA185 mov eax, dword ptr fs:[00000030h]2_2_013CA185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145A189 mov eax, dword ptr fs:[00000030h]2_2_0145A189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145A189 mov ecx, dword ptr fs:[00000030h]2_2_0145A189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139B1E1 mov eax, dword ptr fs:[00000030h]2_2_0139B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139B1E1 mov eax, dword ptr fs:[00000030h]2_2_0139B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139B1E1 mov eax, dword ptr fs:[00000030h]2_2_0139B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013931E0 mov eax, dword ptr fs:[00000030h]2_2_013931E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014549A4 mov eax, dword ptr fs:[00000030h]2_2_014549A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014549A4 mov eax, dword ptr fs:[00000030h]2_2_014549A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014549A4 mov eax, dword ptr fs:[00000030h]2_2_014549A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014549A4 mov eax, dword ptr fs:[00000030h]2_2_014549A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014169A6 mov eax, dword ptr fs:[00000030h]2_2_014169A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014151BE mov eax, dword ptr fs:[00000030h]2_2_014151BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014151BE mov eax, dword ptr fs:[00000030h]2_2_014151BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014151BE mov eax, dword ptr fs:[00000030h]2_2_014151BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014151BE mov eax, dword ptr fs:[00000030h]2_2_014151BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451843 mov eax, dword ptr fs:[00000030h]2_2_01451843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA830 mov eax, dword ptr fs:[00000030h]2_2_013BA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA830 mov eax, dword ptr fs:[00000030h]2_2_013BA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA830 mov eax, dword ptr fs:[00000030h]2_2_013BA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA830 mov eax, dword ptr fs:[00000030h]2_2_013BA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AB02A mov eax, dword ptr fs:[00000030h]2_2_013AB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AB02A mov eax, dword ptr fs:[00000030h]2_2_013AB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AB02A mov eax, dword ptr fs:[00000030h]2_2_013AB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AB02A mov eax, dword ptr fs:[00000030h]2_2_013AB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C002D mov eax, dword ptr fs:[00000030h]2_2_013C002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C002D mov eax, dword ptr fs:[00000030h]2_2_013C002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C002D mov eax, dword ptr fs:[00000030h]2_2_013C002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C002D mov eax, dword ptr fs:[00000030h]2_2_013C002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C002D mov eax, dword ptr fs:[00000030h]2_2_013C002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4020 mov edi, dword ptr fs:[00000030h]2_2_013C4020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01461074 mov eax, dword ptr fs:[00000030h]2_2_01461074
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452073 mov eax, dword ptr fs:[00000030h]2_2_01452073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01396800 mov eax, dword ptr fs:[00000030h]2_2_01396800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01396800 mov eax, dword ptr fs:[00000030h]2_2_01396800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01396800 mov eax, dword ptr fs:[00000030h]2_2_01396800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01464015 mov eax, dword ptr fs:[00000030h]2_2_01464015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01464015 mov eax, dword ptr fs:[00000030h]2_2_01464015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BF86D mov eax, dword ptr fs:[00000030h]2_2_013BF86D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01417016 mov eax, dword ptr fs:[00000030h]2_2_01417016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01417016 mov eax, dword ptr fs:[00000030h]2_2_01417016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01417016 mov eax, dword ptr fs:[00000030h]2_2_01417016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395050 mov eax, dword ptr fs:[00000030h]2_2_01395050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395050 mov eax, dword ptr fs:[00000030h]2_2_01395050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395050 mov eax, dword ptr fs:[00000030h]2_2_01395050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B0050 mov eax, dword ptr fs:[00000030h]2_2_013B0050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B0050 mov eax, dword ptr fs:[00000030h]2_2_013B0050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01397057 mov eax, dword ptr fs:[00000030h]2_2_01397057
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CF0BF mov ecx, dword ptr fs:[00000030h]2_2_013CF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CF0BF mov eax, dword ptr fs:[00000030h]2_2_013CF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CF0BF mov eax, dword ptr fs:[00000030h]2_2_013CF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014518CA mov eax, dword ptr fs:[00000030h]2_2_014518CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D90AF mov eax, dword ptr fs:[00000030h]2_2_013D90AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28AE mov eax, dword ptr fs:[00000030h]2_2_013A28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28AE mov eax, dword ptr fs:[00000030h]2_2_013A28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28AE mov eax, dword ptr fs:[00000030h]2_2_013A28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28AE mov ecx, dword ptr fs:[00000030h]2_2_013A28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28AE mov eax, dword ptr fs:[00000030h]2_2_013A28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28AE mov eax, dword ptr fs:[00000030h]2_2_013A28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C20A0 mov eax, dword ptr fs:[00000030h]2_2_013C20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C20A0 mov eax, dword ptr fs:[00000030h]2_2_013C20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C20A0 mov eax, dword ptr fs:[00000030h]2_2_013C20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C20A0 mov eax, dword ptr fs:[00000030h]2_2_013C20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C20A0 mov eax, dword ptr fs:[00000030h]2_2_013C20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C20A0 mov eax, dword ptr fs:[00000030h]2_2_013C20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01399080 mov eax, dword ptr fs:[00000030h]2_2_01399080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01393880 mov eax, dword ptr fs:[00000030h]2_2_01393880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01393880 mov eax, dword ptr fs:[00000030h]2_2_01393880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01413884 mov eax, dword ptr fs:[00000030h]2_2_01413884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01413884 mov eax, dword ptr fs:[00000030h]2_2_01413884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28FD mov eax, dword ptr fs:[00000030h]2_2_013A28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28FD mov eax, dword ptr fs:[00000030h]2_2_013A28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A28FD mov eax, dword ptr fs:[00000030h]2_2_013A28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013958EC mov eax, dword ptr fs:[00000030h]2_2_013958EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013940E1 mov eax, dword ptr fs:[00000030h]2_2_013940E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013940E1 mov eax, dword ptr fs:[00000030h]2_2_013940E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013940E1 mov eax, dword ptr fs:[00000030h]2_2_013940E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB8E4 mov eax, dword ptr fs:[00000030h]2_2_013BB8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB8E4 mov eax, dword ptr fs:[00000030h]2_2_013BB8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013970C0 mov eax, dword ptr fs:[00000030h]2_2_013970C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013970C0 mov eax, dword ptr fs:[00000030h]2_2_013970C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468B58 mov eax, dword ptr fs:[00000030h]2_2_01468B58
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01426365 mov eax, dword ptr fs:[00000030h]2_2_01426365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01426365 mov eax, dword ptr fs:[00000030h]2_2_01426365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01426365 mov eax, dword ptr fs:[00000030h]2_2_01426365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA309 mov eax, dword ptr fs:[00000030h]2_2_013BA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3B7A mov eax, dword ptr fs:[00000030h]2_2_013C3B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3B7A mov eax, dword ptr fs:[00000030h]2_2_013C3B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AF370 mov eax, dword ptr fs:[00000030h]2_2_013AF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AF370 mov eax, dword ptr fs:[00000030h]2_2_013AF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AF370 mov eax, dword ptr fs:[00000030h]2_2_013AF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139DB60 mov ecx, dword ptr fs:[00000030h]2_2_0139DB60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145131B mov eax, dword ptr fs:[00000030h]2_2_0145131B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139F358 mov eax, dword ptr fs:[00000030h]2_2_0139F358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3B5A mov eax, dword ptr fs:[00000030h]2_2_013C3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3B5A mov eax, dword ptr fs:[00000030h]2_2_013C3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3B5A mov eax, dword ptr fs:[00000030h]2_2_013C3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3B5A mov eax, dword ptr fs:[00000030h]2_2_013C3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139DB40 mov eax, dword ptr fs:[00000030h]2_2_0139DB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014153CA mov eax, dword ptr fs:[00000030h]2_2_014153CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014153CA mov eax, dword ptr fs:[00000030h]2_2_014153CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4BAD mov eax, dword ptr fs:[00000030h]2_2_013C4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4BAD mov eax, dword ptr fs:[00000030h]2_2_013C4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4BAD mov eax, dword ptr fs:[00000030h]2_2_013C4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BEB9A mov eax, dword ptr fs:[00000030h]2_2_013BEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BEB9A mov eax, dword ptr fs:[00000030h]2_2_013BEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014423E3 mov ecx, dword ptr fs:[00000030h]2_2_014423E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014423E3 mov ecx, dword ptr fs:[00000030h]2_2_014423E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014423E3 mov eax, dword ptr fs:[00000030h]2_2_014423E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C2397 mov eax, dword ptr fs:[00000030h]2_2_013C2397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CB390 mov eax, dword ptr fs:[00000030h]2_2_013CB390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01394B94 mov edi, dword ptr fs:[00000030h]2_2_01394B94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A1B8F mov eax, dword ptr fs:[00000030h]2_2_013A1B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A1B8F mov eax, dword ptr fs:[00000030h]2_2_013A1B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C138B mov eax, dword ptr fs:[00000030h]2_2_013C138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C138B mov eax, dword ptr fs:[00000030h]2_2_013C138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C138B mov eax, dword ptr fs:[00000030h]2_2_013C138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0144D380 mov ecx, dword ptr fs:[00000030h]2_2_0144D380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0143EB8A mov ecx, dword ptr fs:[00000030h]2_2_0143EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0143EB8A mov eax, dword ptr fs:[00000030h]2_2_0143EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0143EB8A mov eax, dword ptr fs:[00000030h]2_2_0143EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0143EB8A mov eax, dword ptr fs:[00000030h]2_2_0143EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145138A mov eax, dword ptr fs:[00000030h]2_2_0145138A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01391BE9 mov eax, dword ptr fs:[00000030h]2_2_01391BE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BDBE9 mov eax, dword ptr fs:[00000030h]2_2_013BDBE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C03E2 mov eax, dword ptr fs:[00000030h]2_2_013C03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C03E2 mov eax, dword ptr fs:[00000030h]2_2_013C03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C03E2 mov eax, dword ptr fs:[00000030h]2_2_013C03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C03E2 mov eax, dword ptr fs:[00000030h]2_2_013C03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C03E2 mov eax, dword ptr fs:[00000030h]2_2_013C03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C03E2 mov eax, dword ptr fs:[00000030h]2_2_013C03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01465BA5 mov eax, dword ptr fs:[00000030h]2_2_01465BA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451BA8 mov eax, dword ptr fs:[00000030h]2_2_01451BA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468BB6 mov eax, dword ptr fs:[00000030h]2_2_01468BB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01469BBE mov eax, dword ptr fs:[00000030h]2_2_01469BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C53C5 mov eax, dword ptr fs:[00000030h]2_2_013C53C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01398239 mov eax, dword ptr fs:[00000030h]2_2_01398239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01398239 mov eax, dword ptr fs:[00000030h]2_2_01398239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01398239 mov eax, dword ptr fs:[00000030h]2_2_01398239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB236 mov eax, dword ptr fs:[00000030h]2_2_013BB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB236 mov eax, dword ptr fs:[00000030h]2_2_013BB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB236 mov eax, dword ptr fs:[00000030h]2_2_013BB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB236 mov eax, dword ptr fs:[00000030h]2_2_013BB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB236 mov eax, dword ptr fs:[00000030h]2_2_013BB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB236 mov eax, dword ptr fs:[00000030h]2_2_013BB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145EA55 mov eax, dword ptr fs:[00000030h]2_2_0145EA55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D4A2C mov eax, dword ptr fs:[00000030h]2_2_013D4A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D4A2C mov eax, dword ptr fs:[00000030h]2_2_013D4A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BA229 mov eax, dword ptr fs:[00000030h]2_2_013BA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01424257 mov eax, dword ptr fs:[00000030h]2_2_01424257
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01394A20 mov eax, dword ptr fs:[00000030h]2_2_01394A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01394A20 mov eax, dword ptr fs:[00000030h]2_2_01394A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451A5F mov eax, dword ptr fs:[00000030h]2_2_01451A5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0144B260 mov eax, dword ptr fs:[00000030h]2_2_0144B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0144B260 mov eax, dword ptr fs:[00000030h]2_2_0144B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468A62 mov eax, dword ptr fs:[00000030h]2_2_01468A62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B3A1C mov eax, dword ptr fs:[00000030h]2_2_013B3A1C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395210 mov eax, dword ptr fs:[00000030h]2_2_01395210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395210 mov ecx, dword ptr fs:[00000030h]2_2_01395210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395210 mov eax, dword ptr fs:[00000030h]2_2_01395210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395210 mov eax, dword ptr fs:[00000030h]2_2_01395210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139AA16 mov eax, dword ptr fs:[00000030h]2_2_0139AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139AA16 mov eax, dword ptr fs:[00000030h]2_2_0139AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A8A0A mov eax, dword ptr fs:[00000030h]2_2_013A8A0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D927A mov eax, dword ptr fs:[00000030h]2_2_013D927A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145AA16 mov eax, dword ptr fs:[00000030h]2_2_0145AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145AA16 mov eax, dword ptr fs:[00000030h]2_2_0145AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D5A69 mov eax, dword ptr fs:[00000030h]2_2_013D5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D5A69 mov eax, dword ptr fs:[00000030h]2_2_013D5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D5A69 mov eax, dword ptr fs:[00000030h]2_2_013D5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451229 mov eax, dword ptr fs:[00000030h]2_2_01451229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01399240 mov eax, dword ptr fs:[00000030h]2_2_01399240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01399240 mov eax, dword ptr fs:[00000030h]2_2_01399240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01399240 mov eax, dword ptr fs:[00000030h]2_2_01399240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01399240 mov eax, dword ptr fs:[00000030h]2_2_01399240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C12BD mov esi, dword ptr fs:[00000030h]2_2_013C12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C12BD mov eax, dword ptr fs:[00000030h]2_2_013C12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C12BD mov eax, dword ptr fs:[00000030h]2_2_013C12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AAAB0 mov eax, dword ptr fs:[00000030h]2_2_013AAAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AAAB0 mov eax, dword ptr fs:[00000030h]2_2_013AAAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CFAB0 mov eax, dword ptr fs:[00000030h]2_2_013CFAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01391AA0 mov eax, dword ptr fs:[00000030h]2_2_01391AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468ADD mov eax, dword ptr fs:[00000030h]2_2_01468ADD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013952A5 mov eax, dword ptr fs:[00000030h]2_2_013952A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013952A5 mov eax, dword ptr fs:[00000030h]2_2_013952A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013952A5 mov eax, dword ptr fs:[00000030h]2_2_013952A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013952A5 mov eax, dword ptr fs:[00000030h]2_2_013952A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013952A5 mov eax, dword ptr fs:[00000030h]2_2_013952A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C5AA0 mov eax, dword ptr fs:[00000030h]2_2_013C5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C5AA0 mov eax, dword ptr fs:[00000030h]2_2_013C5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CD294 mov eax, dword ptr fs:[00000030h]2_2_013CD294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CD294 mov eax, dword ptr fs:[00000030h]2_2_013CD294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454AEF mov eax, dword ptr fs:[00000030h]2_2_01454AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CDA88 mov eax, dword ptr fs:[00000030h]2_2_013CDA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CDA88 mov eax, dword ptr fs:[00000030h]2_2_013CDA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C2AE4 mov eax, dword ptr fs:[00000030h]2_2_013C2AE4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145129A mov eax, dword ptr fs:[00000030h]2_2_0145129A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013912D4 mov eax, dword ptr fs:[00000030h]2_2_013912D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01393ACA mov eax, dword ptr fs:[00000030h]2_2_01393ACA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C2ACB mov eax, dword ptr fs:[00000030h]2_2_013C2ACB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395AC0 mov eax, dword ptr fs:[00000030h]2_2_01395AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395AC0 mov eax, dword ptr fs:[00000030h]2_2_01395AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01395AC0 mov eax, dword ptr fs:[00000030h]2_2_01395AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01413540 mov eax, dword ptr fs:[00000030h]2_2_01413540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01448D47 mov eax, dword ptr fs:[00000030h]2_2_01448D47
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01443D40 mov eax, dword ptr fs:[00000030h]2_2_01443D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4D3B mov eax, dword ptr fs:[00000030h]2_2_013C4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4D3B mov eax, dword ptr fs:[00000030h]2_2_013C4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4D3B mov eax, dword ptr fs:[00000030h]2_2_013C4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139AD30 mov eax, dword ptr fs:[00000030h]2_2_0139AD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A3D34 mov eax, dword ptr fs:[00000030h]2_2_013A3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CF527 mov eax, dword ptr fs:[00000030h]2_2_013CF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CF527 mov eax, dword ptr fs:[00000030h]2_2_013CF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CF527 mov eax, dword ptr fs:[00000030h]2_2_013CF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BC577 mov eax, dword ptr fs:[00000030h]2_2_013BC577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BC577 mov eax, dword ptr fs:[00000030h]2_2_013BC577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B8D76 mov eax, dword ptr fs:[00000030h]2_2_013B8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B8D76 mov eax, dword ptr fs:[00000030h]2_2_013B8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B8D76 mov eax, dword ptr fs:[00000030h]2_2_013B8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B8D76 mov eax, dword ptr fs:[00000030h]2_2_013B8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B8D76 mov eax, dword ptr fs:[00000030h]2_2_013B8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01453518 mov eax, dword ptr fs:[00000030h]2_2_01453518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01453518 mov eax, dword ptr fs:[00000030h]2_2_01453518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01453518 mov eax, dword ptr fs:[00000030h]2_2_01453518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B7D50 mov eax, dword ptr fs:[00000030h]2_2_013B7D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D4D51 mov eax, dword ptr fs:[00000030h]2_2_013D4D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D4D51 mov eax, dword ptr fs:[00000030h]2_2_013D4D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468D34 mov eax, dword ptr fs:[00000030h]2_2_01468D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139354C mov eax, dword ptr fs:[00000030h]2_2_0139354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139354C mov eax, dword ptr fs:[00000030h]2_2_0139354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0141A537 mov eax, dword ptr fs:[00000030h]2_2_0141A537
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145E539 mov eax, dword ptr fs:[00000030h]2_2_0145E539
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D3D43 mov eax, dword ptr fs:[00000030h]2_2_013D3D43
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416DC9 mov eax, dword ptr fs:[00000030h]2_2_01416DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416DC9 mov eax, dword ptr fs:[00000030h]2_2_01416DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416DC9 mov eax, dword ptr fs:[00000030h]2_2_01416DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416DC9 mov ecx, dword ptr fs:[00000030h]2_2_01416DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416DC9 mov eax, dword ptr fs:[00000030h]2_2_01416DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416DC9 mov eax, dword ptr fs:[00000030h]2_2_01416DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C1DB5 mov eax, dword ptr fs:[00000030h]2_2_013C1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C1DB5 mov eax, dword ptr fs:[00000030h]2_2_013C1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C1DB5 mov eax, dword ptr fs:[00000030h]2_2_013C1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0144FDD3 mov eax, dword ptr fs:[00000030h]2_2_0144FDD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C65A0 mov eax, dword ptr fs:[00000030h]2_2_013C65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C65A0 mov eax, dword ptr fs:[00000030h]2_2_013C65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C65A0 mov eax, dword ptr fs:[00000030h]2_2_013C65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C35A1 mov eax, dword ptr fs:[00000030h]2_2_013C35A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CFD9B mov eax, dword ptr fs:[00000030h]2_2_013CFD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CFD9B mov eax, dword ptr fs:[00000030h]2_2_013CFD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145FDE2 mov eax, dword ptr fs:[00000030h]2_2_0145FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145FDE2 mov eax, dword ptr fs:[00000030h]2_2_0145FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145FDE2 mov eax, dword ptr fs:[00000030h]2_2_0145FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145FDE2 mov eax, dword ptr fs:[00000030h]2_2_0145FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01393591 mov eax, dword ptr fs:[00000030h]2_2_01393591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01392D8A mov eax, dword ptr fs:[00000030h]2_2_01392D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01392D8A mov eax, dword ptr fs:[00000030h]2_2_01392D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01392D8A mov eax, dword ptr fs:[00000030h]2_2_01392D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01392D8A mov eax, dword ptr fs:[00000030h]2_2_01392D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01392D8A mov eax, dword ptr fs:[00000030h]2_2_01392D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01448DF1 mov eax, dword ptr fs:[00000030h]2_2_01448DF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C2581 mov eax, dword ptr fs:[00000030h]2_2_013C2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C2581 mov eax, dword ptr fs:[00000030h]2_2_013C2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C2581 mov eax, dword ptr fs:[00000030h]2_2_013C2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C2581 mov eax, dword ptr fs:[00000030h]2_2_013C2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145B581 mov eax, dword ptr fs:[00000030h]2_2_0145B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145B581 mov eax, dword ptr fs:[00000030h]2_2_0145B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145B581 mov eax, dword ptr fs:[00000030h]2_2_0145B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0145B581 mov eax, dword ptr fs:[00000030h]2_2_0145B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452D82 mov eax, dword ptr fs:[00000030h]2_2_01452D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452D82 mov eax, dword ptr fs:[00000030h]2_2_01452D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452D82 mov eax, dword ptr fs:[00000030h]2_2_01452D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452D82 mov eax, dword ptr fs:[00000030h]2_2_01452D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452D82 mov eax, dword ptr fs:[00000030h]2_2_01452D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452D82 mov eax, dword ptr fs:[00000030h]2_2_01452D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01452D82 mov eax, dword ptr fs:[00000030h]2_2_01452D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013995F0 mov eax, dword ptr fs:[00000030h]2_2_013995F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013995F0 mov ecx, dword ptr fs:[00000030h]2_2_013995F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C95EC mov eax, dword ptr fs:[00000030h]2_2_013C95EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AD5E0 mov eax, dword ptr fs:[00000030h]2_2_013AD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AD5E0 mov eax, dword ptr fs:[00000030h]2_2_013AD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014605AC mov eax, dword ptr fs:[00000030h]2_2_014605AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014605AC mov eax, dword ptr fs:[00000030h]2_2_014605AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013915C1 mov eax, dword ptr fs:[00000030h]2_2_013915C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01394439 mov eax, dword ptr fs:[00000030h]2_2_01394439
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3C3E mov eax, dword ptr fs:[00000030h]2_2_013C3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3C3E mov eax, dword ptr fs:[00000030h]2_2_013C3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3C3E mov eax, dword ptr fs:[00000030h]2_2_013C3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AB433 mov eax, dword ptr fs:[00000030h]2_2_013AB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AB433 mov eax, dword ptr fs:[00000030h]2_2_013AB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AB433 mov eax, dword ptr fs:[00000030h]2_2_013AB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CBC2C mov eax, dword ptr fs:[00000030h]2_2_013CBC2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468450 mov eax, dword ptr fs:[00000030h]2_2_01468450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468C75 mov eax, dword ptr fs:[00000030h]2_2_01468C75
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451C06 mov eax, dword ptr fs:[00000030h]2_2_01451C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CAC7B mov eax, dword ptr fs:[00000030h]2_2_013CAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0146740D mov eax, dword ptr fs:[00000030h]2_2_0146740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0146740D mov eax, dword ptr fs:[00000030h]2_2_0146740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0146740D mov eax, dword ptr fs:[00000030h]2_2_0146740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416C0A mov eax, dword ptr fs:[00000030h]2_2_01416C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416C0A mov eax, dword ptr fs:[00000030h]2_2_01416C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416C0A mov eax, dword ptr fs:[00000030h]2_2_01416C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416C0A mov eax, dword ptr fs:[00000030h]2_2_01416C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB477 mov eax, dword ptr fs:[00000030h]2_2_013BB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013D5C70 mov eax, dword ptr fs:[00000030h]2_2_013D5C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468C14 mov eax, dword ptr fs:[00000030h]2_2_01468C14
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013B746D mov eax, dword ptr fs:[00000030h]2_2_013B746D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CA44B mov eax, dword ptr fs:[00000030h]2_2_013CA44B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01394CB0 mov eax, dword ptr fs:[00000030h]2_2_01394CB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CD4B0 mov eax, dword ptr fs:[00000030h]2_2_013CD4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468CD6 mov eax, dword ptr fs:[00000030h]2_2_01468CD6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013A849B mov eax, dword ptr fs:[00000030h]2_2_013A849B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139649B mov eax, dword ptr fs:[00000030h]2_2_0139649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139649B mov eax, dword ptr fs:[00000030h]2_2_0139649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416CF0 mov eax, dword ptr fs:[00000030h]2_2_01416CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416CF0 mov eax, dword ptr fs:[00000030h]2_2_01416CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01416CF0 mov eax, dword ptr fs:[00000030h]2_2_01416CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01391480 mov eax, dword ptr fs:[00000030h]2_2_01391480
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_014514FB mov eax, dword ptr fs:[00000030h]2_2_014514FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01454496 mov eax, dword ptr fs:[00000030h]2_2_01454496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01392CDB mov eax, dword ptr fs:[00000030h]2_2_01392CDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01469CB3 mov eax, dword ptr fs:[00000030h]2_2_01469CB3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB73D mov eax, dword ptr fs:[00000030h]2_2_013BB73D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BB73D mov eax, dword ptr fs:[00000030h]2_2_013BB73D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01396730 mov eax, dword ptr fs:[00000030h]2_2_01396730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01396730 mov eax, dword ptr fs:[00000030h]2_2_01396730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01396730 mov eax, dword ptr fs:[00000030h]2_2_01396730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CE730 mov eax, dword ptr fs:[00000030h]2_2_013CE730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C3F33 mov eax, dword ptr fs:[00000030h]2_2_013C3F33
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01451751 mov eax, dword ptr fs:[00000030h]2_2_01451751
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01394F2E mov eax, dword ptr fs:[00000030h]2_2_01394F2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01394F2E mov eax, dword ptr fs:[00000030h]2_2_01394F2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01425F5F mov eax, dword ptr fs:[00000030h]2_2_01425F5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01425F5F mov eax, dword ptr fs:[00000030h]2_2_01425F5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01425F5F mov eax, dword ptr fs:[00000030h]2_2_01425F5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01425F5F mov eax, dword ptr fs:[00000030h]2_2_01425F5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01425F5F mov eax, dword ptr fs:[00000030h]2_2_01425F5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01468F6A mov eax, dword ptr fs:[00000030h]2_2_01468F6A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013C4710 mov eax, dword ptr fs:[00000030h]2_2_013C4710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BF716 mov eax, dword ptr fs:[00000030h]2_2_013BF716
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CA70E mov eax, dword ptr fs:[00000030h]2_2_013CA70E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CA70E mov eax, dword ptr fs:[00000030h]2_2_013CA70E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0146070D mov eax, dword ptr fs:[00000030h]2_2_0146070D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0146070D mov eax, dword ptr fs:[00000030h]2_2_0146070D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0142FF10 mov eax, dword ptr fs:[00000030h]2_2_0142FF10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0142FF10 mov eax, dword ptr fs:[00000030h]2_2_0142FF10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01396F60 mov eax, dword ptr fs:[00000030h]2_2_01396F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01396F60 mov eax, dword ptr fs:[00000030h]2_2_01396F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AFF60 mov eax, dword ptr fs:[00000030h]2_2_013AFF60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BE760 mov eax, dword ptr fs:[00000030h]2_2_013BE760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013BE760 mov eax, dword ptr fs:[00000030h]2_2_013BE760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013CDF4C mov eax, dword ptr fs:[00000030h]2_2_013CDF4C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_013AEF40 mov eax, dword ptr fs:[00000030h]2_2_013AEF40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_0139A745 mov eax, dword ptr fs:[00000030h]2_2_0139A745
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01392FB0 mov eax, dword ptr fs:[00000030h]2_2_01392FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCode function: 2_2_01392FB0 mov eax, dword ptr fs:[00000030h]2_2_01392FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.386d620.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.381da00.3.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection11Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection11NTDSSystem Information Discovery112Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information41Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing12DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe37%VirustotalBrowse
          SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe30%ReversingLabsWin32.Trojan.AgentTesla
          SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.rizrvd.com/bw82/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.rizrvd.com/bw82/true
          • Avira URL Cloud: safe
          		low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpfalse
            		high
            https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssSecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe, 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmpfalse
              		high

              Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox Version:31.0.0 Emerald
              Analysis ID:356587
              Start date:23.02.2021
              Start time:11:49:30
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 6m 10s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:SecuriteInfo.com.Trojan.GenericKDZ.73120.139.15119 (renamed file extension from 15119 to exe)
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:4
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@3/1@0/0
              EGA Information:Failed
              HDC Information:
              • Successful, ratio: 2.9% (good quality ratio 2.9%)
              • Quality average: 72.5%
              • Quality standard deviation: 28.3%
              HCA Information:
              • Successful, ratio: 99%
              • Number of executed functions: 49
              • Number of non-executed functions: 240
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Stop behavior analysis, all processes terminated
              Warnings:
              Show All
              • Exclude process from analysis (whitelisted): taskhostw.exe, svchost.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              11:50:25API Interceptor1x Sleep call for process: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe modified

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASN

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe.log
              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1314
              Entropy (8bit):5.350128552078965
              Encrypted:false
              SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
              MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
              SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
              SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
              SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
              Malicious:true
              Reputation:high, very likely benign file
              Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):6.784399876642811
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
              File size:1044992
              MD5:fac509b5175d3647945bdbf7ac010acc
              SHA1:048a87d3a938217f555da58662da7bfe59971a9e
              SHA256:44283ee3be33ad2077f6c8c18b1699f3d694cb936336523b299646f1a39ea8fc
              SHA512:e6965ff1f36abdbc2c8903c6263e941daf9cea7c7b27a9c7e4cca4d31bc931a3df6b0951014d5ab40985d31c698d1588a1943cf6862c290dc0e18198a7b29657
              SSDEEP:12288:U1adigOaHhw5Lk+hg2iwndbVSdmPFKvvu3LmAkT3fkGL6Dv6u/ZHmSYrRBmR2v:UbaAx3domFKuy5Tss+CuB6rRMR2
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....3`..............P......L........... ........@.. .......................`............@................................

              File Icon

              Icon Hash:71e8e4a8e8f634c0

              Static PE Info

              General

              Entrypoint:0x4fc2c2
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Time Stamp:0x603383DB [Mon Feb 22 10:13:47 2021 UTC]
              TLS Callbacks:
              CLR (.Net) Version:v4.0.30319
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xfc2700x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xfe0000x4904.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1040000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xfa2c80xfa400False0.531702672328data6.80894356258IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              .rsrc0xfe0000x49040x4a00False0.419499577703data4.59257754415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0x1040000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountry
              RT_ICON0xfe1000x4228dBase III DBT, version number 0, next free block index 40
              RT_GROUP_ICON0x1023380x14data
              RT_VERSION0x10235c0x3a6data
              RT_MANIFEST0x1027140x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Version Infos

              DescriptionData
              Translation0x0000 0x04b0
              LegalCopyrightCopyright 2017 Robert B. Cialdini
              Assembly Version43.338.0.0
              InternalNameCLRSurrogateEntry.exe
              FileVersion43.338.0.0
              CompanyNameRobert B. Cialdini
              LegalTrademarks
              Comments
              ProductNameThesis Nana
              ProductVersion43.338.0.0
              FileDescriptionThesis Nana
              OriginalFilenameCLRSurrogateEntry.exe

              Network Behavior

              No network behavior found

              Code Manipulations

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              Analysis Process: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe PID: 6528 Parent PID: 5608

              General

              Start time:11:50:24
              Start date:23/02/2021
              Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe'
              Imagebase:0x230000
              File size:1044992 bytes
              MD5 hash:FAC509B5175D3647945BDBF7AC010ACC
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Yara matches:
              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, Author: Joe Security
              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.224800988.00000000036E9000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.224526375.00000000026E1000.00000004.00000001.sdmp, Author: Joe Security
              Reputation:low

              Chronological Activities

              Analysis Process: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe PID: 6652 Parent PID: 6528

              General

              Start time:11:50:26
              Start date:23/02/2021
              Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe
              Imagebase:0x770000
              File size:1044992 bytes
              MD5 hash:FAC509B5175D3647945BDBF7AC010ACC
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
              Reputation:low

              Chronological Activities

              Disassembly

              Code Analysis

              Reset < >

                Analysis Process: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe PID: 6528 Parent PID: 5608 SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCOMMON

                Executed Functions

                Function 02649608, Relevance: .7, Instructions: 651COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74ae33b3541fe7dea8fccaca8f3ba7979d086e5a6e410af8fdea887fa8f48457
                • Instruction ID: 1fad18a5d8a71401526c08ef453a3623d9bde7e39645f906fc355489ac047301
                • Opcode Fuzzy Hash: 74ae33b3541fe7dea8fccaca8f3ba7979d086e5a6e410af8fdea887fa8f48457
                • Instruction Fuzzy Hash: 76526B31A00619CFDB15CF58C880BAEB7B6FF45304F5588A9E94AAB251DB70FD85CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05842C60, Relevance: .4, Instructions: 361COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f088b052438c99c739fde7bdfc6b7defab1db5db5a60791e277c3624b63e93fb
                • Instruction ID: 0d5df7d865e2075467409bc9d82ebc277e0632dccbd714b3826c3c955da22050
                • Opcode Fuzzy Hash: f088b052438c99c739fde7bdfc6b7defab1db5db5a60791e277c3624b63e93fb
                • Instruction Fuzzy Hash: 99D1BC307057088FEB25DB6AC450BAEB7E6AF89704F10446DE98ADB291DF35ED01CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05840F70, Relevance: .3, Instructions: 274COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 918ce311cfc6c3a834a6721db6e192053f483352f7b64fc2aabfb15f3b49d520
                • Instruction ID: 417bb354d12d2ff7af9620d57c394f9a21528cc4f2ee4d27d8b058fb0e174a9f
                • Opcode Fuzzy Hash: 918ce311cfc6c3a834a6721db6e192053f483352f7b64fc2aabfb15f3b49d520
                • Instruction Fuzzy Hash: 8DB15D31A002199FCB15CF69C588AAEB7B6FF44304F568469EC15EB261DB31ED85CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05840007, Relevance: .1, Instructions: 149COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d513dfb9859115c650518a0207d593516a3f036dbbef66e8e3716e827ffeaab5
                • Instruction ID: aec742b030aaca4520c5a5e225266f074896de9a742e299d29ea05b3d146e0f2
                • Opcode Fuzzy Hash: d513dfb9859115c650518a0207d593516a3f036dbbef66e8e3716e827ffeaab5
                • Instruction Fuzzy Hash: 4F512C70D05258CFEB25CF66C8047EABBB2AF86308F0480EAC95DAB255DB341E85CF51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05840B81, Relevance: .1, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14145b56c323b6edba48534a5a6145607648c65c1b147f363e34aa05809305f0
                • Instruction ID: 49e6c021d65f09bea031a9919f07aac0d45df9d3af23893a23c87eb364552339
                • Opcode Fuzzy Hash: 14145b56c323b6edba48534a5a6145607648c65c1b147f363e34aa05809305f0
                • Instruction Fuzzy Hash: 7751C134D05229CFDB21DF65D8447EEB7B2BB8A309F1095EAC959AB250EB305E85CF40
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05840040, Relevance: .1, Instructions: 140COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a40308a08d1fc624dadc786657285310fbe5548996e0c1fc43c46f5773bb70f
                • Instruction ID: 7af8470e1c0639deb0e3e6bad6cb6f5fb482e170cc07afb13d557da4dc56626d
                • Opcode Fuzzy Hash: 0a40308a08d1fc624dadc786657285310fbe5548996e0c1fc43c46f5773bb70f
                • Instruction Fuzzy Hash: 2551E970D0422DCFEB24CF56C8447EEB6B2AB85308F0481EAC95DAB254DB341E85CF41
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05840CC7, Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e4d1d30088e497e9b8d82bbc480f7745ced96b31bf21acd91d8b32ce5b8912f
                • Instruction ID: 0aa383eb3c7629ca5b1d5b8a4664f574bfe6a9632e286e2e617a958c055ce812
                • Opcode Fuzzy Hash: 9e4d1d30088e497e9b8d82bbc480f7745ced96b31bf21acd91d8b32ce5b8912f
                • Instruction Fuzzy Hash: 9741063494522DCFEB21DF54D844BEDB7B2BB89308F0081EAC959AB280DB355E85CF51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05840119, Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e67defda06bf6ce009eabaa79d709e141ee0eebccbd18aa496b56538eddd3258
                • Instruction ID: d2071e84d598b9fc34170091db0e260fbf5c00c15996f671d86d91c8bcf60d4f
                • Opcode Fuzzy Hash: e67defda06bf6ce009eabaa79d709e141ee0eebccbd18aa496b56538eddd3258
                • Instruction Fuzzy Hash: 8D310434900229CFDB21CF54D844BEDB7B2BB86309F0080EAC959AB680DB305E85CF51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05842290, Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0963c85e1e4e72688ab59c93f5c76faa20404aeca4cda4fdd98dc5ccbd64a007
                • Instruction ID: 6ad077e2c9e6a1f645ea1e31756068fabd938fa162eeec67894fc99596deea05
                • Opcode Fuzzy Hash: 0963c85e1e4e72688ab59c93f5c76faa20404aeca4cda4fdd98dc5ccbd64a007
                • Instruction Fuzzy Hash: 03116A30D0926C8BDB159FA5C818BEEBBF1AB0A304F14946AE852F3291C7788944DF75
                Uniqueness

                Uniqueness Score: -1.00%

                Function 058422A0, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 99b7b14a7cdaaf8cd3217fad30ad7724b78adb7c0b933feb7430190c3d985430
                • Instruction ID: 3db25e08dabddd39e3a81888701346ccf318f136f9a956b5595a32a64a9d6983
                • Opcode Fuzzy Hash: 99b7b14a7cdaaf8cd3217fad30ad7724b78adb7c0b933feb7430190c3d985430
                • Instruction Fuzzy Hash: 17111874D0826C8BDB14CFA5C418BEEFAF1BB4E315F149069E816B3290C7784944DF69
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264BBB0, Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 0264BE06
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 505441546e565e778a5c228f41c75dc9def1fd3ca96dedfae7186f1810ea732d
                • Instruction ID: 9feb7dd5c9c94ad98e95e81be184e66c7579b9bd3fe7785948f6bdda9c23e8ae
                • Opcode Fuzzy Hash: 505441546e565e778a5c228f41c75dc9def1fd3ca96dedfae7186f1810ea732d
                • Instruction Fuzzy Hash: 09812770A00B058FD724DF6AC59579ABBF1BF88208F00892DD59ADBB50DB35E906CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264AE37, Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1ad92292566427b12990e7873160159af775890246cb2c7613a5aa600fc04da
                • Instruction ID: 8ac459e062eeb6aa2402f146f683f13ecc9202de8643359e4ce5a8efcfc6af8c
                • Opcode Fuzzy Hash: f1ad92292566427b12990e7873160159af775890246cb2c7613a5aa600fc04da
                • Instruction Fuzzy Hash: B7711FB1D003499FDB14CFA9C984ADEBBF5FF48314F24812AE459AB250DB74A846CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264DC6D, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                Download Yara Rule
                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0264DD8A
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: e2794b8d2da48552b12b1e7b54b69176968a1e3868049974b833cdf3d25c00dc
                • Instruction ID: 7cca2eced551a66393033af12ef151e51ebfc4814f5279875a70338580efc903
                • Opcode Fuzzy Hash: e2794b8d2da48552b12b1e7b54b69176968a1e3868049974b833cdf3d25c00dc
                • Instruction Fuzzy Hash: 3D51CFB1D00309DFDB14CF99D984ADEBBB5BF48314F24812AE819AB350DB749986CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264AEB4, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                Download Yara Rule
                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0264DD8A
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: 5e1f8a27b665ca8b7c2d813836eaa1417e1316b7c412ea3c3dca829552e5e214
                • Instruction ID: 6fe9603925c5372dbdb9dbf6c0308d0f7976802ad0d0e43f33002066147fb1b9
                • Opcode Fuzzy Hash: 5e1f8a27b665ca8b7c2d813836eaa1417e1316b7c412ea3c3dca829552e5e214
                • Instruction Fuzzy Hash: A151B0B1D00309EFDB14CF99C984ADEBBB5FF48314F24812AE819AB250DB759945CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02646D61, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02646E5F
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 8ab4ff6994f2edfc682310e52a744c9aeb84f4b6bdef615235e36a75809558a7
                • Instruction ID: c4ea5266775982a3fa899df6998c2b68d95cda05ae4faa0a172a6154587d2d77
                • Opcode Fuzzy Hash: 8ab4ff6994f2edfc682310e52a744c9aeb84f4b6bdef615235e36a75809558a7
                • Instruction Fuzzy Hash: 31417776900208AFDB01CF99D944ADEBFF9EF49310F04801AE918A7320C7359A54CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02646DD0, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02646E5F
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 4c29a048937a96db6d6618ab6a8a2f541e30ea08298042ff5dec1f58404d3560
                • Instruction ID: bd2472d58efe3fc63e44c1d799fce5166931679d20d479d667d3e36a583d64bb
                • Opcode Fuzzy Hash: 4c29a048937a96db6d6618ab6a8a2f541e30ea08298042ff5dec1f58404d3560
                • Instruction Fuzzy Hash: 3721E4B5D012099FDB10CFA9D984ADEBBF4FF48324F14801AE968A7310D775AA45CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02646DD8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02646E5F
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 189b936e70b18ceaf23932f9e53980fe5ca2fcd9d9316e92d1f554edfbe1ef57
                • Instruction ID: de451a6a1f222ede9f99c1e13134d070d9d8d49fa0d8a2d789d9a71c32f233c9
                • Opcode Fuzzy Hash: 189b936e70b18ceaf23932f9e53980fe5ca2fcd9d9316e92d1f554edfbe1ef57
                • Instruction Fuzzy Hash: D221D5B5D002499FDB10CFA9D984ADEBBF8FB48324F14841AE958A7310D774A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264AD78, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                Download Yara Rule
                APIs
                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0264BE81,00000800,00000000,00000000), ref: 0264C092
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: LibraryLoad
                • String ID:
                • API String ID: 1029625771-0
                • Opcode ID: 08da085aa3db794cf0e730919672f57417a5601f751915eeabef262ae0a9ad0a
                • Instruction ID: 7d69311d0491f76fa289f4fa2493d0dd32b0e8ef27d9410a80541549c3278c4b
                • Opcode Fuzzy Hash: 08da085aa3db794cf0e730919672f57417a5601f751915eeabef262ae0a9ad0a
                • Instruction Fuzzy Hash: 7D1117B69002498FDB20CF9AD944BDEFBF4EB48714F00851AE569A7700C775A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264C020, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                Download Yara Rule
                APIs
                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0264BE81,00000800,00000000,00000000), ref: 0264C092
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: LibraryLoad
                • String ID:
                • API String ID: 1029625771-0
                • Opcode ID: 0de4ec34e799ae78222aefa0d0b612b629cea31847a9d1c701c001b1710cf7cf
                • Instruction ID: 6d93f079e22ddf4b6cf5b77e32fcef19b2f852e8d78444f01a0daf85801e72d9
                • Opcode Fuzzy Hash: 0de4ec34e799ae78222aefa0d0b612b629cea31847a9d1c701c001b1710cf7cf
                • Instruction Fuzzy Hash: 431117B6D002498FDB10CF9AC544BDEFBF4AB48324F11851AD569A7700C775A949CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05843250, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • FindCloseChangeNotification.KERNELBASE(?), ref: 058432B0
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID: ChangeCloseFindNotification
                • String ID:
                • API String ID: 2591292051-0
                • Opcode ID: 619af1e74c31765b1bf8efbc72c0157defd6a2f64fd95bf8feadaf7c429f6b5e
                • Instruction ID: 0981114710979534a4ca835d0c367c9bc50f0e7ec132473ffcc17712b0dec6dd
                • Opcode Fuzzy Hash: 619af1e74c31765b1bf8efbc72c0157defd6a2f64fd95bf8feadaf7c429f6b5e
                • Instruction Fuzzy Hash: DB113AB18007498FDB10DF99C545BDEBBF4EB48324F158419D968A7740D738AA45CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05841361, Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,?,?,?), ref: 058413C5
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 3a70f65df63d882d29f9aedb73141796311b72bca5f831c77315dc73d9109c0a
                • Instruction ID: 4ed613bf715b42efb8b09ccdd57fd4e5de715e6e4296150ae9d53f0964af2415
                • Opcode Fuzzy Hash: 3a70f65df63d882d29f9aedb73141796311b72bca5f831c77315dc73d9109c0a
                • Instruction Fuzzy Hash: D41125B18003499FDB10CF99C888BDEFBF8EB49324F108459E968A7640D374A985CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05843258, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • FindCloseChangeNotification.KERNELBASE(?), ref: 058432B0
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID: ChangeCloseFindNotification
                • String ID:
                • API String ID: 2591292051-0
                • Opcode ID: 7ff5afb25e8bca6141a26851d34881080adb1ff96a26b3eb3e01a8b54f14759d
                • Instruction ID: 8433040dbe8625417d8ae2a4e3cba11595301552dea925b9e23281eca90053d4
                • Opcode Fuzzy Hash: 7ff5afb25e8bca6141a26851d34881080adb1ff96a26b3eb3e01a8b54f14759d
                • Instruction Fuzzy Hash: BC1148B18007498FDB10CF99C448BDEBBF4EF48320F14841AD968A7340D738A989CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264BDA0, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 0264BE06
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 754b548b7cd97d1e73b2ec848bf97dcde2405054125280897cd9904042c6f19c
                • Instruction ID: fcf843af7755148a97a392f16bb1dd12238bb79bf18cccc94633d7683c6ff8df
                • Opcode Fuzzy Hash: 754b548b7cd97d1e73b2ec848bf97dcde2405054125280897cd9904042c6f19c
                • Instruction Fuzzy Hash: 721110B2D006498FDB10CF9AC944BDEFBF4AF88228F14842AD469B7700C775A546CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05841368, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,?,?,?), ref: 058413C5
                Memory Dump Source
                • Source File: 00000000.00000002.226373457.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 2ff8038588a55091ef53fa24f89ddd7965e3cd0e80c41a5ca18a83e5d3ae3aba
                • Instruction ID: 1b0d52b6e73cf4f2a81831591469e1cc349be2c44e88d08b3fb2bddd43e68da2
                • Opcode Fuzzy Hash: 2ff8038588a55091ef53fa24f89ddd7965e3cd0e80c41a5ca18a83e5d3ae3aba
                • Instruction Fuzzy Hash: 8211D3B58003499FDB10CF99D988BDEBBF8EB49324F108419E969A7600D375A984CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264DEC0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                Download Yara Rule
                APIs
                • SetWindowLongW.USER32(?,?,?), ref: 0264DF1D
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: LongWindow
                • String ID:
                • API String ID: 1378638983-0
                • Opcode ID: d094a9bdac6d1ce05a334fde4e33e3e5a086a4597970b620eb78197c37613c48
                • Instruction ID: edb2c1f2654b656a774075f939a73bf3af9113d6b18dfcb1507d90b12dbac467
                • Opcode Fuzzy Hash: d094a9bdac6d1ce05a334fde4e33e3e5a086a4597970b620eb78197c37613c48
                • Instruction Fuzzy Hash: 6411E5B59002499FDB20CF99D588BDFBBF8EB48324F10851AE969A7700C374A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264DEB9, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                Download Yara Rule
                APIs
                • SetWindowLongW.USER32(?,?,?), ref: 0264DF1D
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID: LongWindow
                • String ID:
                • API String ID: 1378638983-0
                • Opcode ID: ead5f9d36c77a8ea38a8985880733fa0e5ed821e8f24cacad66a640d96bd1e71
                • Instruction ID: 6a9a2c6b77adb4a19f9a46c5fb4126c15bafd963a337179944f20b65f570e3d9
                • Opcode Fuzzy Hash: ead5f9d36c77a8ea38a8985880733fa0e5ed821e8f24cacad66a640d96bd1e71
                • Instruction Fuzzy Hash: A41103B5D002098FDB20CF99D688BDFBBF4EB88324F14850AE569A7700C374A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009ED4D8, Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224219662.00000000009ED000.00000040.00000001.sdmp, Offset: 009ED000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c7f1d21058a809de7832d982c76e2ac94450cb7d43cbbe8b891a72e61bb9adb
                • Instruction ID: 32cca15fb1dfb36e6b378535f709feb3c9e2498a61817dc5109b6e99351d642a
                • Opcode Fuzzy Hash: 5c7f1d21058a809de7832d982c76e2ac94450cb7d43cbbe8b891a72e61bb9adb
                • Instruction Fuzzy Hash: BF213A71504380DFDB02CF54D9C0B27BB69FB98328F248569F8054B24AC73ADC45DBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009ED124, Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224219662.00000000009ED000.00000040.00000001.sdmp, Offset: 009ED000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0df5bba490ae6a6e9d2ac51660ec6ba9048d492a9348438ec6dc09e7309aa8fe
                • Instruction ID: 7defebf6d6de6dd7c08f382fd0bd7b34406b2ba356473624bef7b1884009a207
                • Opcode Fuzzy Hash: 0df5bba490ae6a6e9d2ac51660ec6ba9048d492a9348438ec6dc09e7309aa8fe
                • Instruction Fuzzy Hash: 9E213AB1508284DFDB0ACF54D9C0B27BF65FB88314F24C969E9050B246C33ADC45D7A1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009FD01C, Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224233932.00000000009FD000.00000040.00000001.sdmp, Offset: 009FD000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 041e8ce0b8c80c3313088e2bcc59d4a59593880aed95432579c87f0cc6ac14f4
                • Instruction ID: 2c8af428f742b3f588155a4c03848746e112569543847e106d4e700e649c3f27
                • Opcode Fuzzy Hash: 041e8ce0b8c80c3313088e2bcc59d4a59593880aed95432579c87f0cc6ac14f4
                • Instruction Fuzzy Hash: 92213771504248DFDB14CF14D9C4B36BB66FB88314F28C969EA094B346CB3AD847DB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009FD006, Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224233932.00000000009FD000.00000040.00000001.sdmp, Offset: 009FD000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6ce4a941f974d4ae16cf8d08cf645e5a9db6f29e5fafea77750c5fde1c090a6
                • Instruction ID: aff884a943fd6c85721c19f267b2a3071fe83963dafc36566abea1ab3c0a35c6
                • Opcode Fuzzy Hash: c6ce4a941f974d4ae16cf8d08cf645e5a9db6f29e5fafea77750c5fde1c090a6
                • Instruction Fuzzy Hash: 7A2180755093C48FCB02CF24D994715BF71EB46314F28C5EAD8498B697C73A984ACB62
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009ED11F, Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224219662.00000000009ED000.00000040.00000001.sdmp, Offset: 009ED000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2afa457568e0bb640a5e96658e9777ab49a47e984ab559958fa4953148591eca
                • Instruction ID: be06992d5f41cb7e14630bf3f8d6fbf5cab16e56cae593ae74ae13f255b1dc39
                • Opcode Fuzzy Hash: 2afa457568e0bb640a5e96658e9777ab49a47e984ab559958fa4953148591eca
                • Instruction Fuzzy Hash: A211D076408280CFCB16CF10D9C4B56BF71FB84324F28C6AADC040B656C33AD85ACBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009ED4D3, Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224219662.00000000009ED000.00000040.00000001.sdmp, Offset: 009ED000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2afa457568e0bb640a5e96658e9777ab49a47e984ab559958fa4953148591eca
                • Instruction ID: a15395df6491a67091d3eaae55c7995cc65f815bcf2503ae6ec2530993ba63c4
                • Opcode Fuzzy Hash: 2afa457568e0bb640a5e96658e9777ab49a47e984ab559958fa4953148591eca
                • Instruction Fuzzy Hash: 1B11E676404280DFCF12CF10D9C4B16BF71FB94324F24C6A9E8050B65AC33AD95ACBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009ED749, Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224219662.00000000009ED000.00000040.00000001.sdmp, Offset: 009ED000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2ffec4c5474ee3c7074002484f5c4418faba8b83c65cfc4ac0a985f8d9b19a48
                • Instruction ID: 869344249c7c0d274c66dd1a757efaccfca7e2e70785a1a1f8c4698bbdc0563c
                • Opcode Fuzzy Hash: 2ffec4c5474ee3c7074002484f5c4418faba8b83c65cfc4ac0a985f8d9b19a48
                • Instruction Fuzzy Hash: 3501F7B10093C0AAE7214B16DD84B67FBDCEF41334F18C91AE9185B242D37A9C44C6B1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009ED748, Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224219662.00000000009ED000.00000040.00000001.sdmp, Offset: 009ED000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 36923a774ed230f21b1634921e7c4b6efcd6bc90fe7f7ac66a957a70ef0addfa
                • Instruction ID: 41710c2b3ef179d8c9320b53096a0d9045569b343f18a3c766d2b5ae8f6d1847
                • Opcode Fuzzy Hash: 36923a774ed230f21b1634921e7c4b6efcd6bc90fe7f7ac66a957a70ef0addfa
                • Instruction Fuzzy Hash: 96F0C271405284AAEB218B06DC84B62FB9CEB41334F18C45AED181B282C37A9C44CAB0
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Function 0264C52D, Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 572dd78ff9d7da9332ca25da7c0743543496182a09c801c2589937fde06bc4eb
                • Instruction ID: 06729c0b918aa5eb7fc26ec7fe2e1ecb768e0e998139a4fcb00304334f1e960b
                • Opcode Fuzzy Hash: 572dd78ff9d7da9332ca25da7c0743543496182a09c801c2589937fde06bc4eb
                • Instruction Fuzzy Hash: 9B02B5F1C917468AE312DF65E9981CC7BA0B746328FD06A09D2633AAD1D7B411EECF44
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0264AB34, Relevance: .3, Instructions: 265COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.224343952.0000000002640000.00000040.00000001.sdmp, Offset: 02640000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca1d59129e515b5309c753280d9ca00495331f502165ac12b9626024cc0a9572
                • Instruction ID: a3548b32b84287be683f8bdc16c06bc67a5aac69380026777717b1aa1ab367de
                • Opcode Fuzzy Hash: ca1d59129e515b5309c753280d9ca00495331f502165ac12b9626024cc0a9572
                • Instruction Fuzzy Hash: 72A16A32E00219DFCF15DFA9C8445DEBBB2FF89308B15856AE845AB221EB71E955CF40
                Uniqueness

                Uniqueness Score: -1.00%

                Analysis Process: SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exe PID: 6652 Parent PID: 6528 SecuriteInfo.com.Trojan.GenericKDZ.73120.139.exeCOMMON

                Executed Functions

                Function 0041825C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38filenativeCOMMON
                Download Yara Rule
                C-Code - Quality: 37%
                			E0041825C(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t19;
				void* _t29;
				void* _t30;
				intOrPtr* _t31;
				void* _t33;

				_t14 = _a4;
				_t31 = _a4 + 0xc48;
				E00418DB0(_t29, _t14, _t31,  *((intOrPtr*)(_t14 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t19 =  *((intOrPtr*)( *_t31))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t30, _t33, _t33); // executed
				return _t19;
			}








                0x00418263
                0x0041826f
                0x00418277
                0x00418282
                0x0041829d
                0x004182a5
                0x004182a9

                APIs
                • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: FileRead
                • String ID: B=A$B=A
                • API String ID: 2738559852-2767357659
                • Opcode ID: 4441afe5b480c445e4af10c8f8922edbca3054b1a75dd2a3f5190de206556e4d
                • Instruction ID: de943160e91b2097658b8561939ebe43a0bc68e98f7736045236968f0c5998ef
                • Opcode Fuzzy Hash: 4441afe5b480c445e4af10c8f8922edbca3054b1a75dd2a3f5190de206556e4d
                • Instruction Fuzzy Hash: 7DF0E2B2200208AFCB04DF89DC90EEB77ADAF8C714F158249BA1D97241DA30E8518BA4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                Download Yara Rule
                C-Code - Quality: 37%
                			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DB0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                0x00418263
                0x0041826f
                0x00418277
                0x00418282
                0x0041829d
                0x004182a5
                0x004182a9

                APIs
                • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: FileRead
                • String ID: B=A$B=A
                • API String ID: 2738559852-2767357659
                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004181AA, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                Download Yara Rule
                APIs
                • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: CreateFile
                • String ID:
                • API String ID: 823142352-0
                • Opcode ID: 9bae0eb3ffb6eb6bfd393633e59707b62ba83f9c16c8488c96cd8951ec9eeb85
                • Instruction ID: d5671a957fbf69f59e2bb38e16f93d8646bb4d8f966cbc3ae5f6cbc16e4c9709
                • Opcode Fuzzy Hash: 9bae0eb3ffb6eb6bfd393633e59707b62ba83f9c16c8488c96cd8951ec9eeb85
                • Instruction Fuzzy Hash: 9D01BBB2201104ABCB48CF99DC84DDB77A9AF8C754F15824CFA1D97241C630E851CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                Download Yara Rule
                APIs
                • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: CreateFile
                • String ID:
                • API String ID: 823142352-0
                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                Download Yara Rule
                APIs
                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: AllocateMemoryVirtual
                • String ID:
                • API String ID: 2167126740-0
                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004182DA, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                Download Yara Rule
                APIs
                • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 4117a5e44119038a2029430489f3d9cd0bc453ede46ecf2d186ff3e06695392c
                • Instruction ID: bb598f78bcf0176fa49fecb9546cb1be327a81a223d3691381f11588243d921a
                • Opcode Fuzzy Hash: 4117a5e44119038a2029430489f3d9cd0bc453ede46ecf2d186ff3e06695392c
                • Instruction Fuzzy Hash: 35E0C276200210BFD710DFA4CC84EE77B68EF44320F10805DFA1D9B281C530E60087E0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                Download Yara Rule
                APIs
                • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 26ab9c0202089c6b17c0b58bcc9366cca8e040da6df79a54c307bc956d641c63
                • Instruction ID: 26fcfd75a77db23a5713dfd4120d0bcac176557a8c8416fb8daeeceb0208c26b
                • Opcode Fuzzy Hash: 26ab9c0202089c6b17c0b58bcc9366cca8e040da6df79a54c307bc956d641c63
                • Instruction Fuzzy Hash: E090027520111413D511619945087170049A7D02C5F91C422A441455CDD6968966B161
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 02f4586bfcef8239e2e631ebcd6bde9c196b191415d8f2f3bb52c246a185c668
                • Instruction ID: 54c3e9f11689d9b5b4e6c00dd5c4c2186d45c601d1bb261a10672703ed1f61cc
                • Opcode Fuzzy Hash: 02f4586bfcef8239e2e631ebcd6bde9c196b191415d8f2f3bb52c246a185c668
                • Instruction Fuzzy Hash: 5090027520111802D5807199440865A0045A7D1385F91C025A4015658DCA558A6D77E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 9f523b3f1632378b770b6cc5b2e681cc5029101f8ca457681fc54a99a3b395af
                • Instruction ID: f3e0a75b0fe2fc37b9a25328b5a05568447942314dac6cfcaf2810d4dae0d688
                • Opcode Fuzzy Hash: 9f523b3f1632378b770b6cc5b2e681cc5029101f8ca457681fc54a99a3b395af
                • Instruction Fuzzy Hash: 8F90027520119802D5106199840875A0045A7D0385F55C421A841465CDC6D588A57161
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004088A0, Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004184B2, Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                Download Yara Rule
                APIs
                • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: e5f8a988d7cd89ffb75cea3f88c3f0f8b7b89ac006002588264c5d77a68c2b84
                • Instruction ID: d41a9c7de6d04d4043a693d86243ebe6a10a010fef5121193527e206ca55f3cb
                • Opcode Fuzzy Hash: e5f8a988d7cd89ffb75cea3f88c3f0f8b7b89ac006002588264c5d77a68c2b84
                • Instruction Fuzzy Hash: DBE092712402046BD714DFA5DC44ED73799EF88350F148149FD0C9B351D531E911CAF0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                Download Yara Rule
                APIs
                • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                Download Yara Rule
                APIs
                • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                Memory Dump Source
                • Source File: 00000002.00000002.224039712.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 1fce25c70f2118332cf4e0821aa24b5ce52709c7b69f22c39e158dea3cd0a445
                • Instruction ID: 99800679f90339b0a6bb96363fc95cacbb0914aced7fb2ad4cb6516200a71e9e
                • Opcode Fuzzy Hash: 1fce25c70f2118332cf4e0821aa24b5ce52709c7b69f22c39e158dea3cd0a445
                • Instruction Fuzzy Hash: A9B09B729015D5C5DA11D7B4560C727794077D0759F16C061D1020645B4778C495F7B5
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Function 0144B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                Download Yara Rule
                Strings
                • *** then kb to get the faulting stack, xrefs: 0144B51C
                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0144B314
                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0144B484
                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0144B2DC
                • *** Inpage error in %ws:%s, xrefs: 0144B418
                • The instruction at %p tried to %s , xrefs: 0144B4B6
                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0144B2F3
                • *** An Access Violation occurred in %ws:%s, xrefs: 0144B48F
                • The critical section is owned by thread %p., xrefs: 0144B3B9
                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0144B39B
                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0144B38F
                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0144B476
                • *** enter .cxr %p for the context, xrefs: 0144B50D
                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0144B305
                • The instruction at %p referenced memory at %p., xrefs: 0144B432
                • The resource is owned shared by %d threads, xrefs: 0144B37E
                • Go determine why that thread has not released the critical section., xrefs: 0144B3C5
                • read from, xrefs: 0144B4AD, 0144B4B2
                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0144B3D6
                • an invalid address, %p, xrefs: 0144B4CF
                • write to, xrefs: 0144B4A6
                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0144B53F
                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0144B323
                • *** Resource timeout (%p) in %ws:%s, xrefs: 0144B352
                • This failed because of error %Ix., xrefs: 0144B446
                • <unknown>, xrefs: 0144B27E, 0144B2D1, 0144B350, 0144B399, 0144B417, 0144B48E
                • *** enter .exr %p for the exception record, xrefs: 0144B4F1
                • The resource is owned exclusively by thread %p, xrefs: 0144B374
                • a NULL pointer, xrefs: 0144B4E0
                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0144B47D
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                • API String ID: 0-108210295
                • Opcode ID: 3d0e6fc4642e7fac6a71af7511ded5a7e0343f6a5c3f7f173c5ea327c2b1d4b9
                • Instruction ID: ab8e26460f285163f144ef9fee282f43679565889e45ad990bc66c68640e7e53
                • Opcode Fuzzy Hash: 3d0e6fc4642e7fac6a71af7511ded5a7e0343f6a5c3f7f173c5ea327c2b1d4b9
                • Instruction Fuzzy Hash: 2E813335A40220FFEB226B4BDC49EBB3B25EFA6A59F40405AF5045F372D671C442D6B2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01451C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                Download Yara Rule
                C-Code - Quality: 44%
                			E01451C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x13748a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0139B150();
				} else {
					E0139B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x148589c);
				E0139B150("Heap error detected at %p (heap handle %p)\n",  *0x14858a0);
				_t27 =  *0x1485898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01451E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0139B150();
				} else {
					E0139B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0139B150("Error code: %d - %s\n",  *0x1485898);
				_t113 =  *0x14858a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0139B150();
					} else {
						E0139B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0139B150("Parameter1: %p\n",  *0x14858a4);
				}
				_t115 =  *0x14858a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0139B150();
					} else {
						E0139B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0139B150("Parameter2: %p\n",  *0x14858a8);
				}
				_t117 =  *0x14858ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0139B150();
					} else {
						E0139B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0139B150("Parameter3: %p\n",  *0x14858ac);
				}
				_t119 =  *0x14858b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0139B150();
					} else {
						E0139B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x14858b4);
					E0139B150("Last known valid blocks: before - %p, after - %p\n",  *0x14858b0);
				} else {
					_t120 =  *0x14858b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0139B150();
				} else {
					E0139B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0139B150("Stack trace available at %p\n", 0x14858c0);
			}











                0x01451c10
                0x01451c16
                0x01451c1e
                0x01451c3d
                0x01451c3e
                0x01451c20
                0x01451c35
                0x01451c3a
                0x01451c44
                0x01451c55
                0x01451c5a
                0x01451c65
                0x01451c67
                0x00000000
                0x01451c6e
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x01451c67
                0x01451cdc
                0x01451ce5
                0x01451d04
                0x01451d05
                0x01451ce7
                0x01451cfc
                0x01451d01
                0x01451d0b
                0x01451d17
                0x01451d1f
                0x01451d25
                0x01451d30
                0x01451d4f
                0x01451d50
                0x01451d32
                0x01451d47
                0x01451d4c
                0x01451d61
                0x01451d67
                0x01451d68
                0x01451d6e
                0x01451d79
                0x01451d98
                0x01451d99
                0x01451d7b
                0x01451d90
                0x01451d95
                0x01451daa
                0x01451db0
                0x01451db1
                0x01451db7
                0x01451dc2
                0x01451de1
                0x01451de2
                0x01451dc4
                0x01451dd9
                0x01451dde
                0x01451df3
                0x01451df9
                0x01451dfa
                0x01451e00
                0x01451e0a
                0x01451e13
                0x01451e32
                0x01451e33
                0x01451e15
                0x01451e2a
                0x01451e2f
                0x01451e39
                0x01451e4a
                0x01451e02
                0x01451e02
                0x01451e08
                0x00000000
                0x00000000
                0x01451e08
                0x01451e5b
                0x01451e7a
                0x01451e7b
                0x01451e5d
                0x01451e72
                0x01451e77
                0x01451e95

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                • API String ID: 0-2897834094
                • Opcode ID: 70e2ac1da077a2bcb5f86d82b44b83e10ecef34bcc75a5b5964c84598f9abb96
                • Instruction ID: b08374e530410c0a172154f25cffa8f9fb3d8e4e68a7b28e977e517b00a3ac9a
                • Opcode Fuzzy Hash: 70e2ac1da077a2bcb5f86d82b44b83e10ecef34bcc75a5b5964c84598f9abb96
                • Instruction Fuzzy Hash: EB61E776521245EFD7A2B74DE485F29B3A4EB04D38B09803FF80D5F332D67598418B1A
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01454AEF, Relevance: 11.8, Strings: 9, Instructions: 529COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                • API String ID: 0-3591852110
                • Opcode ID: 4c90e0bf6dcccc1e556c1adb40fb0379c0e0959c13dd54ecd81ecc1c9c07482b
                • Instruction ID: 0b34098070d1cc4db1ed73a47202279e22e23c122e1f7822b7271cc9c61c0aa8
                • Opcode Fuzzy Hash: 4c90e0bf6dcccc1e556c1adb40fb0379c0e0959c13dd54ecd81ecc1c9c07482b
                • Instruction Fuzzy Hash: 9212EF70200642DFEB65DF2DC495BBBBBE1EF44714F18845AE8868B762E774E881CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01454496, Relevance: 10.4, Strings: 8, Instructions: 417COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                • API String ID: 0-1357697941
                • Opcode ID: bc0bf2c9d3d1d806aa69290a8f3b574fcc0001fad2203cd973e39a432d267747
                • Instruction ID: 0bfed5cc78269cd55ec7db2b606864c78fce2c44f07fb0bc6ace8ee3bc02cf40
                • Opcode Fuzzy Hash: bc0bf2c9d3d1d806aa69290a8f3b574fcc0001fad2203cd973e39a432d267747
                • Instruction Fuzzy Hash: 48F16570600646EFDB61DF6DC440BAAFBF5FF05708F08802AE9458B762E774A985CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BA309, Relevance: 8.2, Strings: 6, Instructions: 687COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-523794902
                • Opcode ID: 8ee2b870ccc848a4022ddc3a7bed48e3bae5994274a7b8aad5ecd6ec0f481d43
                • Instruction ID: 45b4206bc78f5452389c02f82ef386fc958e6726c7b68ef0b0c8c1f11255a80e
                • Opcode Fuzzy Hash: 8ee2b870ccc848a4022ddc3a7bed48e3bae5994274a7b8aad5ecd6ec0f481d43
                • Instruction Fuzzy Hash: 37421170208B419FD716CF29C484B6BBBE5FF84708F04496EE6868BBA2E774D941CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01452D82, Relevance: 7.7, Strings: 6, Instructions: 228COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                • API String ID: 0-1745908468
                • Opcode ID: 6fd40eaa1b79909f085b59747175e0b2fa393852529118d0754fd858becc7f48
                • Instruction ID: 55d110c3931e73fcfbfaa624ef59363bf361eb85d59bb4f40e863a400399f200
                • Opcode Fuzzy Hash: 6fd40eaa1b79909f085b59747175e0b2fa393852529118d0754fd858becc7f48
                • Instruction Fuzzy Hash: 13911071600741DFDB62DFA8D450AAEBBF2BF59B14F18801EE9465B362C7729842DB00
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013A3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                Download Yara Rule
                Strings
                • WindowsExcludedProcs, xrefs: 013A3D6F
                • Kernel-MUI-Language-SKU, xrefs: 013A3F70
                • Kernel-MUI-Language-Disallowed, xrefs: 013A3E97
                • Kernel-MUI-Language-Allowed, xrefs: 013A3DC0
                • Kernel-MUI-Number-Allowed, xrefs: 013A3D8C
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                • API String ID: 0-258546922
                • Opcode ID: 445a1b86cf775bc5154d57e25b14652c36431feb68f8acb4329f3e918a15d79d
                • Instruction ID: 6f07ea9fd91c028abbc70d1003612cbe7f24ccb8f3ab2e4f741e7393551056be
                • Opcode Fuzzy Hash: 445a1b86cf775bc5154d57e25b14652c36431feb68f8acb4329f3e918a15d79d
                • Instruction Fuzzy Hash: 39F16C76D00219EFCB15DF98C980AEEBBBDFF48758F15006AE605A7650E774AE01CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013940E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                • API String ID: 0-188067316
                • Opcode ID: 8d1e53d125d7e8eef8a258bdb0f5a6af3eca32150af9ea500c1f949a7406ba14
                • Instruction ID: 46f35fa887ca4cfa551d5606fb8e6194acd387ac7ad72aaff2e9122bcb7d05ee
                • Opcode Fuzzy Hash: 8d1e53d125d7e8eef8a258bdb0f5a6af3eca32150af9ea500c1f949a7406ba14
                • Instruction Fuzzy Hash: 38014C72104641DEF739976EF41EFA6B7A8DB02F3CF19406DF1045B752CAE89440CA20
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BA830, Relevance: 5.4, Strings: 4, Instructions: 350COMMON
                Download Yara Rule
                Strings
                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01402403
                • HEAP[%wZ]: , xrefs: 014022D7, 014023E7
                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 014022F3
                • HEAP: , xrefs: 014022E6, 014023F6
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                • API String ID: 0-1657114761
                • Opcode ID: 08a05a1a2418cf49012a9aae925ad5a49fda4f33f2f9017bead0bb4869ea7b32
                • Instruction ID: ba3f9c9e5911a4417b6e51a1afda4b75443967539342cc26ad9e3fe5f57e0182
                • Opcode Fuzzy Hash: 08a05a1a2418cf49012a9aae925ad5a49fda4f33f2f9017bead0bb4869ea7b32
                • Instruction Fuzzy Hash: 58D1C274A00A099FEB19CF6DC490BBABBF1FF44308F148569DA5697B81E334E841CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                • API String ID: 2994545307-2586055223
                • Opcode ID: fd728b07f6c5c085983d54da16100043504bc22c28c33933758e7e29c0e9b456
                • Instruction ID: 338558cf7c2cbdcd6f6ee3915b7e6c016f459475b11093580dba44355eb03d1e
                • Opcode Fuzzy Hash: fd728b07f6c5c085983d54da16100043504bc22c28c33933758e7e29c0e9b456
                • Instruction Fuzzy Hash: EF5106322046819FE712EB6DC884FA777E8EF80B58F040469FA518B7E2E775E801C761
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014549A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                • API String ID: 2994545307-336120773
                • Opcode ID: e53b7762fc1736f15826800c832e7aae7e932efa17c123b47bab03d39775a38d
                • Instruction ID: 8ea274f45110b4985e8dfc70b8f490d8c59a69456630be4f59cf3aab6ed56309
                • Opcode Fuzzy Hash: e53b7762fc1736f15826800c832e7aae7e932efa17c123b47bab03d39775a38d
                • Instruction Fuzzy Hash: 3E311872100105EFEBA1DB9DD885F67B7A8EF05A28F184056F9059F3A2F670ED80CB54
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01453518, Relevance: 5.1, Strings: 4, Instructions: 55COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                • API String ID: 0-4256168463
                • Opcode ID: 4359a3162534f4bcaf9654afa8955ae20b831ce7afabb50751d7fef141f6dd3b
                • Instruction ID: a7ef47d1daa0bf58fb61f88d0d90b151d03c14f5ef9c2cc89d7c936ba30016cf
                • Opcode Fuzzy Hash: 4359a3162534f4bcaf9654afa8955ae20b831ce7afabb50751d7fef141f6dd3b
                • Instruction Fuzzy Hash: 6E014936110608DFDBA1EF6D8444FA7B7E8FF41BA8F04845AEC069B362DA74E840CA50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013B99BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-3178619729
                • Opcode ID: 94bf0069ef591554bb14e1977dbb38bf81cb10cdc80dbc533bcb27fe1f035b4b
                • Instruction ID: c7c61c4375179ba5b49743ae8e31436b7b84de09494764001b36b105adeb2fd8
                • Opcode Fuzzy Hash: 94bf0069ef591554bb14e1977dbb38bf81cb10cdc80dbc533bcb27fe1f035b4b
                • Instruction Fuzzy Hash: C12238706002469FEB26CF2EC884B7ABBF5EF44B08F14856ED5468B7A1E735D941CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BB477, Relevance: 4.2, Strings: 3, Instructions: 405COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 934ffd96e614c4a33615a343c8c824d8046a6d956a65fdd3d4fb24c65fe60667
                • Instruction ID: 7445ae237bf636e81bb90d46f981140b96dcca16cb4384fa7f33d34acdbec8b3
                • Opcode Fuzzy Hash: 934ffd96e614c4a33615a343c8c824d8046a6d956a65fdd3d4fb24c65fe60667
                • Instruction Fuzzy Hash: EFE19D70700209DFDB1ACF69C894FAABBB5FF44308F14416AE5029B7A5EB74E981CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01392FB0, Relevance: 4.0, Strings: 3, Instructions: 262COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-3610490719
                • Opcode ID: 26d1fdda05797fe25ababa30fc80cee039bd4f14fbfa4102c36d066a3ed942ac
                • Instruction ID: 0944a20507e2cea0b460508f22cb0926b4f868091a0bc4494348c2e5964e74bb
                • Opcode Fuzzy Hash: 26d1fdda05797fe25ababa30fc80cee039bd4f14fbfa4102c36d066a3ed942ac
                • Instruction Fuzzy Hash: C49114B1704712DBDB26EB38C888B6ABBE9FF84648F044459E9428B791DB74D844C792
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01398239, Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: f69d19969d11a2717e7473e93563cefe93d52baaf5e985eefb97c86f3564439a
                • Instruction ID: d1ad723eece005516a473d418673e70f804457395639b8d44cdcab2425c8e992
                • Opcode Fuzzy Hash: f69d19969d11a2717e7473e93563cefe93d52baaf5e985eefb97c86f3564439a
                • Instruction Fuzzy Hash: 90A140719116299BDF31DF58CC88BAAB7B8FF44718F1001EAEA09A7250D7359E84CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CAC7B, Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                Download Yara Rule
                Strings
                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0140A0CD
                • HEAP[%wZ]: , xrefs: 0140A0AD
                • HEAP: , xrefs: 0140A0BA
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                • API String ID: 0-1340214556
                • Opcode ID: 6d2ef4cca8f4aec094d2364c3865f860933124cdb1b1864c9aa4730bc100b05b
                • Instruction ID: 1a8547f1802737d67e9b2788d804fc8484d808774e9489cdf581c72095f672fa
                • Opcode Fuzzy Hash: 6d2ef4cca8f4aec094d2364c3865f860933124cdb1b1864c9aa4730bc100b05b
                • Instruction Fuzzy Hash: F781D671204649EFE726CB6DC894BAABBF8FF05B18F1441A9E541877A2E774ED40CB10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BB73D, Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-1334570610
                • Opcode ID: 5176b93e4fa77b0033e2a211ddcf6b01ed5cdd4977975dde74f40a10fee75152
                • Instruction ID: 630dddf9cc1c6fb4f017b9cd7dfbb1a0ab45695a162017429b63a26391d84804
                • Opcode Fuzzy Hash: 5176b93e4fa77b0033e2a211ddcf6b01ed5cdd4977975dde74f40a10fee75152
                • Instruction Fuzzy Hash: 4861E570600245DFDB29DF29C485BAAFBE5FF04308F14856EE949CBA95EB70E841CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014423E3, Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                Download Yara Rule
                Strings
                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0144256F
                • HEAP[%wZ]: , xrefs: 0144254F
                • HEAP: , xrefs: 0144255C
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                • API String ID: 0-3815128232
                • Opcode ID: e1daa0e288b66954b905109cfa56078f9ddd36be4e1f559d9f4af7a0da5bfd76
                • Instruction ID: 066cd711f180cfbc23358b461d04b3e84e8b5042086433596cc356d4b18a79e0
                • Opcode Fuzzy Hash: e1daa0e288b66954b905109cfa56078f9ddd36be4e1f559d9f4af7a0da5bfd76
                • Instruction Fuzzy Hash: B05103341002608BF774DA2EE854F72BBF1EB44645F55486BF8C28B3A5D6B9D843DB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BEB9A, Relevance: 3.9, Strings: 3, Instructions: 156COMMON
                Download Yara Rule
                Strings
                • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 014042BA
                • HEAP[%wZ]: , xrefs: 014042A2
                • HEAP: , xrefs: 014042AF
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                • API String ID: 0-1596344177
                • Opcode ID: b7bf06cbed1bacc9edec22896a76f18a3c6e6ce5a81c59c9b8422130c0e8a602
                • Instruction ID: 13c0c2498a4cf62895d82c983a0636e25b95f7dc16416a152cdbbe3248d27fb1
                • Opcode Fuzzy Hash: b7bf06cbed1bacc9edec22896a76f18a3c6e6ce5a81c59c9b8422130c0e8a602
                • Instruction Fuzzy Hash: A851FF71A00519DFDB14DF5DC484AEABBB5FF84308F1981A9DA059BB52E730EC42CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BB8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: ef61d19adcf88f45153acb4c20c9cf1c017634536efb924c45e22b6f64a0ede9
                • Instruction ID: 490f491ad1b41362511631f0ed85436840bf6a48352ab3b23244f1a56fd7e7ad
                • Opcode Fuzzy Hash: ef61d19adcf88f45153acb4c20c9cf1c017634536efb924c45e22b6f64a0ede9
                • Instruction Fuzzy Hash: C211D6713145029FEB29D71AC4D4FB9F7A5EF40A28F14842EE646CBB99EE70D840C751
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CFAB0, Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                Download Yara Rule
                Strings
                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0140BE0F
                • H2, xrefs: 013CFAF1
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!$H2
                • API String ID: 0-2315515531
                • Opcode ID: e18b2c68006e4b2978942e8322e56e777a14b9d13fd16c7f15dffd220045af81
                • Instruction ID: 135698a654c44ab7abb47bc368193c561104294f2c67d037b7a5b3ceb83fd7fe
                • Opcode Fuzzy Hash: e18b2c68006e4b2978942e8322e56e777a14b9d13fd16c7f15dffd220045af81
                • Instruction Fuzzy Hash: 96A1F675B006068BEB26DB6DC45077AB7AAEF44B28F04857ED906CB7A0DB30DC01CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                • Instruction ID: 99ba30aa761c043b668c22673f1ea1a7c428f57aa3204f57692992764ce26816
                • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                • Instruction Fuzzy Hash: A591A4712043429FE764CE29C840B17FBE5BF84714F14892EFA99D72A1E774EA04CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01396F60, Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: @$TargetPath
                • API String ID: 0-4164548946
                • Opcode ID: 1ea9a38ce39c01a8cfe5d277cdfe15efcffe4459152c2f0ee436be4ca8270eb1
                • Instruction ID: be955f0740eb0546185da58d864fb1f58bf249d2e0cde0cfe68e3489216c6fa4
                • Opcode Fuzzy Hash: 1ea9a38ce39c01a8cfe5d277cdfe15efcffe4459152c2f0ee436be4ca8270eb1
                • Instruction Fuzzy Hash: FE81CE76904316EFDB21DF28C880AABBBA8FB8471CF05452DEA4597250E735DC45CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014151BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: 10cda29f817c760f2e7c5cbbf7734dd3f728f12324db7912adc85d151c3e07e4
                • Instruction ID: 065f52e4397c633fd20d374b9c704917cc9a83a93c28d7beb2d1521445b263e5
                • Opcode Fuzzy Hash: 10cda29f817c760f2e7c5cbbf7734dd3f728f12324db7912adc85d151c3e07e4
                • Instruction Fuzzy Hash: D1516072E006199FDB24DFA8C940BEEBBF4FF89704F14442EE649EB265D6719901CB10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01394439, Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: 0$Flst
                • API String ID: 0-758220159
                • Opcode ID: 06fb4f1e15721d4279b89b1551c0f5aafbe69ba33001838b1219f729ce4f69ed
                • Instruction ID: 40b37d938a3aa458b12cca8c8bcabd6cd1e5c2917e4094de25df160b2f558dec
                • Opcode Fuzzy Hash: 06fb4f1e15721d4279b89b1551c0f5aafbe69ba33001838b1219f729ce4f69ed
                • Instruction Fuzzy Hash: 76416BB1A00648CFDF25CF99DA847ADFBF5EF84318F14802ED14AAB645D7719946CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CD4B0, Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                Download Yara Rule
                Strings
                • RtlpInitializeAssemblyStorageMap, xrefs: 0140B0B2
                • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 0140B0B7
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                • API String ID: 0-2653619699
                • Opcode ID: 39fbdbb98d01bc4dd287128f9d004d853d40be9aff65bb3e339886579ab6d8a8
                • Instruction ID: a5631829159fffbd58ec4deb5643d20ec4b69620146209d2449013f3489d77ba
                • Opcode Fuzzy Hash: 39fbdbb98d01bc4dd287128f9d004d853d40be9aff65bb3e339886579ab6d8a8
                • Instruction Fuzzy Hash: 0611EB71B00204BBE715CA8D9D41FA7B6A9DB94B14F14803EBB04AB350EA71DD0083E4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0143EB8A, Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: 32f4e9757ea51b1de171a3577fcc5f9611edd4f24bba93d869719340c073e8c6
                • Instruction ID: 2db34f1175fa4666423f0319b39db640634c3245acf3748911ea340662e3ea66
                • Opcode Fuzzy Hash: 32f4e9757ea51b1de171a3577fcc5f9611edd4f24bba93d869719340c073e8c6
                • Instruction Fuzzy Hash: A532E1746056519BEB25CF2DC090377BBE1BF89300F08845BE9869F3A6D335E856CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013BB9A5
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID:
                • API String ID: 885266447-0
                • Opcode ID: a24a3e9c9dc4064f199b6c0ee7d4fee448ac7d1d2524b271a359a43110998ffc
                • Instruction ID: d3d9fd4dbbf5b180e77ffd643a1a836e8836faad1b983317d3bb14f48e999ae1
                • Opcode Fuzzy Hash: a24a3e9c9dc4064f199b6c0ee7d4fee448ac7d1d2524b271a359a43110998ffc
                • Instruction Fuzzy Hash: F2516E71A08305CFD721CF2DC4C092AFBE9FB88648F54496EE68597759EB70E844CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C65A0, Relevance: 1.6, Strings: 1, Instructions: 368COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: GL[w
                • API String ID: 0-3374951228
                • Opcode ID: 704a62e22c3cb71eba57cc471f4ddf3b2a745747b01887e5faa2c09cc7cbf8ad
                • Instruction ID: 45217b1d16344a66746b4beb9aad88ca200ab59c4d21b1eeb2c964e09de20b8d
                • Opcode Fuzzy Hash: 704a62e22c3cb71eba57cc471f4ddf3b2a745747b01887e5faa2c09cc7cbf8ad
                • Instruction Fuzzy Hash: 55E180B6A00205CFCB18CF59C881AAEBBB1FF88714F14816DE955AB395D734ED41CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: PATH
                • API String ID: 0-1036084923
                • Opcode ID: 3b536e14223d71c3e8c0a8b334782b7b535bac63869a216ab1a5b0ea0085195f
                • Instruction ID: d2b9aa16ddf31b4b6c5a3264eeece41ebdc2e4d7211d0bc9cb49b8957b12c316
                • Opcode Fuzzy Hash: 3b536e14223d71c3e8c0a8b334782b7b535bac63869a216ab1a5b0ea0085195f
                • Instruction Fuzzy Hash: 54C18E71D00219DBDB25DFADD880BAEBBB5FF48B18F44402DE901AB261E774AD51CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01392D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: RTL: Re-Waiting
                • API String ID: 0-316354757
                • Opcode ID: d03f5c23ccc09ac6e0621461980c485a4588fc1ad789efe5835bb20cbeed70b2
                • Instruction ID: 1849eb9be32593e20e09c81f1251f3a3a0a83f81648220e3ab14173b67a4e414
                • Opcode Fuzzy Hash: d03f5c23ccc09ac6e0621461980c485a4588fc1ad789efe5835bb20cbeed70b2
                • Instruction Fuzzy Hash: A5613571A00B15ABEB32DF6CC888B7E7BE9EB4071CF14066AE5159B6D1C7749D408B81
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01425F5F, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: f01aa9c5d7505036a5332c028e8c9018f26f72483e3ba049823e414153cadd42
                • Instruction ID: 458e153012e57214909abef6456c1139920eb1fb230507384c91af9b05686179
                • Opcode Fuzzy Hash: f01aa9c5d7505036a5332c028e8c9018f26f72483e3ba049823e414153cadd42
                • Instruction Fuzzy Hash: FC51CDB2504356AFD721DF18C880F6BBBE8FB84714F41052EFA80972A1E7B4E944CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                • Instruction ID: 0555f6e6a15bbce092bd58d131b9524f83d70d25820b7ded6b2ccf9d51d0e1b5
                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                • Instruction Fuzzy Hash: 5C517C755047119FC321DF19C841A67BBF9FF88B14F00892EFA95876A0E774E944CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01413540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 205b8fe8edefe288e649995a2ec4ab2c854d5404b49d9b9d99a779aab6aa71d8
                • Instruction ID: 7cda0637add4d0f615538bbf371178f0a84c9b17bb7f48d52d79a530128d953c
                • Opcode Fuzzy Hash: 205b8fe8edefe288e649995a2ec4ab2c854d5404b49d9b9d99a779aab6aa71d8
                • Instruction Fuzzy Hash: 0E4146F2D0052D9BDB21DE54DC80FDEB77CAB54728F0045A6EA09A7254DB309E89CF94
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014605AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: `
                • API String ID: 0-2679148245
                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                • Instruction ID: 9f7406a9ab3ecca43719f5f4ea1d9c74cbb45c3db14578d305cf2de93bc5fd23
                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                • Instruction Fuzzy Hash: 9431E2326003066BE710DE29CD84F977B9DABD4758F14422AFA589B2E0D770ED04CBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C4020, Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 013C40E8
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                • API String ID: 0-996340685
                • Opcode ID: 737ad518f1f50a7fc131b0bdf367ae2e96c3ffc27d273b7d357e38d60c355826
                • Instruction ID: b2cdf987179778cbd4a480faa750e468ed57e8fa46c4e32709061b05285eb134
                • Opcode Fuzzy Hash: 737ad518f1f50a7fc131b0bdf367ae2e96c3ffc27d273b7d357e38d60c355826
                • Instruction Fuzzy Hash: 85418075A0074A9AD725DFB8C4506EBF7F8EF59708F00482ED6AAC3640E330A944CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01413884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: 3aff6467fe0653e23dfd59fa4abb1bb352661ff6a3bedd2168a39150ce5627d3
                • Instruction ID: 9548fa5234dd2a373455d9d79dbd057fc8fe888839075b7e57e6a59679bcdea1
                • Opcode Fuzzy Hash: 3aff6467fe0653e23dfd59fa4abb1bb352661ff6a3bedd2168a39150ce5627d3
                • Instruction Fuzzy Hash: 8331DF72D0051AAFEB15DE5CC945EBBBBB5FB80B34F01416AEA15A73A4D7309E04C7A0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: 848be4a040145e59c08fa1503c17586a9f0901c17081b70492cb7ab8b3b12480
                • Instruction ID: 1ff7dda3e6035e026a4240c5c2bee589b826cbd2c4539f7938fd243d651293f1
                • Opcode Fuzzy Hash: 848be4a040145e59c08fa1503c17586a9f0901c17081b70492cb7ab8b3b12480
                • Instruction Fuzzy Hash: 6B3191B25083459FC311DF6CD980AABBBE8EB95A58F00093EF99583651E634DD05CBD2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013A1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: WindowsExcludedProcs
                • API String ID: 0-3583428290
                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                • Instruction ID: e2cee94e89ab92f1adf60fffd9f2ccf72b74909df1cf8b4887db8d424bdb30e1
                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                • Instruction Fuzzy Hash: 1121D77B901229ABDF229A5DC980FABBBADEF51A58F454425FE049B610D630DD00D7A0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: Actx
                • API String ID: 0-89312691
                • Opcode ID: 2e9539c9ea9fec1e5b6474fbc9f42f6f679dabb63e074e013227bfce1e08f559
                • Instruction ID: df7d11948e10f80fe3b01da20083ed3c624944fe13d84cf7ea4d5f11392b5607
                • Opcode Fuzzy Hash: 2e9539c9ea9fec1e5b6474fbc9f42f6f679dabb63e074e013227bfce1e08f559
                • Instruction Fuzzy Hash: A91193353046069BE7254E1D8CD27B6769DEB856ECF2465BAEB61CBF91F670C8408340
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01448DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                Download Yara Rule
                Strings
                • Critical error detected %lx, xrefs: 01448E21
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: Critical error detected %lx
                • API String ID: 0-802127002
                • Opcode ID: 1b801f0f5eb3cce378d05585d038abd99d9bef3f649b7c3f7f4cb215dcd98fcb
                • Instruction ID: e2ec596f0d3609ffd4509b7717b607b5115d54c4837ac98a4d691df441f81436
                • Opcode Fuzzy Hash: 1b801f0f5eb3cce378d05585d038abd99d9bef3f649b7c3f7f4cb215dcd98fcb
                • Instruction Fuzzy Hash: 6F115771D00349EBEB24DFE8850A7ADBBB0AB14724F20421ED528AB3A2C2344602CF14
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0142FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                Download Yara Rule
                Strings
                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0142FF60
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                • API String ID: 0-1911121157
                • Opcode ID: 145f9f8c5fb473c672216753889946a2197f62dd9f0100246da4e07da5b8eae2
                • Instruction ID: cdde64c4a06ecd72885538b8dbd0710b9f07545db023d900511953da67637303
                • Opcode Fuzzy Hash: 145f9f8c5fb473c672216753889946a2197f62dd9f0100246da4e07da5b8eae2
                • Instruction Fuzzy Hash: F5110471910254EFEB22EF58C948F9D7BB1FF08708F95805AE5045B2B1C7389984CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01465BA5, Relevance: .6, Instructions: 592COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 726e07f2801a72f879b55aa3597abb30ee71abe6075f128d2410f641ddca8b3b
                • Instruction ID: de8c9f33685b0767ece7e21a1df5a7410a69f03606aebf7db3422b032abc51fc
                • Opcode Fuzzy Hash: 726e07f2801a72f879b55aa3597abb30ee71abe6075f128d2410f641ddca8b3b
                • Instruction Fuzzy Hash: E7425B71A00229CFDB24CF68C880BAABBB5FF45308F1581AAD94DEB352D7349985CF51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013B4120, Relevance: .4, Instructions: 444COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6952f3a69f7afaa1da33b088e31bafe450bb2ae70417e410555fe01336a7cc50
                • Instruction ID: 69a6f7657a7638b65afb6ba2d094c77a4492f93dbf49cf9a7a5c7c2a86e3496c
                • Opcode Fuzzy Hash: 6952f3a69f7afaa1da33b088e31bafe450bb2ae70417e410555fe01336a7cc50
                • Instruction Fuzzy Hash: 21F18D746082118FD724CF19C480ABAB7E5FF88718F05492EF686CBA62F734D991CB56
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C20A0, Relevance: .4, Instructions: 420COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 746546bd068926cd7d3581418a6d81e53a80d26dd77d408ebf03d9d0a6f0ff73
                • Instruction ID: 849ca1a9cf2dfee3251f11a8c3f6b4ba0cd80db1dfe80fe17f08146b8e1c5af9
                • Opcode Fuzzy Hash: 746546bd068926cd7d3581418a6d81e53a80d26dd77d408ebf03d9d0a6f0ff73
                • Instruction Fuzzy Hash: 76F1E4316083419FD726DB2DC84076B7BE6EF85B28F04852EE9999B3A1D734DC41CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01396800, Relevance: .4, Instructions: 373COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c2c614245835ffd37571cb16ac2ba28bb2af8c7cf336cc97551727bae0db529
                • Instruction ID: 4a50ec41aa28685c5285cf59ac0a7e3ddee35aa6d95e1d33ea53c17bc7a9e004
                • Opcode Fuzzy Hash: 0c2c614245835ffd37571cb16ac2ba28bb2af8c7cf336cc97551727bae0db529
                • Instruction Fuzzy Hash: 26D1B2B1A0120ADBDF14DF69C892ABEBBB4EF05318F04412DEA16DB690F734D945CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013AD5E0, Relevance: .4, Instructions: 353COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d2a1487679a9e44d9fcfdedf4582b802227c8f773544520c82b5447c6fdbb187
                • Instruction ID: 0f45a40e5f843326495b1127c6c15091d1a0c4d9feee09a0d569de5e0abf1f70
                • Opcode Fuzzy Hash: d2a1487679a9e44d9fcfdedf4582b802227c8f773544520c82b5447c6fdbb187
                • Instruction Fuzzy Hash: B0E1C270A0025A8FEB35CF5CC984B6DBBB6FF4531CF8401ADDA096BAA5D7309981CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01393ACA, Relevance: .3, Instructions: 348COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bda01ddac0a0e005fa40e118b832071ea8fd2cd547ce2994b8a60804085b4d22
                • Instruction ID: 684120756bca90231ec6bee4893bbda04318f9ba6359c2a6b6ef9fd118f15219
                • Opcode Fuzzy Hash: bda01ddac0a0e005fa40e118b832071ea8fd2cd547ce2994b8a60804085b4d22
                • Instruction Fuzzy Hash: E3E1DDB1E01648DFCF25CFA9C984AAEBBF6FF48318F14452AE546A7661D731A841CF10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BB236, Relevance: .3, Instructions: 305COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                • Instruction ID: 648551e4676a89bc1bc64baab228e2bc020a81f0708240943bcdcfdc5f14b09e
                • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                • Instruction Fuzzy Hash: EAB1C53570060A9FDB15CB6AC8D4BBEBBB9AF84208F14016AE641D7B95EB74DA01C750
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013A849B, Relevance: .3, Instructions: 290COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 432941ac5eedcf1112219a6ce94f2ab70102e1cf3421517bb862c8cb6795c9c4
                • Instruction ID: a5f40eb8a29df0e835dc78e72d42626a3c8123aae68b35bbf8e27ba6ecb82644
                • Opcode Fuzzy Hash: 432941ac5eedcf1112219a6ce94f2ab70102e1cf3421517bb862c8cb6795c9c4
                • Instruction Fuzzy Hash: 51B18B70E0020ADFDB25DFA8C980AADBBB9FF4830DF50416EE605AB655D770AC45CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C513A, Relevance: .3, Instructions: 258COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5daa9ba97314c8789691d521b5c71faf2bf94596bb2c5962c196d7adb2603278
                • Instruction ID: cd5cc039e102a1394bd1633897ec6fc4ac055414ce029af9f66b9c2962611b5d
                • Opcode Fuzzy Hash: 5daa9ba97314c8789691d521b5c71faf2bf94596bb2c5962c196d7adb2603278
                • Instruction Fuzzy Hash: DBC135756083818FD355CF29C480A5AFBF1BF88718F14496EF99A8B3A2D770E845CB42
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C03E2, Relevance: .3, Instructions: 254COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29aa9a6b6078d9cd1c309636f92e3c7bd97e44c0a87a4b592ce021a18ad17f56
                • Instruction ID: aacd07151ca26726d4010d52d5703964370d876a821e786fe5ef837357190a25
                • Opcode Fuzzy Hash: 29aa9a6b6078d9cd1c309636f92e3c7bd97e44c0a87a4b592ce021a18ad17f56
                • Instruction Fuzzy Hash: 5C911D35E04255DFEB369B6DC844BAEBBA4AF11B18F09027AFB10A72E1D7749D00C781
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CDA88, Relevance: .3, Instructions: 253COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ac596226932ed42932ff7128f4484a57ca6b3a313029f0483ed8fc2131e0d10
                • Instruction ID: 5607938dc7c3fd606935d8231dd1f8f08921501888808ac375667995159b9c8b
                • Opcode Fuzzy Hash: 9ac596226932ed42932ff7128f4484a57ca6b3a313029f0483ed8fc2131e0d10
                • Instruction Fuzzy Hash: 54A18C74A04205CFDF65DF9CC4807A9BBE0BF88748F24856EE9119B6A6D771DC82CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01395AC0, Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a37350ab8f77b1637d92a551daedd095a0e9f0cf4f1f14624f58fb5995e281b2
                • Instruction ID: 3d70148bb525047c902bbdcce3515b76ab4e2b585774212bd9f5323c4ccd847a
                • Opcode Fuzzy Hash: a37350ab8f77b1637d92a551daedd095a0e9f0cf4f1f14624f58fb5995e281b2
                • Instruction Fuzzy Hash: 7281B3B5A0021D9BDF358A6CDD40BEA77B8EB44318F0441AEDB15E3281EB74DAC58B94
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C138B, Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                • Instruction ID: 8b3776a0afe4c2083384c33d58f8aee3ffc11409880b810c033eabb0cc359ba2
                • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                • Instruction Fuzzy Hash: 4A818975A00645EFCB25CF69C480AAABBF5EF58314F14856EE946C7792D330EA41CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01416DC9, Relevance: .2, Instructions: 199COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                • Instruction ID: a7c08df23cd67e2902c81d2fd6d16e812fae76b1555b498de12496a334f3b979
                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                • Instruction Fuzzy Hash: BD718071E00219EFDB10DFA9C984AEEBBB9FF58714F10416AE605E7650E734EA41CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013AF370, Relevance: .2, Instructions: 194COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30cad4a5df39602551bff327167d0083fac1db0550aa057a11f254ba4178a18d
                • Instruction ID: 679a8fa3d72f382584cec29caf959544567aa9805f808ff71403d1af22eae8ec
                • Opcode Fuzzy Hash: 30cad4a5df39602551bff327167d0083fac1db0550aa057a11f254ba4178a18d
                • Instruction Fuzzy Hash: 8C610E32A042158BCB29CF5CC4803BEBBB9EF85708B9981A9E945EF345DA34D942C790
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139395E, Relevance: .2, Instructions: 172COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29994b0cec578e8ce812f70663ec2d2960f9644ec4c3d705299e4fae630eab03
                • Instruction ID: 2c111261a215dd9638585c65c27e6bb386efcbaf3d20c439ac6fa6bdf6303cd9
                • Opcode Fuzzy Hash: 29994b0cec578e8ce812f70663ec2d2960f9644ec4c3d705299e4fae630eab03
                • Instruction Fuzzy Hash: 0A518EB1A007469FEB24DFADC884A6AB7AAFF5431DF10492DE14687A51D778E844CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139B171, Relevance: .2, Instructions: 166COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b8c6626a8da6cea2bf9c96888119d0fd081986fa51d0550a12de323f0360a48
                • Instruction ID: e4d036fe16083284467a276dab42f24487c7fce139c98a9ad6444d5ab0440b93
                • Opcode Fuzzy Hash: 9b8c6626a8da6cea2bf9c96888119d0fd081986fa51d0550a12de323f0360a48
                • Instruction Fuzzy Hash: 1C51D171E002598EDF31CF68C845BAFBFF0AF00718F1141ADDA59AB286D7754945CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C95EC, Relevance: .2, Instructions: 165COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a51e8e02d61656fd3cbdbf89c9876fca6d2b92697c300a7167dbedea5a300418
                • Instruction ID: 92a1a8e86494308a611af5f4fed4f40baca39f10365226d7a3a7f5b2a30c8cfb
                • Opcode Fuzzy Hash: a51e8e02d61656fd3cbdbf89c9876fca6d2b92697c300a7167dbedea5a300418
                • Instruction Fuzzy Hash: 8051FF31A0060AEFDB16DF69C844BBEBBB4BF1472CF01412ED50A976E1DB349920CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145B581, Relevance: .2, Instructions: 163COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6b146d9366b76637094d32869cd4e95045d5cd63d073fa0443c82dad7fd9ee4
                • Instruction ID: a9793474bbaad9b6d0af22ab0919d9e4d74202b57f77ceb1a662232d393f39c9
                • Opcode Fuzzy Hash: d6b146d9366b76637094d32869cd4e95045d5cd63d073fa0443c82dad7fd9ee4
                • Instruction Fuzzy Hash: BE51E4316047469BE395DF29C590B67BBE6FF50318F18046EED458B3A2EB30D806C792
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013952A5, Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41bc154f77c5ed4b5ea3e9041ccd5fbd5eb8bfa3ace5debc7fd47cba8d26e0e5
                • Instruction ID: 47f7414eeb6d54cbd4df913cfc0b30f5fbc029091f6a689d235b6bbbf4171f86
                • Opcode Fuzzy Hash: 41bc154f77c5ed4b5ea3e9041ccd5fbd5eb8bfa3ace5debc7fd47cba8d26e0e5
                • Instruction Fuzzy Hash: D9510031145742ABD722EF6CC841B2BBBE5FF64718F10092EF59587662E770E884C792
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C2AE4, Relevance: .2, Instructions: 159COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8332463847d427b1bf7c055feae69cd0b7402f965b446d1879cce845ae08bbe2
                • Instruction ID: 9529a6ea134ba2436910901abbe75714820e7a41acacab37037f2aed973e8a0b
                • Opcode Fuzzy Hash: 8332463847d427b1bf7c055feae69cd0b7402f965b446d1879cce845ae08bbe2
                • Instruction Fuzzy Hash: A851C376A00115CFCB18DF1DC8849BEB7F5FB88B04716845EE8469B365D730AE51CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C3C3E, Relevance: .2, Instructions: 153COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a44bbace44c7150e623e7c8ccfabc42f7befb434f91ed03d6b7e27be1f90d546
                • Instruction ID: 24079162920150cb1cd5a344c32487f05dce2aa945af4465503fec0f228bfff1
                • Opcode Fuzzy Hash: a44bbace44c7150e623e7c8ccfabc42f7befb434f91ed03d6b7e27be1f90d546
                • Instruction Fuzzy Hash: FA517F71608342AFC701DF29D844A6BB7E8FF84628F14892EF899C7291D730DD05CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BDBE9, Relevance: .1, Instructions: 149COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4334d6ba8b15e7ebb165c02fcdcd456dd0b05bd9a177c52269688256820b093d
                • Instruction ID: 060809845a363781b7faf85511d596bbf971fdf972b90815e9ff0a2d265f92e6
                • Opcode Fuzzy Hash: 4334d6ba8b15e7ebb165c02fcdcd456dd0b05bd9a177c52269688256820b093d
                • Instruction Fuzzy Hash: CE519E71A00606CFCB15CFACC4D0AAEBBF5BF48318F20815AD699A7744EB30A944CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013AEF40, Relevance: .1, Instructions: 147COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                • Instruction ID: c71a9ca539c5f78b181763342695a133a5d81d2f02822282038a373d28328be7
                • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                • Instruction Fuzzy Hash: 26510030A04249EFEB25CB6CC0D07AEFBB9EF0531CF5981B8C55597282C376A989C791
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0146740D, Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                • Instruction ID: 44c77bd5949db69aab9f5addacc288ef20a3c67fbaacdf06d10b88630f27e67f
                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                • Instruction Fuzzy Hash: FD518E71600646EFDB16CF18C480A96BBB9FF4530DF15C1BAE9089F222E771E946CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D4D51, Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                • Instruction ID: 670fef5d6a6d248014d8a83e7b46233490161a8016bda17304eb22fd0d1b256c
                • Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                • Instruction Fuzzy Hash: C9517B36E00219DFCB15CF89D480AAEF7B5FF88714F2481AAD815A7791D730AE81CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C2990, Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f38f88eefbb1d2941f0697428da297b79313988d661d47c6a9045127b0139b4
                • Instruction ID: faf828aee82b4213d3ffcfc21b6a01eaf49f2e4c492e3f12ff92fa00c4a6dfdc
                • Opcode Fuzzy Hash: 9f38f88eefbb1d2941f0697428da297b79313988d661d47c6a9045127b0139b4
                • Instruction Fuzzy Hash: F251577590020ADFEF26DF59C880ADFBBB5BF08B58F048129E900AB260C7719D52CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01395050, Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0914aabe963b199d27f5aff031ff652d920bcd4ea7b6eea6dd9afc34feb06de6
                • Instruction ID: cb3556b230d7bc4c6bf8312a03c35f0fe0c93b486b9733b2d741ef7f5ad018c8
                • Opcode Fuzzy Hash: 0914aabe963b199d27f5aff031ff652d920bcd4ea7b6eea6dd9afc34feb06de6
                • Instruction Fuzzy Hash: BC4116766043029BCB25EF2CC890B6ABBA4EF54718F10092DFA569B791E730DC41C7D5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C4BAD, Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6db9354fbb7d5bfc7783e19cec866f7cf58746035dd8e26618fea9660f7e2c59
                • Instruction ID: cd1c03167a7f8c20a4726857568f153ba533b4e210e2f90689468e4a1635b59a
                • Opcode Fuzzy Hash: 6db9354fbb7d5bfc7783e19cec866f7cf58746035dd8e26618fea9660f7e2c59
                • Instruction Fuzzy Hash: 9E41B835A40219ABDF21DF68C940BEE77B8EF45B14F0140AAE909AB351D734DD44CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C4D3B, Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 023146494f80f9fb729a79034fed23ee216b84c0be743272006e85218a93946c
                • Instruction ID: 9595a257ddfbba2aeca33393e44e4589ea5c519d0a71a10668e0891df4ca263d
                • Opcode Fuzzy Hash: 023146494f80f9fb729a79034fed23ee216b84c0be743272006e85218a93946c
                • Instruction Fuzzy Hash: 8F410871A443189FEB32DF28DC90F6BB7A9EB45A18F0100AEE9499B681D770DD40CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BF86D, Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 80afa5a8e537d6e960079ee1a8515caf7aede3c244dbeb0f080c9399781cc03e
                • Instruction ID: d85b9089cd28628d5d0aa029081f8f793e2a63324ef2e813e630c7d6fab7a6ad
                • Opcode Fuzzy Hash: 80afa5a8e537d6e960079ee1a8515caf7aede3c244dbeb0f080c9399781cc03e
                • Instruction Fuzzy Hash: C3419571A00216EFEB229FADCC80BEEBBB9BF5471CF14151DD640E7651E77498408B51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01426365, Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                • Instruction ID: 6689348b390ddf2b1ddd83b77c013e67952ae2a50878b4af862c1181bc9a7ba5
                • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                • Instruction Fuzzy Hash: 9F41E136A00125EBDB259F6CC890BAF3B69EF44714F5A4079EE029B3A0D670DD42C7A4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01391AA0, Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                • Instruction ID: c9eebceb5a891b462b778eb507675d637c7751f40dd47c6c6627d9f7d5204b0c
                • Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                • Instruction Fuzzy Hash: 90413271A0060AEFDB24CF99C980AAEBBF9FF18724B10456DE556E7650E730EE44CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139649B, Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 518056be98a907d31a05e66acdd98e1a6e1aafb58269343e36528a46d9ddcebc
                • Instruction ID: f87a61ca5638c24b8ae3ecf8537ae4524b9203f001bead043a4c795ad1767812
                • Opcode Fuzzy Hash: 518056be98a907d31a05e66acdd98e1a6e1aafb58269343e36528a46d9ddcebc
                • Instruction Fuzzy Hash: 55417B72509346DED711DF68D841A6BB7E9EF84A58F40092EBA90D7250E730DE048BD3
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013A0100, Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 31f638bcba061919624dfb135c342616fe8e33da355164752b61509dfb89ac70
                • Instruction ID: a24be92a3ad7aa7f86f471181edc7203435344ddcc979cb005cb22129a938c4c
                • Opcode Fuzzy Hash: 31f638bcba061919624dfb135c342616fe8e33da355164752b61509dfb89ac70
                • Instruction Fuzzy Hash: 6641EE71944209CFCFA5DF68C9817EE7BB4FF5431CF450119E511AB2A2D334A981CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013A8A0A, Relevance: .1, Instructions: 120COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0de8c520371286709350be7ea5efe56c6e30e1110398ee712a844b9edb7c6d85
                • Instruction ID: d0646a96c9d1d97013912361fa6ae674a91e633c512e6b90856234cfb84910f1
                • Opcode Fuzzy Hash: 0de8c520371286709350be7ea5efe56c6e30e1110398ee712a844b9edb7c6d85
                • Instruction Fuzzy Hash: 6A41A1B1A0122C9BDB24DF19CC98BA9B7F8FB54309F5041E9D91997252E7709E80CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145AA16, Relevance: .1, Instructions: 120COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                • Instruction ID: edacdca997d69f25b437702bdbbf93c5dab0118d540a296edabd1f6f5be091b4
                • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                • Instruction Fuzzy Hash: 9D311332F001056BEB55CB69C845BBFFBABEF84210F25456BEE00A73A2DA709D00C690
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145FDE2, Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                • Instruction ID: 283abf65efaa65492f420cb9a2268a64bb7ade991c8f361887b5d27417fc2d7b
                • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                • Instruction Fuzzy Hash: 1A3179323006406FD3629B6CC854F6B7BE9EBD1A50F08405BEE468B763DA70DC06C362
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145EA55, Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                • Instruction ID: 60b3c104e15770756dbca1aede8734fa5a3f2634f250bf6a5e88a9f504b99092
                • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                • Instruction Fuzzy Hash: 2A31C332604706ABC759DF28C880A5BF7AAFBD0250F04492EF95697752DE30E909C7A1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013AB433, Relevance: .1, Instructions: 109COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                • Instruction ID: b641bd5e7aa876b434a8360a1daf0b7b0db815ca92883d25051b02535dacc618
                • Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                • Instruction Fuzzy Hash: 07416C32600249AFDB21CBACCC84FDAFBF8EF10348F0481A6E459A7752C6749944CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014169A6, Relevance: .1, Instructions: 108COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcfda74217011f24517e6703af3d3c930f52f4ab03ca8acaa5475583f86b8a84
                • Instruction ID: 5ff93450b5d99c2e46488f0372b1d36c0a2a56ad2a88cabee85f024b44873e97
                • Opcode Fuzzy Hash: fcfda74217011f24517e6703af3d3c930f52f4ab03ca8acaa5475583f86b8a84
                • Instruction Fuzzy Hash: 5C418EB2D00209AFDB24DFA9D840BFEBBF8EF48718F14812EE914A7250DB749905CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01395210, Relevance: .1, Instructions: 107COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b34792a55c2937f48da87d49a8869453212137bcb85bf71bfeffc7878dd467c
                • Instruction ID: dc323b3d2a0f8b8fcce77d42109fa82f55640778109fb4025f3b629af9282acb
                • Opcode Fuzzy Hash: 5b34792a55c2937f48da87d49a8869453212137bcb85bf71bfeffc7878dd467c
                • Instruction Fuzzy Hash: C7312832241605DBCB2AAB1CC991B7A776AFF1076CF11466EF6550B6E1EB30EC40C790
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D3D43, Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c894eb7929c8e077a2b6432c8162a1e2dc82fdf3941808bb056a14cbf9d7f90
                • Instruction ID: 005f681f63f10fa6b9950465fc8cc9c3648e72cbe4d17495bc7101e893c03bf2
                • Opcode Fuzzy Hash: 4c894eb7929c8e077a2b6432c8162a1e2dc82fdf3941808bb056a14cbf9d7f90
                • Instruction Fuzzy Hash: 1131EFB3A01215DBC7258F2EE841A6BBBE4FF44704B05807AE949DB7A0E634DC40CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BC182, Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                • Instruction ID: bb2ac7fc9b1258e8a2a8d5f8310f812495414b51568ac92d75c54fe18d0b0ed7
                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                • Instruction Fuzzy Hash: 77310971A0154BBFDB15EBB8C4C0BEAFB58BF52208F04815AD61C5B741EB346A4AC7E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01417016, Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39ad10f527a1bd41f9c8c3e1e1d98e7b1d2a063f36812b598b044e5ce05590d4
                • Instruction ID: 0680259c3a6b2bddd6eca156e4a6b4cb3cbfce0c617c10e8a607034de6595262
                • Opcode Fuzzy Hash: 39ad10f527a1bd41f9c8c3e1e1d98e7b1d2a063f36812b598b044e5ce05590d4
                • Instruction Fuzzy Hash: 7231A2726047519BC320DF2CC980A6BB7E5BF88700F054A2EF995977A4E730E904C7A6
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C53C5, Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df8604b92e40698406ab3b068be2baebee001d333ecbf68b4e3cba760bbe7030
                • Instruction ID: 0faca76b5e6fa38a446e7143fc345990a2474fdc10cdf4adb77215ee7889a951
                • Opcode Fuzzy Hash: df8604b92e40698406ab3b068be2baebee001d333ecbf68b4e3cba760bbe7030
                • Instruction Fuzzy Hash: 0F41F5707057458FDB22CBB884103AFBAF2AF21308F14452EC086AB391DB756D05C7A6
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01443D40, Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c3af973ed7c8645c0dbae2e4054098d0f0bf15970fa606d66b4cc1f29cf761d
                • Instruction ID: a71f466174de25909747eb8bf504fdab95a2f7f94301493c09411b60661ab5f0
                • Opcode Fuzzy Hash: 7c3af973ed7c8645c0dbae2e4054098d0f0bf15970fa606d66b4cc1f29cf761d
                • Instruction Fuzzy Hash: D6319C7150A312CFDB20EF18D88085ABBE1FF85A14F54896EE4988B361E730ED05CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01393880, Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3a995d8a6f3758fc459e8e56642739148cd0e43d52262b17fb91d2f69a9e40d
                • Instruction ID: 2153d4a073c3ac7b6d4823ffde5c0dff6f2289bb2270fec38ae542c5e0eaf6ba
                • Opcode Fuzzy Hash: e3a995d8a6f3758fc459e8e56642739148cd0e43d52262b17fb91d2f69a9e40d
                • Instruction Fuzzy Hash: 1931B072E0022AAFDB21DEADC880BAEBBF9FB04314F014525E915E7650D6709A058BD0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145A189, Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d4bc15867d035203d08ce836965b258ddf00ba926e145252d846be94458087a
                • Instruction ID: 574b4094efaa43b44ace79bec6e2607868c24e37a30ee9d2f7e4dd96242aadb4
                • Opcode Fuzzy Hash: 2d4bc15867d035203d08ce836965b258ddf00ba926e145252d846be94458087a
                • Instruction Fuzzy Hash: 2731F631A00216ABCB52AF99D841B6FBBB8EF54754F20016AF905DB362E770DD018790
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CA70E, Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b24b3619832ecb0adca494a0a395a2d844c03794222e85af62fa8d7470af5ed4
                • Instruction ID: 0a81dba1e761cb061c5bfab17d955ff9abd2bfc872cb59c44b7dc2e588939be8
                • Opcode Fuzzy Hash: b24b3619832ecb0adca494a0a395a2d844c03794222e85af62fa8d7470af5ed4
                • Instruction Fuzzy Hash: 3E31E4B1600209DFC721CF58D8A0F6E7BFAFB84B59F24095EE21587668E7709D01CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C61A0, Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a5b74fb0d662d10fde28a32b38fab426569ea77e46815b74c283d2e1080dea2
                • Instruction ID: 0d053d0001aa4c129f869408006eb328358a9fd7d29a4572576898ab92102712
                • Opcode Fuzzy Hash: 5a5b74fb0d662d10fde28a32b38fab426569ea77e46815b74c283d2e1080dea2
                • Instruction Fuzzy Hash: 37317EB16057018FE321DF1EC841B26BBE9FB98B14F05497EE999973A1D770E804CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139AA16, Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0bbf5a51859bfe2ccdc07ec9ff2aabf8618e5f69ebaefc39f394a4d0ac6d553c
                • Instruction ID: 8beb8de4c1277c7c157eb927435d633086119437ba5b002023a5816340bb58ef
                • Opcode Fuzzy Hash: 0bbf5a51859bfe2ccdc07ec9ff2aabf8618e5f69ebaefc39f394a4d0ac6d553c
                • Instruction Fuzzy Hash: 9D31D771A0011AABDF11AF68CD81ABFB7B9EF04708F05456DF905E7250EB789D11DBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D4A2C, Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97c27056ffacff106bf9dcdfd053e26e1909e95c977d69915a2bc98d1a42f4ec
                • Instruction ID: ab4693974b8a19aeb05dc382bfe597f01733ad032bdf6cb090cb1c3b3832a625
                • Opcode Fuzzy Hash: 97c27056ffacff106bf9dcdfd053e26e1909e95c977d69915a2bc98d1a42f4ec
                • Instruction Fuzzy Hash: D53134332053419FD732AF19D980B2ABBE8FF81718F40452EE9565BA51C770D804CB86
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01396730, Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 655fbac8f1fcc9fccf2bf7be62353649d6b78faf8743fa907c10e0f7c58f63a1
                • Instruction ID: ae55dd399ede94944eaf4df11686261e5f4acb9d6566e0f355c88adbf94d2a87
                • Opcode Fuzzy Hash: 655fbac8f1fcc9fccf2bf7be62353649d6b78faf8743fa907c10e0f7c58f63a1
                • Instruction Fuzzy Hash: DA31C435611A0AEFDB12AF28DA80A9EBBA5FF44758F005419E90147F61EB35EC30CB81
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CE730, Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52fcb8589383a30b0b0b25292c935327112546b328e20d3bf38b12ddb5d2690d
                • Instruction ID: c8b5503e7dc99c98a4239d25954c14f5f4d01e3ce355a7515a19e8c8920a1526
                • Opcode Fuzzy Hash: 52fcb8589383a30b0b0b25292c935327112546b328e20d3bf38b12ddb5d2690d
                • Instruction Fuzzy Hash: 3B319175A14249EFD704CF58D845F9ABBE8FB08718F14826AF904CB741D631ED80CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CBC2C, Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 778b67c4baf155d3df650920cfd4a45268a14171694aa481fd043b85b9e4f875
                • Instruction ID: c3747f2aef5626df964a9be0bbefd700c4ef0c2efb69cb6c2ccb56873e3bf330
                • Opcode Fuzzy Hash: 778b67c4baf155d3df650920cfd4a45268a14171694aa481fd043b85b9e4f875
                • Instruction Fuzzy Hash: F6313172A006168BCB51EF58D4817AAB3B8FF18758F06807DED44DF24AEB34DD068B81
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01399100, Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9d26c3f6b09c55d4f358c33b10222adcb9e4a422f2422011293fd1e7586e04e0
                • Instruction ID: 6e39a05e751b1e0de8e91177bb4bea273e9c838b9acf9886f2893385ab20237b
                • Opcode Fuzzy Hash: 9d26c3f6b09c55d4f358c33b10222adcb9e4a422f2422011293fd1e7586e04e0
                • Instruction Fuzzy Hash: 7331C6B5A01246DFEF25DF6CC4887ACBBF5BB9835CF18814EC50967251C334A980CB52
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CF527, Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                • Instruction ID: a5f357c57fb3ac43e9abdf35853c953e385b32d276fc9c15344cfb23c7f69ff2
                • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                • Instruction Fuzzy Hash: 3F319A31600649EFD721CF69C880F6AB7B9EF94758F2005A9EA158B690EB30EE01CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C1DB5, Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                • Instruction ID: 78bcd76fcb86ac70728b847cd4ab11fa879bd0f8c5d9a43114143e5ea9f24f37
                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                • Instruction Fuzzy Hash: 78219571600119FFD711CF6DCC80EABBBBDEF85A58F114059E609DB651D634AD01EB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013B8D76, Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d5bcb298e8a00a7dbd8be4dd395eb0837e1fb273f9f73e7ca11811becd45ea2
                • Instruction ID: e704a4e7d8179434270013261d237cee8bf0d2147aa2065817af18a78e82056e
                • Opcode Fuzzy Hash: 7d5bcb298e8a00a7dbd8be4dd395eb0837e1fb273f9f73e7ca11811becd45ea2
                • Instruction Fuzzy Hash: 27217139241681CFE726CB1DC4D4BB677ACEB51749F0844ABEA8287A91E739D881C710
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013B0050, Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 83e8c035a4f5e7e83ab2f176305929182063f3f4eccc64d0aa882dc34404d91c
                • Instruction ID: eab5bd56d2b6a953290bd532c3d854491cede810c787aba72044ed6a196454ec
                • Opcode Fuzzy Hash: 83e8c035a4f5e7e83ab2f176305929182063f3f4eccc64d0aa882dc34404d91c
                • Instruction Fuzzy Hash: 1A318E31601B05CFD726CF28C880B9BB7F5FF89718F14456DE69687AA0EB35A801CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01416C0A, Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9dc7fc17b9cb6b9f4b2fba3fd3af7248f5611dec4fcade7f8ca34296e3d27292
                • Instruction ID: 67003e2b4040f3507033d37e05ddf9c7994bd199a9b9f0a498c0629fd32a7095
                • Opcode Fuzzy Hash: 9dc7fc17b9cb6b9f4b2fba3fd3af7248f5611dec4fcade7f8ca34296e3d27292
                • Instruction Fuzzy Hash: FA219A72A00645AFD711DB6CD980F6AB7A8FF48744F14006AFA05CBBA1E634ED11CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01394A20, Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0894da9bd4ebda9ba92480977bb4a8ca4486b7a3ded090de0b459d049af6610
                • Instruction ID: 30313918a37bce847d9861a4b5b0cd45226b435175a7341db73492904d551d52
                • Opcode Fuzzy Hash: d0894da9bd4ebda9ba92480977bb4a8ca4486b7a3ded090de0b459d049af6610
                • Instruction Fuzzy Hash: EF21DB31100606DFEF36AA2DDA00B2B77AAFB5032CF10471DE55656AF2E734E942CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D90AF, Relevance: .1, Instructions: 76COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                • Instruction ID: 9cecce19f605debba743c8b4d31513a856dd54f7603ed1c5a2bcdf0c2edbe28b
                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                • Instruction Fuzzy Hash: 35218372A00209EFDB21DF69D444BAAFBF8EB54718F14847AEA45A7610D330ED00CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C3B7A, Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39a04480a3848a40636941f51c06694989fbe96904295f215b196a60fa61157c
                • Instruction ID: b59a2658bee19371648edab15c27e331c3e23acecd1b2d79632678829d89a3bd
                • Opcode Fuzzy Hash: 39a04480a3848a40636941f51c06694989fbe96904295f215b196a60fa61157c
                • Instruction Fuzzy Hash: D0218072A00119AFDB11DF58DD81B6EBBBDFB44708F15416CE605AB261D371ED118B90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01394B94, Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                • Instruction ID: b0e821fa5360a947e3aaf2447d29c565edb7716a2b89dbcf27bc7d2136c7683f
                • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                • Instruction Fuzzy Hash: 3A31C171900665EFDF28CF68C680679F7F8FF44218F148669C86997A60E770A942CF40
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01416CF0, Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71c0fab483bd1cea3211df20c3bfb0771fe044a2ec01875c7cafe7579754e955
                • Instruction ID: 8c216a68e931a3e14170c652bdb91d9b2ce33865a56253e10881eda81043e344
                • Opcode Fuzzy Hash: 71c0fab483bd1cea3211df20c3bfb0771fe044a2ec01875c7cafe7579754e955
                • Instruction Fuzzy Hash: 3D2134724003459BD311DF2CC944BABBBECEF91684F05095BFA40C7264E774D94AC7A2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013A28AE, Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b244eb7b4c29e45287d8d300ce829467e346a2ad757676284048ad6b223c9704
                • Instruction ID: c576e1a511423bed531d041b1b4576ae51fafc7360902b3a95801de7485c9184
                • Opcode Fuzzy Hash: b244eb7b4c29e45287d8d300ce829467e346a2ad757676284048ad6b223c9704
                • Instruction Fuzzy Hash: 1A2199726056819BF722576C8D44F253F98EF417BCF290769FB219BAE2DB689840C211
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0146070D, Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                • Instruction ID: 0f6ce92cab8cc858e044d875221b2bacf3dacd589f0099fc0827b7e2aa6dade4
                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                • Instruction Fuzzy Hash: EC21F236204200AFD705DF18C880B6ABBA9EBD4754F04866EF9959B3A5D634DD09CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139519E, Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dbefb6ee49b32c4e3e434eed0dc863049902f3510a6096090fb5b009448b1
                • Instruction ID: 3c61ea9b0812143c54a4cfda9e4612dd5fed3bf4d946c643dcd07fb46d16f649
                • Opcode Fuzzy Hash: 153dbefb6ee49b32c4e3e434eed0dc863049902f3510a6096090fb5b009448b1
                • Instruction Fuzzy Hash: 051124719413059BCF259F2CC450BBABBE6EB15618F14016BFA469BB81E631C881C650
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013912D4, Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                • Instruction ID: 14af43b732fa4ccee192fb9c6ef7800f624548ce71f4a5eeb62535f21d5a5c90
                • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                • Instruction Fuzzy Hash: 8E11E67360060AFFEB229E5CD881F9ABBBCEB84768F104029EA059B540D671EE44CB54
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CFD9B, Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                • Instruction ID: 30b723677cca1708a356e1a561274b976e19e6a33f8adb196f8b40ba907b60ac
                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                • Instruction Fuzzy Hash: B6217C72A00645DBD731CF5EC584A66F7EAEB94E14F24817EE95987A25D731EC00CF80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C12BD, Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b3a55eb3037143116c1676001e6370224a23568ae8402d11e0a93840f622eb5
                • Instruction ID: 384474ca4813533422c47645cffc18c89f547b83486df00d5539b8357928383b
                • Opcode Fuzzy Hash: 8b3a55eb3037143116c1676001e6370224a23568ae8402d11e0a93840f622eb5
                • Instruction Fuzzy Hash: 43216A72600600DFD775CF2CC880B6AB7E9FB44A58F10882DE59ECBA52DB31AC40DB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D5A69, Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b7851e17a725c4d0d2caeb2aa78cd5189c7c304e7e735b46fb3388597bdc4c3
                • Instruction ID: 3403b979a46d8efd424cdaa8e3f4d0e9541d58df3961b27635891af9493591b5
                • Opcode Fuzzy Hash: 7b7851e17a725c4d0d2caeb2aa78cd5189c7c304e7e735b46fb3388597bdc4c3
                • Instruction Fuzzy Hash: B711E436241A618FE3278B2DE0E077577F4EB01748F08046AE98287791E379DC85C751
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CB390, Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef302f5e71fb0cc96e09bafed7c0fad844dc49ac79d1cb3b71bbdbe35cedf746
                • Instruction ID: 9564b5603916ccc02301cfdb2f511bb8e641295ed9b41cd2cdf9d889bb5baaed
                • Opcode Fuzzy Hash: ef302f5e71fb0cc96e09bafed7c0fad844dc49ac79d1cb3b71bbdbe35cedf746
                • Instruction Fuzzy Hash: 7B116F333111115BCB29DA198D81A6FB396EBC5774B35013EDD16DB7D0D9315C02C794
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01399240, Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d762356ff75df60fd0b8de49ab605576600fb57575eb2360e77739f7001b93f
                • Instruction ID: ba617576a62c81b327fd728d798de2ca368170dca0a59347e63793c098bc9429
                • Opcode Fuzzy Hash: 7d762356ff75df60fd0b8de49ab605576600fb57575eb2360e77739f7001b93f
                • Instruction Fuzzy Hash: 6F212A72041642DFC721EF6CCA81F59B7B9FF2870CF54466CA1499AAA1D734E941CB44
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01393138, Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                • Instruction ID: 3451d8bdf5108bff1fbc88113e069ebc7d17dee02c37f1fb5e86d2b3aeddd0d1
                • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                • Instruction Fuzzy Hash: 1111B6B5600304EFEB25DF64C844F66BBF9FB85318F14859DE4059B651EBB1AC42CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145E962, Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                • Instruction ID: 93ee2fc79ba21610722943678865187e3d2d8940002998ea5dfa55fa70763945
                • Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                • Instruction Fuzzy Hash: 1911C433600519AFDB59CB59C805AAEFBB5EF94310F14826AEC45A7351EA31AE51CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CDF4C, Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
                • Instruction ID: 4434725bc6ad4a301811c5c783afeb99e0c37e2362226ae67288375d510a4c6b
                • Opcode Fuzzy Hash: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
                • Instruction Fuzzy Hash: 48118E712016069FD729DF59C480B66BBF9FF85725F05816DF50A8B6A0E770EC01CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01424257, Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b145a12f633cf7493374903282e32b580c297841dc5240b2109fbb2266f5f07
                • Instruction ID: b620ab9ce85ddb893a9dba3722743240ee9cd748ebe7cb11345974e255c254bb
                • Opcode Fuzzy Hash: 7b145a12f633cf7493374903282e32b580c297841dc5240b2109fbb2266f5f07
                • Instruction Fuzzy Hash: 4C213870A01A12CFC725EF69D400A19BBF1FB56794BA8826EC115CB3B9DB319891CB10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013A28FD, Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09b0391836e7f0e876d298c645cdaba3808d4f042450a432a28b6d14d1257fbb
                • Instruction ID: c32d1d3cf3cea1286f36c167c3e9b6cd11e679d64f2fdf1288b161b78c6033f6
                • Opcode Fuzzy Hash: 09b0391836e7f0e876d298c645cdaba3808d4f042450a432a28b6d14d1257fbb
                • Instruction Fuzzy Hash: 5911C436754644ABF326936DCD48F277B9CDF91B98F14006EFA419B6E1DAA4D8008261
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C2397, Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 931d6f2021c0f8f608fd198ea2d927ef67c2bcf9f8a7abe57df47c932948c557
                • Instruction ID: fd288b305280dcdaabdcdafb03c2e76c8b93cda239ca16e18f2812e7bad3f384
                • Opcode Fuzzy Hash: 931d6f2021c0f8f608fd198ea2d927ef67c2bcf9f8a7abe57df47c932948c557
                • Instruction Fuzzy Hash: A4112B32740306A7E735A63DAC80B1BB79DFB60E18F54442EFA06A7690D6B4DC448B54
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139C962, Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 57fb9a968808dcb6bcaef4f485e839d3e4c0a520a6e99a87ce35ca7a2d269cad
                • Instruction ID: 20ef5db02e92c95fb2f4cadbd3ee0528af2ccd5baa3776a8bc0a45eb15cd19bb
                • Opcode Fuzzy Hash: 57fb9a968808dcb6bcaef4f485e839d3e4c0a520a6e99a87ce35ca7a2d269cad
                • Instruction Fuzzy Hash: 6B11E0312046069BC711AE2EDC5492BBBE5FB85615B20053EE986836B1DB30AC15C7D2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01394CB0, Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 056d593adf6383dda6c9d5993ddbd13cb6ac6315f1989fef61504b6c9bf95b14
                • Instruction ID: 7af1ba66e380e6395cc4b90678a9f255577adce28a6744d62df0b745a10d1083
                • Opcode Fuzzy Hash: 056d593adf6383dda6c9d5993ddbd13cb6ac6315f1989fef61504b6c9bf95b14
                • Instruction Fuzzy Hash: 62119175A007059FDB12CF59E941B67B7E8EB45318F054469EA95CB212DB31E8018BE0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C002D, Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                • Instruction ID: 8e5d93d8ea5f8687c5bad1ae4fbda9afe5128995580209107de68d34d3d8aa88
                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                • Instruction Fuzzy Hash: A911A036601AD1CFE723976D8544B263BA8EB40B98F0E00B5EF0487BE2E338C841C350
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01399080, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5967eda7cc223d7bcd32edff885cd2c4f653d2729c8a39573ab2dbc147ec0fc9
                • Instruction ID: d4482cb96ad6f112f6a99ca687a963b18451e9df1acf367781215c343aab3f3a
                • Opcode Fuzzy Hash: 5967eda7cc223d7bcd32edff885cd2c4f653d2729c8a39573ab2dbc147ec0fc9
                • Instruction Fuzzy Hash: 8D01AF72A016058FD7299F18D840B1ABBA9FF8532CF25406AE6158F7A2D374DC41CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C3B5A, Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7ac5861cd46621534cd5e63aa53b6d62a129e6e92cda38097aff3e53f86d885
                • Instruction ID: 780f7dbe26bc14962a6c19a07feba75e18588a947b837548e71e007278a1533e
                • Opcode Fuzzy Hash: e7ac5861cd46621534cd5e63aa53b6d62a129e6e92cda38097aff3e53f86d885
                • Instruction Fuzzy Hash: 081158325414518FCB2AEB4DCA80F6E77B9FB58A04F06016CE506AB7A2D338EC11CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01451A5F, Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f40112ab7b45e4a66be22ea3c47df251c697006e45e1ea9e7d176ba764f1fcbb
                • Instruction ID: 8c8771961d8e59c3b3933b795df57bf75558d6f1c94c433f6943919e57ad52d8
                • Opcode Fuzzy Hash: f40112ab7b45e4a66be22ea3c47df251c697006e45e1ea9e7d176ba764f1fcbb
                • Instruction Fuzzy Hash: 11116D72E01259AFDB10DFA8D845EAFBBF8EF84714F04406AF905EB390D6749A01CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013931E0, Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                • Instruction ID: 7920cb23da034285daaff59200259244b4a804cff8a39a144eb0a7adbb027acb
                • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                • Instruction Fuzzy Hash: 24012872200B05DFEF22D6BAD904AA777EEFFD1A58F04441DAA8687550EA70F801CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01464015, Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f3a4a18d2b4deed5645c75057d1be6c8872b341a478067bac85c6292c4f1b9f7
                • Instruction ID: 09ca6a76d78dfebc055eaba7ed0a95240e5a4b7e39a5505448d15ada1e56d8d4
                • Opcode Fuzzy Hash: f3a4a18d2b4deed5645c75057d1be6c8872b341a478067bac85c6292c4f1b9f7
                • Instruction Fuzzy Hash: 8A018F722419467FD751AB6DCD80E57BBACFF95668B00022AB608CBA61DB34EC11C6E4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01451951, Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f15acd814227c4fbe8c08b62efffafe7a96c5b5bbe45d317c5290033ff9dcc92
                • Instruction ID: 32767945ddae98e23095b23c8555cb82d7b653a9a42ee92b6fa54488b4965f58
                • Opcode Fuzzy Hash: f15acd814227c4fbe8c08b62efffafe7a96c5b5bbe45d317c5290033ff9dcc92
                • Instruction Fuzzy Hash: BF015272E01219AFDB14DFA9D845FAFBBB8EF84750F00405AB941AB390D6749A01CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014519D8, Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b6f131adf6645ad4e25c57d5dcfafbdb1a92e6854df0e391d1728e4c0f7bebf5
                • Instruction ID: 1a8122689b834ed5a491914d778bae1f8aa163ba1c6e0c84a3d038b57778072f
                • Opcode Fuzzy Hash: b6f131adf6645ad4e25c57d5dcfafbdb1a92e6854df0e391d1728e4c0f7bebf5
                • Instruction Fuzzy Hash: AB015272A01259AFDB14DFA9D845FAFBBB8EF44710F40405AB901AB390D6749E01CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01451843, Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 43ec88f258c260b26ed0f91fc8d60cc50811a259d59c50a1c7b39712a780c54f
                • Instruction ID: ac9febe638c9da2cfbc6d227e992900cfa76f67bb4a9ff43d5f5ce7d8afb313f
                • Opcode Fuzzy Hash: 43ec88f258c260b26ed0f91fc8d60cc50811a259d59c50a1c7b39712a780c54f
                • Instruction Fuzzy Hash: 9D015272E01259AFDB14EFA9D845EAFBBB8EF44710F04405AF901AB391D6749A01CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014518CA, Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af18312f599753cad146d98f6ae716b5c5be0641119888e40a2ba9187f3c1c8c
                • Instruction ID: bf28f7596a96b6978e0e8841bbd6903ef28a10733735ee79ebb27a5ba333f842
                • Opcode Fuzzy Hash: af18312f599753cad146d98f6ae716b5c5be0641119888e40a2ba9187f3c1c8c
                • Instruction Fuzzy Hash: 74019272A01219AFDB10DFA9E845EAFBBB8EF44710F00405AF901AB380D6749A01CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013970C0, Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                • Instruction ID: e42d7ec00d576b6150adf7aa4d3c93a79746a062b00948e75f4ebae577233237
                • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                • Instruction Fuzzy Hash: 60118E32520B02DFDB319E18C880B22B7E5FF5072AF158868D5994AA92D778E881CF10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145138A, Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c5647dc029a9796d63c768de16f56fff5f0f1d1dcef92611688f99c40f3e633
                • Instruction ID: 152aed6d53ea7d7dfa1e79a782f936303bf1513bfd0588fd02c01c87ebf9e74b
                • Opcode Fuzzy Hash: 7c5647dc029a9796d63c768de16f56fff5f0f1d1dcef92611688f99c40f3e633
                • Instruction Fuzzy Hash: AE019271E00218AFDB10DFA8D881FAEBBB8EF44710F00406AB900EB381D6709A01CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468450, Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                • Instruction ID: 34684c672f451d60d4d89b50d0b5fc8663705c558db9612a3ab48bf53de8a24c
                • Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                • Instruction Fuzzy Hash: 0601B5322007029FE7219A69D840F57B7EEEBD5654F04492EE6468B760EA71F840CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014514FB, Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a7772250a1f5062724b88e258e815e838227005d573dd553b2e94cb3b745b65
                • Instruction ID: ecb8bef5e15a0fbb2ffcb56fec51c94801f2482a9a769d2babd616f45d4406e3
                • Opcode Fuzzy Hash: 7a7772250a1f5062724b88e258e815e838227005d573dd553b2e94cb3b745b65
                • Instruction Fuzzy Hash: 97018071A01258AFDB10DFACD841FAEBBB8EF45714F04405AB905EB280D670DA01CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013958EC, Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2da258a1dab2d9fc4d6b1a750b5f7a50c045ea5a86133fbfa90ac623d89701f2
                • Instruction ID: 6504ad000dd6a81ca944ca6ddf04deeddb7b3af73653bae65c292332bfe28b63
                • Opcode Fuzzy Hash: 2da258a1dab2d9fc4d6b1a750b5f7a50c045ea5a86133fbfa90ac623d89701f2
                • Instruction Fuzzy Hash: 3B01A231A001099BEB25EE69E800AAEB7ACFF55138F55406FDA059B658DF30DD45C790
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013995F0, Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                • Instruction ID: 2e0fde1372d00f4c7892ff682a2ac9f729516c18ed06e0dabf719f3186f41453
                • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                • Instruction Fuzzy Hash: B3014232A01245EBEF129B99C900F2933A9EB91A3CF10411EEE058B690DB34ED00C7D1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468966, Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8eba1bba2f1bfb2ca5194ba9e28b743c507c3864231349e586fc57ec6b1f5c6
                • Instruction ID: 42225a63154bdf82d3a518579175b0fd921103aa29ee27cf50c30a13f5f6f03d
                • Opcode Fuzzy Hash: e8eba1bba2f1bfb2ca5194ba9e28b743c507c3864231349e586fc57ec6b1f5c6
                • Instruction Fuzzy Hash: F201E9B2E0121DABDB00DFA9E9419AEB7B8FF58314F10445AE905E7390D6749A01CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013AB02A, Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                • Instruction ID: 248e0b64daaecf61b2844b9a6f71499ac62f8755e432bb50668b4f5eb036c741
                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                • Instruction Fuzzy Hash: 3001A772240584DFE322C71DC984F76BBDCEB95758F0940A5FA19CBA65D738DC40C620
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01461074, Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1072d3e00681cc7b1ffac3206dfc301b7d7ee4ed2858c7b46e92fcfdc9e4844
                • Instruction ID: 6ca204210d18f87b4ae7d4ef0b4c8d9d49f24dcbd2f30909b321a6141e64196e
                • Opcode Fuzzy Hash: d1072d3e00681cc7b1ffac3206dfc301b7d7ee4ed2858c7b46e92fcfdc9e4844
                • Instruction Fuzzy Hash: 270128726047429FCB10EB29C940B1B7BE9ABD4714F04861AF985837B0EE30D840CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145129A, Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b2415bc57d3739e50a7dfd9f86e196f669d8fd3aaf2623fbe1fc85efa1a005b
                • Instruction ID: 4d8bbd56e9587262226626edbd850ede4d14c9dc8f549dc44262f3bdd908c4b9
                • Opcode Fuzzy Hash: 8b2415bc57d3739e50a7dfd9f86e196f669d8fd3aaf2623fbe1fc85efa1a005b
                • Instruction Fuzzy Hash: 1D01D472A00268ABD710EFA9E845FAFBBB8EF54744F00406AF901EB380D674D900CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01451751, Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfb94b736cdc6969cef571eb75427b0c281f59821566cac4c02c6bc6f7b004af
                • Instruction ID: fef9520b56dcfba983d27e001dfaa8ff1a8b9afe496255be764880d2a7eb285f
                • Opcode Fuzzy Hash: cfb94b736cdc6969cef571eb75427b0c281f59821566cac4c02c6bc6f7b004af
                • Instruction Fuzzy Hash: 59018476E01218ABD710DBA9E845FAFBBB8EF94704F04406AF905EB391DA749901C794
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139A745, Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1cdaa8b2511daa4b8b30c8e803618a8377f3160ef0c13a20e5ab8f0122f0e413
                • Instruction ID: b8fc6735d4f9e74e08fd9b2ffe82f0a1d7da321beb47aa73b9e6ddfeb84720fa
                • Opcode Fuzzy Hash: 1cdaa8b2511daa4b8b30c8e803618a8377f3160ef0c13a20e5ab8f0122f0e413
                • Instruction Fuzzy Hash: 6401DB72101202DFC320EB6DDC41E2A77ADEF51318B44836EE508DF661EA34D841C7D0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014689E7, Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e6755e863314c7fb75efb01193f87b0fae93a7f52b93e7b07c19b2eca0629979
                • Instruction ID: 74b6d06d5da91dbe2b32b6c49ac54e9da3490a0656733a5659bfc51c00a04a41
                • Opcode Fuzzy Hash: e6755e863314c7fb75efb01193f87b0fae93a7f52b93e7b07c19b2eca0629979
                • Instruction Fuzzy Hash: 1A012172A0121D9FDB00DFA9D9819EEBBB8EF58354F10405AF905E7350D6349A01CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468A62, Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6621957f7396ff67470b6127c9dabf0c50720f7aacd499a8990e863d500eb38
                • Instruction ID: d6e6a0ad73026483043d0e7ae2b31822c78f32d10e62829a0bfceb60e2f7b28f
                • Opcode Fuzzy Hash: a6621957f7396ff67470b6127c9dabf0c50720f7aacd499a8990e863d500eb38
                • Instruction Fuzzy Hash: CE012172A0121D9FDB00DFA9D9419EEB7B8EF58354F10405AFA04E7351D634A901CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468ADD, Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 86153aa5611f54a30c9f4a258f59c571f190cc1e91b42477bc162e34a971dbb9
                • Instruction ID: 73ea064a8a34749d123cfeb29585c6646e84aa7fda5147169d462ed7c33dadbf
                • Opcode Fuzzy Hash: 86153aa5611f54a30c9f4a258f59c571f190cc1e91b42477bc162e34a971dbb9
                • Instruction Fuzzy Hash: 770144B2E0121D9FDB00DFA9E9519EEBBB8FF58754F10405AF904E7350D6349A01CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01469CB3, Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d33ac4eeb20c787f5c481d2c055652d34153ae48fdc8b4b1476f744a1021b536
                • Instruction ID: 06603ccecfd373bcb659a957eed2945978380749d30c57e83c261c6a531287c1
                • Opcode Fuzzy Hash: d33ac4eeb20c787f5c481d2c055652d34153ae48fdc8b4b1476f744a1021b536
                • Instruction Fuzzy Hash: A6012172A0121DAFDB00DFA9E9419EEB7B8FF58318F10405AF904E7390D674A901CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139DB60, Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                • Instruction ID: 66b19213cbee0a3c2ca5a9a84e1d1720984ef77518fbcfa3f6bf5d7a06a3033c
                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                • Instruction Fuzzy Hash: 1EF0FC332016239BEB325ADD48D1F6BBA998FD1A6CF150035F2059B744C9708C0286D1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139B1E1, Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                • Instruction ID: a975c5851e9e6545e3bd665e73fd765b1a0a451205d165038157083ced35ad6c
                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                • Instruction Fuzzy Hash: C001F4322006849BEB22975DD844F6ABF98EF91798F0800A5FB148BAB6E678C800C314
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01397057, Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ffdb826bf4baac7c48d02b72a7483a2639deb601c80ffd3aaba5580df1d3d22
                • Instruction ID: 0fb32d9601e006a4abead0d556060d82f21d497839aae333d9332c6e3455fe11
                • Opcode Fuzzy Hash: 1ffdb826bf4baac7c48d02b72a7483a2639deb601c80ffd3aaba5580df1d3d22
                • Instruction Fuzzy Hash: FE01AD31610608AFDB31DF68DC05FAFBBF9EF44A14F14016DE90583290DAA1AA04CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01469BBE, Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b75e6ed67050483a8ba359ec1e849656999dfc5405ce512746bab50b27144b13
                • Instruction ID: d7000a5a0c7299f81ad6e9b6378c1523b2bef2be9998aca0fd1142c369ab61d6
                • Opcode Fuzzy Hash: b75e6ed67050483a8ba359ec1e849656999dfc5405ce512746bab50b27144b13
                • Instruction Fuzzy Hash: 33014472E016199FDB00DFA9D841AEEB7F8FF54314F14405AF905A7390D7749A01CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01451229, Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17f36c3f1d5cb89301cfab39cff96310c088dc7f8a13933db5781afeac242aee
                • Instruction ID: ca531bb1231c99391aeadbe2cea7052a43ea1f2557b1c78b387182e406e50fbc
                • Opcode Fuzzy Hash: 17f36c3f1d5cb89301cfab39cff96310c088dc7f8a13933db5781afeac242aee
                • Instruction Fuzzy Hash: 2701A472E01218AFDB14DBFDD805AAFB7B8EF54750F00809AF911FB290EA749901C791
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01391480, Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                • Instruction ID: 2ab30245e6d229d6aab6a7902a94d40dc31b8a191e1ccad2d129462dda9f83d2
                • Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                • Instruction Fuzzy Hash: CEF0A436B01109ABDF15DA49C940FFEBBBDDF88614F1501A9A905FB740DA30AE01C7D0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C5AA0, Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                • Instruction ID: c920aff2556242ae2f04e2fb491ae45fe6a993128b5a35d9842e5691f967acce
                • Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                • Instruction Fuzzy Hash: F701A23564074A9BE7229B1ECC84B5A3799AF10A28F00825AED548B6A1D7B4ED408752
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01393591, Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                • Instruction ID: 6674ac4c999494fcc45583ae799286e8784b22e3151e38087388654c8b893dbf
                • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                • Instruction Fuzzy Hash: AEF0C8B1A02309FBEF24EB798850BAA7BA8EB58614F048155DE02D7100DA31D9408795
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0144FDD3, Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 55f2a67d0da32b288017ffa769717ae42f7c34d0a991768022b6e0c16812d895
                • Instruction ID: f02664056c45fc47454cd7f22c8f68c752bc698b29f2a1536c9994056758b9ab
                • Opcode Fuzzy Hash: 55f2a67d0da32b288017ffa769717ae42f7c34d0a991768022b6e0c16812d895
                • Instruction Fuzzy Hash: 07F0C232B04258ABEB14EBADE905E7EB3B4EF45605F00006AB901EB6D0EA30D905C741
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01391BE9, Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                • Instruction ID: b4bb6c3b0e2830302586cea4e5f23c72eaaca1c690c274f75674fcd89a3b641a
                • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                • Instruction Fuzzy Hash: FBF02B31714209ABDF18CF29CC00B56B7EDEF98324F1080789546D7290FA72ED01E754
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0145131B, Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b712caf038ec8f556069e942387aed96ab5cd69827e155fefd26bc9279297a6a
                • Instruction ID: 6f20824060c5608193f8b22f37382117ced68d06561c326962f92b1e7300be6f
                • Opcode Fuzzy Hash: b712caf038ec8f556069e942387aed96ab5cd69827e155fefd26bc9279297a6a
                • Instruction Fuzzy Hash: CD013C71E01209AFDB44EFA9D545AAEB7F4FF58700F00406ABD05EB392E6349A00CB54
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468F6A, Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06a5529b2144b15dd4b8c12ab7a459df9aa39d3fa0e1080f2542a8cdc12385c1
                • Instruction ID: e7c7cf8a6c8f8c6d6cbf51a42eafa85128a489a2b481fe2df4a04e51935fb4a8
                • Opcode Fuzzy Hash: 06a5529b2144b15dd4b8c12ab7a459df9aa39d3fa0e1080f2542a8cdc12385c1
                • Instruction Fuzzy Hash: DD014F75E0120DAFDB04EFB8E545AAEB7F4EF58304F10445AB905EB390EA74DA00CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BC577, Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2d224c65583f05e901efb31d8e0b73b7a8a1d0f43212cbf7f22275de0032288
                • Instruction ID: c3c1fad9014f37eff5a0adedc06deeb2c2726f2befef71636e72824386f9df49
                • Opcode Fuzzy Hash: c2d224c65583f05e901efb31d8e0b73b7a8a1d0f43212cbf7f22275de0032288
                • Instruction Fuzzy Hash: F7F02EB2911394CFE732CB2EC0C4BA27FE89B0427CF44A46BD70687E02E6A4CC84C250
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01452073, Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1146039fd4bc6594028998aa3ca72a2283ffcce5deb06d1f081d76f5da7a550f
                • Instruction ID: 8a84dbb4ce64d5182097d705a009ec911d06d6d1b00809a15be2f3f8fffaf622
                • Opcode Fuzzy Hash: 1146039fd4bc6594028998aa3ca72a2283ffcce5deb06d1f081d76f5da7a550f
                • Instruction Fuzzy Hash: E1F027A64131868BEFB76B2D24007DE7B92D765910F49044FDE9017337C6748893CB10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D927A, Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                • Instruction ID: 4af0740ed4b4e809257aa8b435a8ee0e0a4c2c0d49892b9d8795c1200df27b14
                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                • Instruction Fuzzy Hash: DAE02233340A016BE7219E0EECC0F4337ADEF92728F044078BA001E282CAE6DC0987A0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468D34, Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 79575a1a14328751a1e1fb7e14e27d2683a9f1d9c25390d576f049e5eaf1c7f9
                • Instruction ID: 1070a7a9d3e1b69831744db1ec433655e4ce614964a9dcedc63ec17bdea2333d
                • Opcode Fuzzy Hash: 79575a1a14328751a1e1fb7e14e27d2683a9f1d9c25390d576f049e5eaf1c7f9
                • Instruction Fuzzy Hash: 14F0B471E047099FDB14EFB8E441B6EB7B8EF24304F108099E905EB390EA34D901C755
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468C75, Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2985b40688e174969600f214d8b509b866ee807dec96baef09b6eb0d9191c13c
                • Instruction ID: 4913b5f7a2718be45d10a0cbfdfd98b7b987fa405e820ac370ca7d8c7b8d86a6
                • Opcode Fuzzy Hash: 2985b40688e174969600f214d8b509b866ee807dec96baef09b6eb0d9191c13c
                • Instruction Fuzzy Hash: F1F0BE71E15359AFDB14EFB8E941E6EB7B8EF54308F004499A905EB390EA34D900CB81
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468C14, Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c96518cf8067e1393ec19217fac353c41265b2963ea15380eaee69d96efb6ef
                • Instruction ID: 3709edf1c5914af132fba5bc5f71f7bf9ecb66215d6e9036bb6a96b761046f46
                • Opcode Fuzzy Hash: 0c96518cf8067e1393ec19217fac353c41265b2963ea15380eaee69d96efb6ef
                • Instruction Fuzzy Hash: 1BF0BE71E05319AFDB14EFB8E901E6EB7B8FF14304F004499A905EB394EA34D900CB81
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468B58, Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f056204981c480711805c712352c06a730be57eaf8ec1edc16a9da3585b5143
                • Instruction ID: e9f009df62e17bbb9fddfdfe47ef277c5b2b5d91f89654ea4a9161c6d8168c27
                • Opcode Fuzzy Hash: 9f056204981c480711805c712352c06a730be57eaf8ec1edc16a9da3585b5143
                • Instruction Fuzzy Hash: 4AF082B1A04259AFDB10EBB8E906E6EB7B8EF04708F040459BA05DB3D1EA74D900C795
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01451BA8, Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 261b1184b171f73bb6bb6f74524562a1991e27bd5946c33e022e8cc5a3e06255
                • Instruction ID: 4ed0479ce1d1ab4e19e84c3456e4ea894dd4d3699852fdadbfd3a5358db139dc
                • Opcode Fuzzy Hash: 261b1184b171f73bb6bb6f74524562a1991e27bd5946c33e022e8cc5a3e06255
                • Instruction Fuzzy Hash: D2F08272A05248AFDB14DBE9D846FAE77B4EF08704F000099EA05EB3D1E974DD00C755
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468BB6, Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41698bdf1477205a7e4530dcff58d8502394da68edd9ac365c10d049ce1a2ceb
                • Instruction ID: abbf04828c00b10516dc51a69ccf4bbec5c6b291f4f3c07277e86c387c3d04e8
                • Opcode Fuzzy Hash: 41698bdf1477205a7e4530dcff58d8502394da68edd9ac365c10d049ce1a2ceb
                • Instruction Fuzzy Hash: B1F05E71A04259AFDB14EBACE905E6EB7B8EB44608F040459BA059B291EA34D900C759
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013B746D, Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f0fad5c9acc8e71323104d98e85f6301bd1bcd41ac79ca61609b30906cce7681
                • Instruction ID: d5e3834ddedf3ec8fba2c6d58e9c42e454838d8ae550b5bab5a1806de3d3611e
                • Opcode Fuzzy Hash: f0fad5c9acc8e71323104d98e85f6301bd1bcd41ac79ca61609b30906cce7681
                • Instruction Fuzzy Hash: 05F0B435604149AADF02976CC8C0BFABF75EF8421EF540269DB51BB9E1F76898018785
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01468CD6, Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 714d16502f89fe70296bee87b9ee22090d2aac66d85536af49abe0b8d6c56b2c
                • Instruction ID: 88fc24c2d8c4f54c96b67affb0f7da8cd34561c4ce36f1c0bec7e9e385f19cf1
                • Opcode Fuzzy Hash: 714d16502f89fe70296bee87b9ee22090d2aac66d85536af49abe0b8d6c56b2c
                • Instruction Fuzzy Hash: 20F08271A05209AFDB04DBBCE945EAE77B8EF69208F10019AE915EB3D0EA34D900C755
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01394F2E, Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c13bcfc03b2855c175c592914d90759f42f5cf58848bb88062495875d5ad97f7
                • Instruction ID: c1ffc3c310965e745e36f1f794c53aa26d38af72871209d535b3c94a24671848
                • Opcode Fuzzy Hash: c13bcfc03b2855c175c592914d90759f42f5cf58848bb88062495875d5ad97f7
                • Instruction Fuzzy Hash: D7F0E23252978D8FDB76CB1CC284B22B7DAAB047BCF04546DE60587923C734EC45C640
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139354C, Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aeb3243a71477a298ec74cc01102c9e5e18716b03af22e751a3a9e2620f91d0b
                • Instruction ID: a06e1d817da5d1d443014ce1b81388e7e774e07bc1b01844300821168f154535
                • Opcode Fuzzy Hash: aeb3243a71477a298ec74cc01102c9e5e18716b03af22e751a3a9e2620f91d0b
                • Instruction Fuzzy Hash: E4F082729117A99FD732972CC148F11BBDC9B45AB8F154065E50987993C7A8E884C690
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CA44B, Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a9f6cf21efc5f12de1f88029970f151b8de0c3f054e886725cb4e4ede05af621
                • Instruction ID: 8eb3fb9c0849249cbdb36c9d4c1094fc1aa3ad338e44ed773e4d2e2054907dc8
                • Opcode Fuzzy Hash: a9f6cf21efc5f12de1f88029970f151b8de0c3f054e886725cb4e4ede05af621
                • Instruction Fuzzy Hash: CDE09272A05425ABD2225E18BC40F6AB39EDBE5A59F194039E605D7214E628DD02C7E0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139F358, Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                • Instruction ID: c0100df5df4eb6c47cb2b7f0e4c0aa184b7f091c1c618bfed04ba1c273639075
                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                • Instruction Fuzzy Hash: 26E0DF32A40118FBDB21AADD9E05FAABFADDB58A64F000195BA04D7150D5689E00C2D0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013915C1, Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                • Instruction ID: 96a5950e005a2bdbc5f983a84e8fb1adece4a09fe9d040fa1734dfd5578af9cb
                • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                • Instruction Fuzzy Hash: 0EE09B31610287E7DF32AA58C541BB6B7A9AF9172CF098075E506AF691D660DC46C3D0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C4710, Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                • Instruction ID: fc80a371ecbc5100055f2fc081bb11d4638e414193c2aa4275ecde912a0069e3
                • Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                • Instruction Fuzzy Hash: 7CF02B76204305DFDB06CF1AD050AA53BE9EB56764F01046DED568B361E731EC41CB44
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013BE760, Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f64c8f383c118cf011026271c50cd0ab268eb2e2de256cf27d044f676074c7ac
                • Instruction ID: ca16dc39112661822f553f16adb50841322df28c97ff20a3005133b4da3c7f8e
                • Opcode Fuzzy Hash: f64c8f383c118cf011026271c50cd0ab268eb2e2de256cf27d044f676074c7ac
                • Instruction Fuzzy Hash: 61F0A0B2514384DEE733DB2ED144B627BD89B44374F088477D60597AB2C674D880C260
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D5C70, Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
                • Instruction ID: 83fc0cb5294063c437b2719c4f9a028eb9f18e202176c67cfb0f5497e3c6661e
                • Opcode Fuzzy Hash: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
                • Instruction Fuzzy Hash: C5E04F72100349AFFF11DB49E544F253FB9BB54728F04C119A6198B561C774D984CB45
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C3F33, Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4428fb0d4978fb97143e39d1419684a212e30d59945572cb1b0c1ce781f79812
                • Instruction ID: 59ebdf1eb6ac0caa7f1fb28501006c5f22fa95f58be7e7ba8f064c2e9971a92d
                • Opcode Fuzzy Hash: 4428fb0d4978fb97143e39d1419684a212e30d59945572cb1b0c1ce781f79812
                • Instruction Fuzzy Hash: 16E0203355424A57D7229618C58271537FCF751F5CF10CC2DE485CF442D264ED89C784
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013AFF60, Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c066f65f96b729fa6ae4f357d46dfbfca9b1b878a03b6938477c94e53c09d744
                • Instruction ID: deb395baaa40c3a4ed72f16c2bbbdcbeca1b0ac35bf7102bdbafe78b39e9934f
                • Opcode Fuzzy Hash: c066f65f96b729fa6ae4f357d46dfbfca9b1b878a03b6938477c94e53c09d744
                • Instruction Fuzzy Hash: 2CE0DFB12053049FD739DB5AE0C0F2D3BACDB5262DF59801EE0084B502C621D888C286
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014241E8, Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67a8397325790fb0194adc8625b4d4d3ec2a4a062e59ea17abf1b18c7d1dce47
                • Instruction ID: 4c103e123a573d637a93bd2113b48cfb92439827d1a7902b4ffc17eb0f24ae8d
                • Opcode Fuzzy Hash: 67a8397325790fb0194adc8625b4d4d3ec2a4a062e59ea17abf1b18c7d1dce47
                • Instruction Fuzzy Hash: 3BF0FB78861712CECBB0FBAA990470CBAB4F755BA4FD4412ED104872A8C73448A0CF11
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0144D380, Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                • Instruction ID: 370242fd1caae7b6813ac4c29c58c6a1cbe0f6fde4a9db8e6be494439514f95f
                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                • Instruction Fuzzy Hash: C8E0C231284245FBEF225E88CC00FB97B16DF60BA4F104032FE085EBA1C6719C92D6C4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01392CDB, Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                • Instruction ID: 96b96985d689860dd9fd70f87c33a2165034de89e7dc56a7b4f6917dc19b131c
                • Opcode Fuzzy Hash: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                • Instruction Fuzzy Hash: 13E08C32040A50FFDF322A28EC04F9276AABB50718F100539F181059E49AB09C81CB40
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013CA185, Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 384c786df669ad0e7bfee6056ed47ee55726fa867880bab85008f5a5f3742dac
                • Instruction ID: 7f6ab942e210ea4bf6cbbc06a15546d44c61b0668d96e9cfb096949978496421
                • Opcode Fuzzy Hash: 384c786df669ad0e7bfee6056ed47ee55726fa867880bab85008f5a5f3742dac
                • Instruction Fuzzy Hash: 6ED0C7A12310041AC72D33149894B2A3222F7C0E68F26080EF2070B9B0FA708CD08249
                Uniqueness

                Uniqueness Score: -1.00%

                Function 014153CA, Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                • Instruction ID: 1a11356ddbf8c4bab310a83f1df2c01434386fce75e27900f68b942c0f38a7d4
                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                • Instruction Fuzzy Hash: 61E08C31A046849BCF12DB4CC690F9EBBF5FB85B00F140015A1085F770C634AC00CB00
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013AAAB0, Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                • Instruction ID: 6be8139ee1b3c40c13b25341ae58187a51ad354e34c0470d4e664a07bc4082ad
                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                • Instruction Fuzzy Hash: 8AD0E935352A80CFE617CF5DC568B1577A4FB44B44FC504A4E505CB762E62CDD44CA10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C35A1, Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                • Instruction ID: 5d0b069b64baceeb7709bc51451be2f9c445378b39e4f02390e06006a47edd2c
                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                • Instruction Fuzzy Hash: BBD02231402185DEEB02EB18C22876C3BB2FF20A0CF98A06DC00206952CB3A4E0ED700
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139DB40, Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                • Instruction ID: 1419cbd4f584336f2157256ca9afc322984bfbb317e44021abc417ec23c59a5a
                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                • Instruction Fuzzy Hash: D6C08C30290A01AAEB221F24CD02B403AA0BB10B09F4400A06301DA4F0EB7CD801E600
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0141A537, Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                • Instruction ID: c7a651a19aa8cda97766b4d301ea431a0119a71469b16e0f563e38aa5178b179
                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                • Instruction Fuzzy Hash: D6C01232180248BBCB126E85CC01F46BB2AEBA4B60F008010BA080A9608632E970EA84
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013B3A1C, Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                • Instruction ID: 7d3a01d64a2b763cfe1021cfa837a534d39336dc67cadaa7b348a9a7242b1db8
                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                • Instruction Fuzzy Hash: DBC08C32080248BBC7126E45DC00F017B29E7A0B60F000020B7040A9618536EC60D58C
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0139AD30, Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                • Instruction ID: bfb1d7135f69037fc567a6cdb4797184dd1017fba4e14f7a7da3c43532a1743f
                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                • Instruction Fuzzy Hash: D0C08C32080288BBC7126A49CD41F117B29E7A0B60F000020B6040AAA18932E861D588
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C4190, Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                • Instruction ID: 118f0a1accf9bc455fe1bb519aaeec25e2196fb02c949c48e874a7aa69f41288
                • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                • Instruction Fuzzy Hash: 5BC04C357115418FCF16CB2EC2C4F5637E4F784784F1608A0E905CBB71E634E850CA10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 01448D47, Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                • Instruction ID: 347d637a9891cfe443f96fff4843c4d51a2722b6047f7b7af05d342424f81473
                • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                • Instruction Fuzzy Hash: 3EC09B1F1566C54EDD279F3443127D5BF60D7429D0F1D14C2D4D12F623C1244513D625
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013B7D50, Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                • Instruction ID: 63884dbc238ecd5c3d33e561acaa0dc148295b7db9604ad32a00dbf6206e51ab
                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                • Instruction Fuzzy Hash: 26B092353019408FCF16DF18C080B5533E4FB84A84B8400D8E400CBA21E229E8008900
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013C2ACB, Relevance: .0, Instructions: 5COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                • Instruction ID: 0c1ee06cf1ca25a396c014618e2609ca3e57ed0e0f3aa5f1f7a1fde5406c7bb4
                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                • Instruction Fuzzy Hash: 22B01232C11441CFCF02EF44C620B197331FB00750F0544A0900127A30C228AC01DB40
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9910, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 461a4592f909a1cda4ee7da7fef4c858d1de769fe95aa7533205a82dc2a6a531
                • Instruction ID: 4b772ab6d8b5a3f5d7ef0897819c551689523ff7e3015a7b39d1530bb95cd94b
                • Opcode Fuzzy Hash: 461a4592f909a1cda4ee7da7fef4c858d1de769fe95aa7533205a82dc2a6a531
                • Instruction Fuzzy Hash: FB9002B520111402D540719944087560045A7D0385F51C021A9054558EC6998DE976A5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9950, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2da745b227ec75705e175b2d8346b54110672764f4c885cbb17efb8321bf92d1
                • Instruction ID: 22df15bcb3b033422eae32c5913096ec78320d8d33bf7f3815cd21b047f89f37
                • Opcode Fuzzy Hash: 2da745b227ec75705e175b2d8346b54110672764f4c885cbb17efb8321bf92d1
                • Instruction Fuzzy Hash: 549002A520151403D540659948086170045A7D0386F51C021A6054559ECA698C657175
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D99A0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b028fea2fc2512df02d519b234a0f115c08637898912a917ea8a8478708062c
                • Instruction ID: a8f133c23790eb3bdbbd30216eab3d0cb634fdb710218b7a6350e899f0f9a09f
                • Opcode Fuzzy Hash: 6b028fea2fc2512df02d519b234a0f115c08637898912a917ea8a8478708062c
                • Instruction Fuzzy Hash: A19002A534111442D50061994418B160045E7E1385F51C025E5054558DC659CC667166
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D99D0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ee0fe9fd814572da9af165e314c12b1dd118a2229c45ed7fe790b15df4e8b70
                • Instruction ID: 5b6ae5d276c6250b6d7802c7d77f6d92da7525bba2dda5e2fe20f9fcd534e878
                • Opcode Fuzzy Hash: 4ee0fe9fd814572da9af165e314c12b1dd118a2229c45ed7fe790b15df4e8b70
                • Instruction Fuzzy Hash: 969002A521111042D504619944087160085A7E1285F51C022A6144558CC5698C756165
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9820, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a409e7a8ca1f107a939e0861b03be37af4484dbc99908352b7e328bed2220c87
                • Instruction ID: 37f25cf9877ea95fcda506b7edc9c29b431fdd68cc7ee689fe4c14fa15aaa323
                • Opcode Fuzzy Hash: a409e7a8ca1f107a939e0861b03be37af4484dbc99908352b7e328bed2220c87
                • Instruction Fuzzy Hash: 9590027524111402D541719944086160049B7D02C5F91C022A4414558EC6958A6ABAA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013DB040, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6aaeecef0b758dd73498923c939d4be14722610d85a808206ad9737ffe287a10
                • Instruction ID: a122ed19e2f8c76e6c0eb4155fef516c40e8a80cd3579ec088d5a995fc2ec15a
                • Opcode Fuzzy Hash: 6aaeecef0b758dd73498923c939d4be14722610d85a808206ad9737ffe287a10
                • Instruction Fuzzy Hash: 169002A5601250438940B19948084165055B7E1385391C131A4444564CC6A88869A2A5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9840, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6944a38e59b9ca9bb5efb4f7d811918c5120d2ac019e064525b10e214d05faa4
                • Instruction ID: a6dd4bfe671eade1ac0013e914f7229a929586e72e069ebab2d8cecc43f24813
                • Opcode Fuzzy Hash: 6944a38e59b9ca9bb5efb4f7d811918c5120d2ac019e064525b10e214d05faa4
                • Instruction Fuzzy Hash: C6900265242151529945B19944085174046B7E02C5791C022A5404954CC566986AE661
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D98A0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 571973355f445c07e2001520610a057bfc5da22ca6eb70f22692f89612fdfa25
                • Instruction ID: e87bd1fe86a190c202bfdbcf0a547441a10c32f51722748e69c2b8a3ff035885
                • Opcode Fuzzy Hash: 571973355f445c07e2001520610a057bfc5da22ca6eb70f22692f89612fdfa25
                • Instruction Fuzzy Hash: 1190026530111402D502619944186160049E7D13C9F91C022E5414559DC6658967B172
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D98F0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 79b46ef5b5895a8213b590b9f49715eb8b21c10cb681e019a6f34f12bb471610
                • Instruction ID: 38649284f61deaef41cf7f79c823749c12043f255cc80a695f13671281e58920
                • Opcode Fuzzy Hash: 79b46ef5b5895a8213b590b9f49715eb8b21c10cb681e019a6f34f12bb471610
                • Instruction Fuzzy Hash: A690026560111502D50171994408626004AA7D02C5F91C032A5014559ECA6589A6B171
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9B00, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 75b720926a9077096ed4cce9e86e8aff02754f664c2e5bd45b84dc01c16c59fb
                • Instruction ID: bb9c4c8cecc72ce0a0c8878ad7322ba03933f94049d00c4ad05563eff127f1f7
                • Opcode Fuzzy Hash: 75b720926a9077096ed4cce9e86e8aff02754f664c2e5bd45b84dc01c16c59fb
                • Instruction Fuzzy Hash: 9390026524111802D540719984187170046E7D0685F51C021A4014558DC656897976F1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013DA3B0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9b7872457d46f050c9ca3831549d396c638cc8c34103431fef35f2fa342b178
                • Instruction ID: 3809bc20b938cc21e86dfce8b0f69a0a2e18fa6250b477af7c05d19be6bfa056
                • Opcode Fuzzy Hash: f9b7872457d46f050c9ca3831549d396c638cc8c34103431fef35f2fa342b178
                • Instruction Fuzzy Hash: FB90027520155002D5407199844861B5045B7E0385F51C421E4415558CC655886AA261
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9A20, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d21e362fdcf1447878453445bd7273230cf1a6ca1c0dcee43cb7445b24c4233
                • Instruction ID: 53b7feb54dfd1d91358ad1d9a6cb51183ab3db036a221ddc49e7763e8fb7f80a
                • Opcode Fuzzy Hash: 6d21e362fdcf1447878453445bd7273230cf1a6ca1c0dcee43cb7445b24c4233
                • Instruction Fuzzy Hash: BF90026560111042854071A988489164045BBE1295751C131A4988554DC599887966A5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9A10, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9be6732c325b225e3b70d204134227ef81ebed7bcf223939d62ae453773200bb
                • Instruction ID: 258ae58b922e213b17fe491e4dd71131ca51f2953988db4c1f108d87a3413613
                • Opcode Fuzzy Hash: 9be6732c325b225e3b70d204134227ef81ebed7bcf223939d62ae453773200bb
                • Instruction Fuzzy Hash: 0290027520151402D5006199480C7570045A7D0386F51C021A9154559EC6A5C8A57571
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9A00, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e001e28c9ed9b31b68449c8b289cc0ac8201dad5bdb38d92213491e019e729ae
                • Instruction ID: 1ac2d0efb2673c0ac21391d15da0302bc720a6ade244eef837248db8a20e87db
                • Opcode Fuzzy Hash: e001e28c9ed9b31b68449c8b289cc0ac8201dad5bdb38d92213491e019e729ae
                • Instruction Fuzzy Hash: 7890027520151402D5006199481871B0045A7D0386F51C021A5154559DC665886575B1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9A50, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f6363d61e0730540ce4a72b162f739702807764f338183cc659c96a03d6c496d
                • Instruction ID: 8693e597715f1cb171251c3b9170d86e1084f05e40ff96c249d9711ded6ca3da
                • Opcode Fuzzy Hash: f6363d61e0730540ce4a72b162f739702807764f338183cc659c96a03d6c496d
                • Instruction Fuzzy Hash: 6490026521191042D60065A94C18B170045A7D0387F51C125A4144558CC95588756561
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9A80, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 871e12d38eedd85fe8371db35baac793cc843c1ea6ca6cb32a362afe996b17fd
                • Instruction ID: 2c802b52bba8e9b782e802c3afeaf7cc528ed3478e3915b6f4b842165eda986c
                • Opcode Fuzzy Hash: 871e12d38eedd85fe8371db35baac793cc843c1ea6ca6cb32a362afe996b17fd
                • Instruction Fuzzy Hash: 8490026520155442D54062994808B1F4145A7E1286F91C029A8146558CC95588696761
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013DAD30, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c77058e5b8b81aee1b9b4895a4dbfbdfb639b75070950082af412486947ef60
                • Instruction ID: 798d294b7aeaecc910229897718f5a69d84d3014edd281398923dbfe61d27ca2
                • Opcode Fuzzy Hash: 7c77058e5b8b81aee1b9b4895a4dbfbdfb639b75070950082af412486947ef60
                • Instruction Fuzzy Hash: 01900275A0511012D540719948186564046B7E07C5B55C021A4504558CC9948A6963E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9520, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e57c92e2d9b3da0d299be1752e0437fdac7ddf1f26a44fca61ec398076a4d9f0
                • Instruction ID: cf783a5ff01c18152dd5b7789de9cfb03e70a4775b85710775e6053983466cf1
                • Opcode Fuzzy Hash: e57c92e2d9b3da0d299be1752e0437fdac7ddf1f26a44fca61ec398076a4d9f0
                • Instruction Fuzzy Hash: 479002E5201250928900A2998408B1A4545A7E0285B51C026E5044564CC5658865A175
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9560, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aee09116e4069ac820d061291abfeae1fa1b1be4fdf21b2f50c6bb245e54175f
                • Instruction ID: 1731f0c93fb95de090a53d3704cce8ba098694c33ae4ddada78bb7ebfe084f69
                • Opcode Fuzzy Hash: aee09116e4069ac820d061291abfeae1fa1b1be4fdf21b2f50c6bb245e54175f
                • Instruction Fuzzy Hash: 0A900269221110024545A599060851B0485B7D63D5391C025F5406594CC66188796361
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9540, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10bfe9454b08e835b8a78097c44c8a2f34a1812df0dd84c7dec95a6a61fa61ea
                • Instruction ID: f805fbdb93d93e41bde35abdcbac4966c02384d29e0f35e64a2b5db3298f3f6e
                • Opcode Fuzzy Hash: 10bfe9454b08e835b8a78097c44c8a2f34a1812df0dd84c7dec95a6a61fa61ea
                • Instruction Fuzzy Hash: 51900269211110034505A59907085170086A7D53D5351C031F5005554CD66188756161
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D95F0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30d4f05eccfd374b26d1b0db3aef93655fc2a4bb03a54dfc4b3dea9d7f27490d
                • Instruction ID: d19ac1db1819af415a12a96accb97c8f38fcd354ad70cc93264eccdb25d792a1
                • Opcode Fuzzy Hash: 30d4f05eccfd374b26d1b0db3aef93655fc2a4bb03a54dfc4b3dea9d7f27490d
                • Instruction Fuzzy Hash: F490027520111802D504619948086960045A7D0385F51C021AA014659ED6A588A57171
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D95D0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc4e091b7d5a22ffb21a2285a3c6c724b08a5304276f2f9e5d2f281db5d83cb9
                • Instruction ID: 3fa1163f2dcba9b81cccd4b7379a101c77719a9f52620782bb7a5147e8da97bb
                • Opcode Fuzzy Hash: cc4e091b7d5a22ffb21a2285a3c6c724b08a5304276f2f9e5d2f281db5d83cb9
                • Instruction Fuzzy Hash: DF9002A520211003850571994418626404AA7E0285B51C031E5004594DC56588A57165
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9730, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff482639482d5dd2134ac6a5069d48723f7942b33d346851b77142462d663491
                • Instruction ID: beb821aef840e6563435dbe3c49246e4a4fdb0cc47dd71dd53a3c15822ce5f97
                • Opcode Fuzzy Hash: ff482639482d5dd2134ac6a5069d48723f7942b33d346851b77142462d663491
                • Instruction Fuzzy Hash: 1390026560511402D5407199541C7160055A7D0285F51D021A4014558DC6998A6976E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9710, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28b4b12c8e9cb4b080a6317f02c458a7aca912ccc80f4541b3846deaf3ce259b
                • Instruction ID: 245557828ab2fba7f1cda1e328739a7fa81176b3331dcccf6a71c8fe92e756bc
                • Opcode Fuzzy Hash: 28b4b12c8e9cb4b080a6317f02c458a7aca912ccc80f4541b3846deaf3ce259b
                • Instruction Fuzzy Hash: 9690027520111402D50065D9540C6560045A7E0385F51D021A9014559EC6A588A57171
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013DA710, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c01e5edf38f58cbdf7773f36485be80ad1287815d598ab4bdf7f84cf96f69733
                • Instruction ID: 50e339a8f1f58d0d2ca4bf79625abbde1991f03b469a39b894f29655ec0e344d
                • Opcode Fuzzy Hash: c01e5edf38f58cbdf7773f36485be80ad1287815d598ab4bdf7f84cf96f69733
                • Instruction Fuzzy Hash: FF90027530111052D900A6D95808A5A4145A7F0385B51D025A8004558CC59488756161
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013DA770, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1867613ddb36bc9657c2b04fdb30a7ecb1b7d8a2728abb2a19efc54974e2269
                • Instruction ID: 6b22ada1a479bc25f4d322c95fa5792e18b8cac9a42b3ad3d01a8dc7e1f67d7d
                • Opcode Fuzzy Hash: a1867613ddb36bc9657c2b04fdb30a7ecb1b7d8a2728abb2a19efc54974e2269
                • Instruction Fuzzy Hash: 3F90027920515442D90065995808A970045A7D0389F51D421A441459CDC6948875B161
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9770, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 205758d15c18449f48a05dfd087152c8d7c6c69b21d5ca7075d8fae07bef1a28
                • Instruction ID: d97b1a26730569d2be0c8a6c64d07f57fccc2d77cb6129bd0f2fe0d551f81f9d
                • Opcode Fuzzy Hash: 205758d15c18449f48a05dfd087152c8d7c6c69b21d5ca7075d8fae07bef1a28
                • Instruction Fuzzy Hash: 4690026520515442D5006599540CA160045A7D0289F51D021A5054599DC6758865B171
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9760, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 921e3709afbdeb6f76ba105bc99b05ce24f89c29f49f802badbf95cc7a279efd
                • Instruction ID: 042d23b78ea07795a63e616d709538f9acf24838b4a443345d7e10fa84883dac
                • Opcode Fuzzy Hash: 921e3709afbdeb6f76ba105bc99b05ce24f89c29f49f802badbf95cc7a279efd
                • Instruction Fuzzy Hash: 3B90027520111403D5006199550C7170045A7D0285F51D421A441455CDD69688657161
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D97A0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62d4a50cfc9d287eb9fc26d92b5dd7fef558474bac2829094de857e62a616dc6
                • Instruction ID: d9798eeff67615ed84f0ccb1159070ff02a01d54c1897a0e9fd0f3989c1228dc
                • Opcode Fuzzy Hash: 62d4a50cfc9d287eb9fc26d92b5dd7fef558474bac2829094de857e62a616dc6
                • Instruction Fuzzy Hash: E290026530111003D5407199541C6164045F7E1385F51D021E4404558CD955886A6262
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9780, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c68a423ec24d16599293cbefedd47fbf63b98322fe4c5d609c54cbfca0b50f4
                • Instruction ID: 12f873966a0af6d26511978f26860421a1ba69c7f02aacc542a274095ae28d51
                • Opcode Fuzzy Hash: 9c68a423ec24d16599293cbefedd47fbf63b98322fe4c5d609c54cbfca0b50f4
                • Instruction Fuzzy Hash: AB90026D21311002D5807199540C61A0045A7D1286F91D425A400555CCC955887D6361
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9FE0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2ea56905c8b883c79d8c755475589fe470b4626a2ed2ebaae86707403655a114
                • Instruction ID: 115f9ebe1364984e3807f0dd91b5f83bf568271a937d12047c0aeef017f8d07e
                • Opcode Fuzzy Hash: 2ea56905c8b883c79d8c755475589fe470b4626a2ed2ebaae86707403655a114
                • Instruction Fuzzy Hash: 6590027531125402D510619984087160045A7D1285F51C421A481455CDC6D588A57162
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9610, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a91349fabc6d235e0595295ad3849b721529a7ce8ec3f28444865332bba85929
                • Instruction ID: c1781993b34cbf8833903c91bfa1cd335003e9e9c708fbffb1074a541b3cdf90
                • Opcode Fuzzy Hash: a91349fabc6d235e0595295ad3849b721529a7ce8ec3f28444865332bba85929
                • Instruction Fuzzy Hash: DF90027560511802D550719944187560045A7D0385F51C021A4014658DC7958A6976E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9650, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 79880c3bca36090331af103af08079b43c9aae34465b71b601cada093b022756
                • Instruction ID: 3d8467caefcd20f398ab0c2b71079e7f3162275aec5e289055b605721ab164d4
                • Opcode Fuzzy Hash: 79880c3bca36090331af103af08079b43c9aae34465b71b601cada093b022756
                • Instruction Fuzzy Hash: C490027520515842D54071994408A560055A7D0389F51C021A4054698DD6658D69B6A1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D96D0, Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aa1fe11a7e6804c3483499a7769acc8adb1e1fd9dbab3cfd0ed3491c3e2eadb4
                • Instruction ID: a1315e04495729e07ce651145a76466b486abe53e8f4676a94e672a5572116ae
                • Opcode Fuzzy Hash: aa1fe11a7e6804c3483499a7769acc8adb1e1fd9dbab3cfd0ed3491c3e2eadb4
                • Instruction Fuzzy Hash: EB90027520111842D50061994408B560045A7E0385F51C026A4114658DC655C8657561
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013D9670, Relevance: .0, Instructions: 2COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 8e197088eacee50cd3494091920253b0a563096b8c75fe38afe3809ddf3cab86
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Uniqueness

                Uniqueness Score: -1.00%

                Function 013940FD, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195COMMON
                Download Yara Rule
                C-Code - Quality: 63%
                			E013940FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x148d360 ^ _t107;
				_v8 =  *0x148d360 ^ _t107;
				_t105 = __ecx;
				if( *0x14884d4 == 0) {
					L5:
					return E013DB640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E013AE9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E013942EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E013941EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E013D96C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E0139429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E01425720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E013DFA60( &_v548, 0, 0x214);
						_t106 =  *0x14884d4;
						_t110 = _t108 + 0x20;
						 *0x148b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x14884d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E013DB75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E01425720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E013E1480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E01425720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E013E1150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E01425720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E01413E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E01425720();
						goto L15;
					}
					L8:
					_t56 = E013941F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                0x0139410d
                0x0139410f
                0x0139411c
                0x0139411e
                0x01394158
                0x01394168
                0x01394168
                0x01394126
                0x01394130
                0x0139413c
                0x013f04a2
                0x01394142
                0x0139414b
                0x0139414b
                0x0139414f
                0x0139416b
                0x01394171
                0x01394176
                0x01394178
                0x013941d0
                0x013941d2
                0x013941d3
                0x013941a7
                0x013941ae
                0x013941b0
                0x013941db
                0x013941b2
                0x013941b8
                0x013941bf
                0x013941c1
                0x013941c1
                0x013941c1
                0x013941c3
                0x013941c5
                0x013941df
                0x013941e2
                0x013941e2
                0x013941c7
                0x013941c9
                0x013f0628
                0x013f0628
                0x013f0630
                0x013f0631
                0x013f0633
                0x013f0635
                0x013f0635
                0x00000000
                0x013941c9
                0x0139417d
                0x01394183
                0x01394189
                0x0139418e
                0x01394190
                0x013f04a9
                0x013f04af
                0x00000000
                0x00000000
                0x013f04b5
                0x013f04c8
                0x013f04d5
                0x013f04e5
                0x013f04ea
                0x013f04f6
                0x013f0518
                0x013f051e
                0x013f0520
                0x013f0522
                0x00000000
                0x00000000
                0x013f0528
                0x013f052e
                0x013f0530
                0x00000000
                0x00000000
                0x013f053b
                0x013f053d
                0x00000000
                0x00000000
                0x013f0545
                0x013f054c
                0x013f054e
                0x013f0623
                0x00000000
                0x013f0623
                0x013f0556
                0x013f0557
                0x013f056f
                0x013f0574
                0x013f0583
                0x013f058a
                0x013f058b
                0x013f058d
                0x013f05b5
                0x013f05c0
                0x013f05c6
                0x013f05c8
                0x013f05cb
                0x013f05cd
                0x013f05d3
                0x013f05d5
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x013f05db
                0x013f05db
                0x013f05e3
                0x013f05e7
                0x013f05e9
                0x013f05eb
                0x013f05ed
                0x013f05ed
                0x013f05fa
                0x013f05ff
                0x013f0606
                0x013f060b
                0x013f060d
                0x00000000
                0x00000000
                0x013f0613
                0x013f0613
                0x013f0616
                0x013f0616
                0x00000000
                0x013f061e
                0x013f058f
                0x013f0594
                0x013f0596
                0x013f0598
                0x00000000
                0x013f059d
                0x01394196
                0x01394198
                0x0139419d
                0x0139419f
                0x00000000
                0x00000000
                0x013941a1
                0x00000000
                0x01394151
                0x01394151
                0x01394151
                0x00000000
                0x01394151

                Strings
                • ExecuteOptions, xrefs: 013F050A
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 013F0566
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 013F04BF
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 013F05F1
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 013F058F
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 013F05AC
                • Execute=1, xrefs: 013F057D
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 52055c30be5639cf610d82dd0c8b90bccb85ac22b762cd7e199588355c94380d
                • Instruction ID: 18c7ab42e065c878a3c1171439624ac06a3b5026be554d0f337a261f59f64368
                • Opcode Fuzzy Hash: 52055c30be5639cf610d82dd0c8b90bccb85ac22b762cd7e199588355c94380d
                • Instruction Fuzzy Hash: 1A614B7170021ABAEF209A59ED85FE977ADEF2471CF04009DE605A7291DB70DE42CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0142FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0142FDFA
                Strings
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0142FE2B
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0142FE01
                Memory Dump Source
                • Source File: 00000002.00000002.224505859.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: true
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                • API String ID: 885266447-3903918235
                • Opcode ID: f8513e4fa7407004b2aeeb30c2f86d8b12d76704bd3d95e538dad52d3a29ba48
                • Instruction ID: 6850e48fa5479bb9ab6f581ee397a97761d881f5a6bc33b9a15290538dbe7fef
                • Opcode Fuzzy Hash: f8513e4fa7407004b2aeeb30c2f86d8b12d76704bd3d95e538dad52d3a29ba48
                • Instruction Fuzzy Hash: 26F0C8721402117BD6211A46DC01E737B6ADB54B30F540219F618561E1D962A860D6A0
                Uniqueness

                Uniqueness Score: -1.00%