Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.Packed2.42850.4964.3326

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.Packed2.42850.4964.3326 (renamed file extension from 3326 to exe)
Analysis ID:356696
MD5:2201881c6cc2de12c71f906e43178ef9
SHA1:2b494db5e52b74df25ff068d0d2a3295aae4f658
SHA256:945ebbaf8c08902ed75eb98f5cabd2dbd88708c1aac37a35762db091c1ce0476
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.aone223.com/67d/"], "decoy": ["initiationportal.com", "priority1fleet.com", "xn--c1abvlc0ba.xn--p1acf", "foto-golyh-devushek.com", "losangeles-nightlife.com", "mynewbandname.com", "iaiibhzsbw.net", "allwest-originals.com", "peakofgoodlife.com", "traeespana.com", "prizotinstagram.online", "powerd.net", "rutharroyo.com", "spreadtheaimee.com", "tomleefamily.com", "workingcompass.net", "quallateematerial.com", "davizion.com", "ashleeramdanfit.com", "gamers-evolution.com", "bohrabiz.com", "twigandbloomfloral.com", "nhdpartners.com", "wakedcma.com", "algulotomotiv.com", "kocaelikiralikvinc.com", "listenupfoundation.net", "studiozetamilano.com", "luckybluebird.net", "xigo100.com", "hattonpalacejewellery.com", "bolsasmariabonita.com", "didierjammet.com", "wndslve.com", "wiprideinc.com", "aktiv.plus", "americanseniorcarecorp.com", "calmbears.com", "gearsevenfitness.com", "naigves.com", "stremate.webcam", "awakenedbyowls.com", "pelican-foot.com", "t-c-o-t-c.com", "disinfectingcinci.com", "buyrealestatewithchris.com", "g-grid.net", "dodadungthongminh.asia", "prospect300.com", "rjutilities.com", "mylegalmavens.com", "talalmando.com", "localheroes.space", "writinglover.site", "brink100.com", "bim3dstudio.com", "absak-lab1.net", "torontodo.com", "repwebtools.com", "films4christians.com", "raptorroofingcompany.com", "lrrestoration.com", "zhongqinglvyou.com", "jangabeach.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x13a6f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x13a962:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x166d18:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x166f82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146485:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x172aa5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x145f71:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x172591:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x146587:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x172ba7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1466ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x172d1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x13b37a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x16799a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1451ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x17180c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x13c073:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x168693:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x14c127:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x178747:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x14d12a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 1 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x183f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1850c:$sqlite3step: 68 34 1C 7B E1
        • 0x18428:$sqlite3text: 68 38 2A 90 C5
        • 0x1854d:$sqlite3text: 68 38 2A 90 C5
        • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
        5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 4 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.aone223.com/67d/"], "decoy": ["initiationportal.com", "priority1fleet.com", "xn--c1abvlc0ba.xn--p1acf", "foto-golyh-devushek.com", "losangeles-nightlife.com", "mynewbandname.com", "iaiibhzsbw.net", "allwest-originals.com", "peakofgoodlife.com", "traeespana.com", "prizotinstagram.online", "powerd.net", "rutharroyo.com", "spreadtheaimee.com", "tomleefamily.com", "workingcompass.net", "quallateematerial.com", "davizion.com", "ashleeramdanfit.com", "gamers-evolution.com", "bohrabiz.com", "twigandbloomfloral.com", "nhdpartners.com", "wakedcma.com", "algulotomotiv.com", "kocaelikiralikvinc.com", "listenupfoundation.net", "studiozetamilano.com", "luckybluebird.net", "xigo100.com", "hattonpalacejewellery.com", "bolsasmariabonita.com", "didierjammet.com", "wndslve.com", "wiprideinc.com", "aktiv.plus", "americanseniorcarecorp.com", "calmbears.com", "gearsevenfitness.com", "naigves.com", "stremate.webcam", "awakenedbyowls.com", "pelican-foot.com", "t-c-o-t-c.com", "disinfectingcinci.com", "buyrealestatewithchris.com", "g-grid.net", "dodadungthongminh.asia", "prospect300.com", "rjutilities.com", "mylegalmavens.com", "talalmando.com", "localheroes.space", "writinglover.site", "brink100.com", "bim3dstudio.com", "absak-lab1.net", "torontodo.com", "repwebtools.com", "films4christians.com", "raptorroofingcompany.com", "lrrestoration.com", "zhongqinglvyou.com", "jangabeach.com"]}
          Multi AV Scanner detection for domain / URLShow sources
          Source: www.aone223.com/67d/Virustotal: Detection: 6%Perma Link
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeVirustotal: Detection: 19%Perma Link
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeReversingLabs: Detection: 25%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Compliance:

          barindex
          Uses 32bit PE filesShow sources
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Binary contains paths to debug symbolsShow sources
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.697724037.00000000012AF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 4x nop then pop esi5_2_004172D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 4x nop then pop edi5_2_00416C8C

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.aone223.com/67d/
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://code.google.com/feeds/p/topicalmemorysystem/downloads/basic.xml
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://code.google.com/p/topicalmemorysystem/
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://topicalmemorysystem.googlecode.com/files/
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.biblegateway.com/passage/?search=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.biblija.net/biblija.cgi?m=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.blueletterbible.org/Bible.cfm?b=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.esvstudybible.org/search?q=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.esvstudybible.org/search?q=Whttp://www.blueletterbible.org/Bible.cfm?b=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695420401.00000000012AB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419D50 NtCreateFile,5_2_00419D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419E00 NtReadFile,5_2_00419E00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419E80 NtClose,5_2_00419E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419F30 NtAllocateVirtualMemory,5_2_00419F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419D4A NtCreateFile,5_2_00419D4A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419DFA NtReadFile,5_2_00419DFA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419E4B NtReadFile,5_2_00419E4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419E7A NtClose,5_2_00419E7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419F2B NtAllocateVirtualMemory,5_2_00419F2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9860 NtQuerySystemInformation,LdrInitializeThunk,5_2_011F9860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_011F9660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F96E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_011F96E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9910 NtAdjustPrivilegesToken,5_2_011F9910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9950 NtQueueApcThread,5_2_011F9950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F99A0 NtCreateSection,5_2_011F99A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F99D0 NtCreateProcessEx,5_2_011F99D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9820 NtEnumerateKey,5_2_011F9820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FB040 NtSuspendThread,5_2_011FB040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9840 NtDelayExecution,5_2_011F9840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F98A0 NtWriteVirtualMemory,5_2_011F98A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F98F0 NtReadVirtualMemory,5_2_011F98F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9B00 NtSetValueKey,5_2_011F9B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FA3B0 NtGetContextThread,5_2_011FA3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A10 NtQuerySection,5_2_011F9A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A00 NtProtectVirtualMemory,5_2_011F9A00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A20 NtResumeThread,5_2_011F9A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A50 NtCreateFile,5_2_011F9A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A80 NtOpenDirectoryObject,5_2_011F9A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FAD30 NtSetContextThread,5_2_011FAD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9520 NtWaitForSingleObject,5_2_011F9520
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9540 NtReadFile,5_2_011F9540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9560 NtWriteFile,5_2_011F9560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F95D0 NtClose,5_2_011F95D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F95F0 NtQueryInformationFile,5_2_011F95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9710 NtQueryInformationToken,5_2_011F9710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FA710 NtOpenProcessToken,5_2_011FA710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9730 NtQueryVirtualMemory,5_2_011F9730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FA770 NtOpenThread,5_2_011FA770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9770 NtSetInformationFile,5_2_011F9770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9760 NtOpenProcess,5_2_011F9760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9780 NtMapViewOfSection,5_2_011F9780
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F97A0 NtUnmapViewOfSection,5_2_011F97A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9FE0 NtCreateMutant,5_2_011F9FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9610 NtEnumerateValueKey,5_2_011F9610
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9650 NtQueryValueKey,5_2_011F9650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9670 NtQueryInformationProcess,5_2_011F9670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F96D0 NtCreateKey,5_2_011F96D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 0_2_0157D20C0_2_0157D20C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 0_2_0157F2D00_2_0157F2D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 0_2_0157F2C00_2_0157F2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041E0385_2_0041E038
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041D1B25_2_0041D1B2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_004012FC5_2_004012FC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041E2A25_2_0041E2A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00409E2C5_2_00409E2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00409E305_2_00409E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041E7AC5_2_0041E7AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BF9005_2_011BF900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D41205_2_011D4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D29905_2_011D2990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CC1C05_2_011CC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D5_2_011E701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0128E8245_2_0128E824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B68005_2_011B6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012710025_2_01271002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA8305_2_011DA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012820A85_2_012820A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB0905_2_011CB090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A05_2_011E20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012828EC5_2_012828EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F55_2_012760F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E05_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01282B285_2_01282B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA3095_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127231B5_2_0127231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DAB405_2_011DAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125CB4F5_2_0125CB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D33605_2_011D3360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DEB9A5_2_011DEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E138B5_2_011E138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EEBB05_2_011EEBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A5_2_0125EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012623E35_2_012623E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EABD85_2_011EABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01208BE85_2_01208BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127DBD25_2_0127DBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012703DA5_2_012703DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126FA2B5_2_0126FA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB2365_2_011DB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F5_2_01275A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012832A95_2_012832A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012822AE5_2_012822AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127E2C55_2_0127E2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01282D075_2_01282D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B0D205_2_011B0D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D2D505_2_011D2D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01281D555_2_01281D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E25815_2_011E2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D825_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E65A05_2_011E65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012825DD5_2_012825DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CD5E05_2_011CD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C841F5_2_011C841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D24305_2_011D2430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127D4665_2_0127D466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127CC775_2_0127CC77
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB4775_2_011DB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012744965_2_01274496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4CD45_2_011E4CD4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012767E25_2_012767E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01281FF15_2_01281FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0128DFCE5_2_0128DFCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D56005_2_011D5600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D6E305_2_011D6E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127D6165_2_0127D616
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0123AE605_2_0123AE60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01261EB65_2_01261EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: String function: 011BB150 appears 174 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: String function: 01245720 appears 85 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: String function: 0120D08C appears 47 times
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695420401.00000000012AB000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695000293.0000000000B32000.00000002.00020000.sdmpBinary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.702089593.0000000008DC0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.698216795.000000000143F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.696595806.00000000006E2000.00000002.00020000.sdmpBinary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeBinary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal92.troj.evad.winEXE@3/1@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.logJump to behavior
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeVirustotal: Detection: 19%
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeReversingLabs: Detection: 25%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe {path}
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe {path}Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.697724037.00000000012AF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_004168C9 push edi; ret 5_2_00416941
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00416927 push edi; ret 5_2_00416941
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00413A69 push ecx; ret 5_2_00413A6D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041CEF2 push eax; ret 5_2_0041CEF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041CEFB push eax; ret 5_2_0041CF62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041CEA5 push eax; ret 5_2_0041CEF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041CF5C push eax; ret 5_2_0041CF62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00416786 push ecx; retf 5_2_00416798
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0120D0D1 push ecx; ret 5_2_0120D0E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00409A80 rdtsc 5_2_00409A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe TID: 7004Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00409A80 rdtsc 5_2_00409A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9860 NtQuerySystemInformation,LdrInitializeThunk,5_2_011F9860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]5_2_011B9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]5_2_011B9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]5_2_011B9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]5_2_011C0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]5_2_011C0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]5_2_011C0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3138 mov ecx, dword ptr fs:[00000030h]5_2_011B3138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E513A mov eax, dword ptr fs:[00000030h]5_2_011E513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E513A mov eax, dword ptr fs:[00000030h]5_2_011E513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]5_2_011D4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]5_2_011D4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]5_2_011D4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]5_2_011D4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov ecx, dword ptr fs:[00000030h]5_2_011D4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127E962 mov eax, dword ptr fs:[00000030h]5_2_0127E962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B395E mov eax, dword ptr fs:[00000030h]5_2_011B395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B395E mov eax, dword ptr fs:[00000030h]5_2_011B395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288966 mov eax, dword ptr fs:[00000030h]5_2_01288966
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB944 mov eax, dword ptr fs:[00000030h]5_2_011DB944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB944 mov eax, dword ptr fs:[00000030h]5_2_011DB944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB171 mov eax, dword ptr fs:[00000030h]5_2_011BB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB171 mov eax, dword ptr fs:[00000030h]5_2_011BB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271951 mov eax, dword ptr fs:[00000030h]5_2_01271951
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BC962 mov eax, dword ptr fs:[00000030h]5_2_011BC962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]5_2_012749A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]5_2_012749A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]5_2_012749A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]5_2_012749A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012369A6 mov eax, dword ptr fs:[00000030h]5_2_012369A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B519E mov eax, dword ptr fs:[00000030h]5_2_011B519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B519E mov ecx, dword ptr fs:[00000030h]5_2_011B519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8190 mov ecx, dword ptr fs:[00000030h]5_2_011B8190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2990 mov eax, dword ptr fs:[00000030h]5_2_011E2990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4190 mov eax, dword ptr fs:[00000030h]5_2_011E4190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EA185 mov eax, dword ptr fs:[00000030h]5_2_011EA185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]5_2_012351BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]5_2_012351BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]5_2_012351BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]5_2_012351BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0128F1B5 mov eax, dword ptr fs:[00000030h]5_2_0128F1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0128F1B5 mov eax, dword ptr fs:[00000030h]5_2_0128F1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DC182 mov eax, dword ptr fs:[00000030h]5_2_011DC182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EC9BF mov eax, dword ptr fs:[00000030h]5_2_011EC9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EC9BF mov eax, dword ptr fs:[00000030h]5_2_011EC9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E99BC mov eax, dword ptr fs:[00000030h]5_2_011E99BC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127A189 mov eax, dword ptr fs:[00000030h]5_2_0127A189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127A189 mov ecx, dword ptr fs:[00000030h]5_2_0127A189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]5_2_011C61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]5_2_011C61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]5_2_011C61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]5_2_011C61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E61A0 mov eax, dword ptr fs:[00000030h]5_2_011E61A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E61A0 mov eax, dword ptr fs:[00000030h]5_2_011E61A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012441E8 mov eax, dword ptr fs:[00000030h]5_2_012441E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012889E7 mov eax, dword ptr fs:[00000030h]5_2_012889E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]5_2_011C99C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]5_2_011C99C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]5_2_011C99C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]5_2_011C99C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CC1C0 mov eax, dword ptr fs:[00000030h]5_2_011CC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DD1EF mov eax, dword ptr fs:[00000030h]5_2_011DD1EF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]5_2_011BB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]5_2_011BB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]5_2_011BB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B31E0 mov eax, dword ptr fs:[00000030h]5_2_011B31E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov ecx, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov ecx, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]5_2_012731DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]5_2_011E701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]5_2_011E701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]5_2_011E701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]5_2_011E701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]5_2_011E701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]5_2_011E701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]5_2_011B6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]5_2_011B6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]5_2_011B6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]5_2_011DA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]5_2_011DA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]5_2_011DA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]5_2_011DA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]5_2_011E002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]5_2_011E002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]5_2_011E002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]5_2_011E002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]5_2_011E002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]5_2_01237016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]5_2_01237016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]5_2_01237016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]5_2_011CB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]5_2_011CB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]5_2_011CB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]5_2_011CB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01284015 mov eax, dword ptr fs:[00000030h]5_2_01284015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01284015 mov eax, dword ptr fs:[00000030h]5_2_01284015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4020 mov edi, dword ptr fs:[00000030h]5_2_011E4020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]5_2_011B5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]5_2_011B5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]5_2_011B5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B7057 mov eax, dword ptr fs:[00000030h]5_2_011B7057
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D0050 mov eax, dword ptr fs:[00000030h]5_2_011D0050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D0050 mov eax, dword ptr fs:[00000030h]5_2_011D0050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272073 mov eax, dword ptr fs:[00000030h]5_2_01272073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01281074 mov eax, dword ptr fs:[00000030h]5_2_01281074
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271843 mov eax, dword ptr fs:[00000030h]5_2_01271843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DF86D mov eax, dword ptr fs:[00000030h]5_2_011DF86D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9080 mov eax, dword ptr fs:[00000030h]5_2_011B9080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3880 mov eax, dword ptr fs:[00000030h]5_2_011B3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3880 mov eax, dword ptr fs:[00000030h]5_2_011B3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF0BF mov ecx, dword ptr fs:[00000030h]5_2_011EF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF0BF mov eax, dword ptr fs:[00000030h]5_2_011EF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF0BF mov eax, dword ptr fs:[00000030h]5_2_011EF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01233884 mov eax, dword ptr fs:[00000030h]5_2_01233884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01233884 mov eax, dword ptr fs:[00000030h]5_2_01233884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F90AF mov eax, dword ptr fs:[00000030h]5_2_011F90AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]5_2_011C28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]5_2_011C28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]5_2_011C28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov ecx, dword ptr fs:[00000030h]5_2_011C28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]5_2_011C28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]5_2_011C28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]5_2_011E20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]5_2_011E20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]5_2_011E20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]5_2_011E20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]5_2_011E20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]5_2_011E20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]5_2_011E78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B78D6 mov eax, dword ptr fs:[00000030h]5_2_011B78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B78D6 mov eax, dword ptr fs:[00000030h]5_2_011B78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B78D6 mov ecx, dword ptr fs:[00000030h]5_2_011B78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]5_2_012760F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]5_2_012760F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]5_2_012760F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]5_2_012760F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B70C0 mov eax, dword ptr fs:[00000030h]5_2_011B70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B70C0 mov eax, dword ptr fs:[00000030h]5_2_011B70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B0C7 mov eax, dword ptr fs:[00000030h]5_2_0127B0C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B0C7 mov eax, dword ptr fs:[00000030h]5_2_0127B0C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]5_2_011C28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]5_2_011C28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]5_2_011C28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012718CA mov eax, dword ptr fs:[00000030h]5_2_012718CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]5_2_0124B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov ecx, dword ptr fs:[00000030h]5_2_0124B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]5_2_0124B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]5_2_0124B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]5_2_0124B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]5_2_0124B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B58EC mov eax, dword ptr fs:[00000030h]5_2_011B58EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB8E4 mov eax, dword ptr fs:[00000030h]5_2_011DB8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB8E4 mov eax, dword ptr fs:[00000030h]5_2_011DB8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]5_2_011B40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]5_2_011B40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]5_2_011B40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]5_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]5_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]5_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]5_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]5_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]5_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]5_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127131B mov eax, dword ptr fs:[00000030h]5_2_0127131B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]5_2_01246365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]5_2_01246365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]5_2_01246365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BF358 mov eax, dword ptr fs:[00000030h]5_2_011BF358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]5_2_011E3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]5_2_011E3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]5_2_011E3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]5_2_011E3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BDB40 mov eax, dword ptr fs:[00000030h]5_2_011BDB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B7A mov eax, dword ptr fs:[00000030h]5_2_011E3B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B7A mov eax, dword ptr fs:[00000030h]5_2_011E3B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B7B70 mov eax, dword ptr fs:[00000030h]5_2_011B7B70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]5_2_011CF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]5_2_011CF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]5_2_011CF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288B58 mov eax, dword ptr fs:[00000030h]5_2_01288B58
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BDB60 mov ecx, dword ptr fs:[00000030h]5_2_011BDB60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DEB9A mov eax, dword ptr fs:[00000030h]5_2_011DEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DEB9A mov eax, dword ptr fs:[00000030h]5_2_011DEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2397 mov eax, dword ptr fs:[00000030h]5_2_011E2397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01285BA5 mov eax, dword ptr fs:[00000030h]5_2_01285BA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EB390 mov eax, dword ptr fs:[00000030h]5_2_011EB390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271BA8 mov eax, dword ptr fs:[00000030h]5_2_01271BA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B4B94 mov edi, dword ptr fs:[00000030h]5_2_011B4B94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C1B8F mov eax, dword ptr fs:[00000030h]5_2_011C1B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C1B8F mov eax, dword ptr fs:[00000030h]5_2_011C1B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]5_2_011E138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]5_2_011E138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]5_2_011E138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01289BBE mov eax, dword ptr fs:[00000030h]5_2_01289BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288BB6 mov eax, dword ptr fs:[00000030h]5_2_01288BB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126D380 mov ecx, dword ptr fs:[00000030h]5_2_0126D380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127138A mov eax, dword ptr fs:[00000030h]5_2_0127138A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A mov ecx, dword ptr fs:[00000030h]5_2_0125EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]5_2_0125EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]5_2_0125EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]5_2_0125EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]5_2_011E4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]5_2_011E4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]5_2_011E4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012623E3 mov ecx, dword ptr fs:[00000030h]5_2_012623E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012623E3 mov ecx, dword ptr fs:[00000030h]5_2_012623E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012623E3 mov eax, dword ptr fs:[00000030h]5_2_012623E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E53C5 mov eax, dword ptr fs:[00000030h]5_2_011E53C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012353CA mov eax, dword ptr fs:[00000030h]5_2_012353CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012353CA mov eax, dword ptr fs:[00000030h]5_2_012353CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B1BE9 mov eax, dword ptr fs:[00000030h]5_2_011B1BE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DDBE9 mov eax, dword ptr fs:[00000030h]5_2_011DDBE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]5_2_011E03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]5_2_011E03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]5_2_011E03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]5_2_011E03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]5_2_011E03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]5_2_011E03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D3A1C mov eax, dword ptr fs:[00000030h]5_2_011D3A1C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]5_2_011B5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5210 mov ecx, dword ptr fs:[00000030h]5_2_011B5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]5_2_011B5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]5_2_011B5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BAA16 mov eax, dword ptr fs:[00000030h]5_2_011BAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BAA16 mov eax, dword ptr fs:[00000030h]5_2_011BAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271229 mov eax, dword ptr fs:[00000030h]5_2_01271229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C8A0A mov eax, dword ptr fs:[00000030h]5_2_011C8A0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov ecx, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]5_2_011CBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]5_2_011B8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]5_2_011B8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]5_2_011B8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]5_2_011DB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]5_2_011DB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]5_2_011DB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]5_2_011DB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]5_2_011DB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]5_2_011DB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127AA16 mov eax, dword ptr fs:[00000030h]5_2_0127AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127AA16 mov eax, dword ptr fs:[00000030h]5_2_0127AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F4A2C mov eax, dword ptr fs:[00000030h]5_2_011F4A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F4A2C mov eax, dword ptr fs:[00000030h]5_2_011F4A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]5_2_011DA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B4A20 mov eax, dword ptr fs:[00000030h]5_2_011B4A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B4A20 mov eax, dword ptr fs:[00000030h]5_2_011B4A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126B260 mov eax, dword ptr fs:[00000030h]5_2_0126B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126B260 mov eax, dword ptr fs:[00000030h]5_2_0126B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288A62 mov eax, dword ptr fs:[00000030h]5_2_01288A62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]5_2_011B9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]5_2_011B9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]5_2_011B9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]5_2_011B9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F927A mov eax, dword ptr fs:[00000030h]5_2_011F927A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]5_2_01275A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]5_2_01275A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]5_2_01275A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]5_2_01275A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127EA55 mov eax, dword ptr fs:[00000030h]5_2_0127EA55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01244257 mov eax, dword ptr fs:[00000030h]5_2_01244257
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]5_2_011F5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]5_2_011F5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]5_2_011F5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271A5F mov eax, dword ptr fs:[00000030h]5_2_01271A5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011ED294 mov eax, dword ptr fs:[00000030h]5_2_011ED294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011ED294 mov eax, dword ptr fs:[00000030h]5_2_011ED294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EDA88 mov eax, dword ptr fs:[00000030h]5_2_011EDA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EDA88 mov eax, dword ptr fs:[00000030h]5_2_011EDA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E12BD mov esi, dword ptr fs:[00000030h]5_2_011E12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E12BD mov eax, dword ptr fs:[00000030h]5_2_011E12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E12BD mov eax, dword ptr fs:[00000030h]5_2_011E12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CAAB0 mov eax, dword ptr fs:[00000030h]5_2_011CAAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CAAB0 mov eax, dword ptr fs:[00000030h]5_2_011CAAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EFAB0 mov eax, dword ptr fs:[00000030h]5_2_011EFAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B1AA0 mov eax, dword ptr fs:[00000030h]5_2_011B1AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]5_2_011C62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]5_2_011C62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]5_2_011C62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]5_2_011C62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127129A mov eax, dword ptr fs:[00000030h]5_2_0127129A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]5_2_011B52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]5_2_011B52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]5_2_011B52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]5_2_011B52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]5_2_011B52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E5AA0 mov eax, dword ptr fs:[00000030h]5_2_011E5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E5AA0 mov eax, dword ptr fs:[00000030h]5_2_011E5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B12D4 mov eax, dword ptr fs:[00000030h]5_2_011B12D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]5_2_0127B2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]5_2_0127B2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]5_2_0127B2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]5_2_0127B2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3ACA mov eax, dword ptr fs:[00000030h]5_2_011B3ACA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2ACB mov eax, dword ptr fs:[00000030h]5_2_011E2ACB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]5_2_011B5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]5_2_011B5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]5_2_011B5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288ADD mov eax, dword ptr fs:[00000030h]5_2_01288ADD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2AE4 mov eax, dword ptr fs:[00000030h]5_2_011E2AE4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]5_2_011B751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]5_2_011B751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]5_2_011B751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]5_2_011B751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9515 mov ecx, dword ptr fs:[00000030h]5_2_011B9515
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0123A537 mov eax, dword ptr fs:[00000030h]5_2_0123A537
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288D34 mov eax, dword ptr fs:[00000030h]5_2_01288D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127E539 mov eax, dword ptr fs:[00000030h]5_2_0127E539
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125CD04 mov eax, dword ptr fs:[00000030h]5_2_0125CD04
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]5_2_011E4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]5_2_011E4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]5_2_011E4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]5_2_011C3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BAD30 mov eax, dword ptr fs:[00000030h]5_2_011BAD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF527 mov eax, dword ptr fs:[00000030h]5_2_011EF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF527 mov eax, dword ptr fs:[00000030h]5_2_011EF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF527 mov eax, dword ptr fs:[00000030h]5_2_011EF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01273518 mov eax, dword ptr fs:[00000030h]5_2_01273518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01273518 mov eax, dword ptr fs:[00000030h]5_2_01273518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01273518 mov eax, dword ptr fs:[00000030h]5_2_01273518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D7D50 mov eax, dword ptr fs:[00000030h]5_2_011D7D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F4D51 mov eax, dword ptr fs:[00000030h]5_2_011F4D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F4D51 mov eax, dword ptr fs:[00000030h]5_2_011F4D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B354C mov eax, dword ptr fs:[00000030h]5_2_011B354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B354C mov eax, dword ptr fs:[00000030h]5_2_011B354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F3D43 mov eax, dword ptr fs:[00000030h]5_2_011F3D43
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01268D47 mov eax, dword ptr fs:[00000030h]5_2_01268D47
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01233540 mov eax, dword ptr fs:[00000030h]5_2_01233540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01263D40 mov eax, dword ptr fs:[00000030h]5_2_01263D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DC577 mov eax, dword ptr fs:[00000030h]5_2_011DC577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DC577 mov eax, dword ptr fs:[00000030h]5_2_011DC577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]5_2_011D8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]5_2_011D8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]5_2_011D8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]5_2_011D8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]5_2_011D8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126FD52 mov eax, dword ptr fs:[00000030h]5_2_0126FD52
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012805AC mov eax, dword ptr fs:[00000030h]5_2_012805AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012805AC mov eax, dword ptr fs:[00000030h]5_2_012805AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EFD9B mov eax, dword ptr fs:[00000030h]5_2_011EFD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EFD9B mov eax, dword ptr fs:[00000030h]5_2_011EFD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3591 mov eax, dword ptr fs:[00000030h]5_2_011B3591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]5_2_011B2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]5_2_011B2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]5_2_011B2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]5_2_011B2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]5_2_011B2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581 mov eax, dword ptr fs:[00000030h]5_2_011E2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581 mov eax, dword ptr fs:[00000030h]5_2_011E2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581 mov eax, dword ptr fs:[00000030h]5_2_011E2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581 mov eax, dword ptr fs:[00000030h]5_2_011E2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5DBF mov eax, dword ptr fs:[00000030h]5_2_011F5DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5DBF mov eax, dword ptr fs:[00000030h]5_2_011F5DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]5_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]5_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]5_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]5_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]5_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]5_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]5_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B581 mov eax, dword ptr fs:[00000030h]5_2_0127B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B581 mov eax, dword ptr fs:[00000030h]5_2_0127B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B581 mov eax, dword ptr fs:[00000030h]5_2_0127B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B581 mov eax, dword ptr fs:[00000030h]5_2_0127B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E1DB5 mov eax, dword ptr fs:[00000030h]5_2_011E1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E1DB5 mov eax, dword ptr fs:[00000030h]5_2_011E1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E1DB5 mov eax, dword ptr fs:[00000030h]5_2_011E1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E65A0 mov eax, dword ptr fs:[00000030h]5_2_011E65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E65A0 mov eax, dword ptr fs:[00000030h]5_2_011E65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E65A0 mov eax, dword ptr fs:[00000030h]5_2_011E65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E35A1 mov eax, dword ptr fs:[00000030h]5_2_011E35A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127FDE2 mov eax, dword ptr fs:[00000030h]5_2_0127FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127FDE2 mov eax, dword ptr fs:[00000030h]5_2_0127FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127FDE2 mov eax, dword ptr fs:[00000030h]5_2_0127FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127FDE2 mov eax, dword ptr fs:[00000030h]5_2_0127FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01243DE3 mov ecx, dword ptr fs:[00000030h]5_2_01243DE3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01243DE3 mov eax, dword ptr fs:[00000030h]5_2_01243DE3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01243DE3 mov eax, dword ptr fs:[00000030h]5_2_01243DE3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01268DF1 mov eax, dword ptr fs:[00000030h]5_2_01268DF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B15C1 mov eax, dword ptr fs:[00000030h]5_2_011B15C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]5_2_01236DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]5_2_01236DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]5_2_01236DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov ecx, dword ptr fs:[00000030h]5_2_01236DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]5_2_01236DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]5_2_01236DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B95F0 mov eax, dword ptr fs:[00000030h]5_2_011B95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B95F0 mov ecx, dword ptr fs:[00000030h]5_2_011B95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E95EC mov eax, dword ptr fs:[00000030h]5_2_011E95EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126FDD3 mov eax, dword ptr fs:[00000030h]5_2_0126FDD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CD5E0 mov eax, dword ptr fs:[00000030h]5_2_011CD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CD5E0 mov eax, dword ptr fs:[00000030h]5_2_011CD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8410 mov eax, dword ptr fs:[00000030h]5_2_011B8410
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3C3E mov eax, dword ptr fs:[00000030h]5_2_011E3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3C3E mov eax, dword ptr fs:[00000030h]5_2_011E3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3C3E mov eax, dword ptr fs:[00000030h]5_2_011E3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]5_2_01271C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe {path}Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection111Masquerading1Input Capture1Security Software Discovery12Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection111NTDSSystem Information Discovery112Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.Packed2.42850.4964.exe20%VirustotalBrowse
          SecuriteInfo.com.Trojan.Packed2.42850.4964.exe25%ReversingLabsByteCode-MSIL.Trojan.Pwsx

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.esvstudybible.org/search?q=0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.esvstudybible.org/search?q=Whttp://www.blueletterbible.org/Bible.cfm?b=0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://topicalmemorysystem.googlecode.com/files/0%Avira URL Cloudsafe
          www.aone223.com/67d/6%VirustotalBrowse
          www.aone223.com/67d/0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.aone223.com/67d/true
          • 6%, Virustotal, Browse
          • Avira URL Cloud: safe
          low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
            high
            http://www.fontbureau.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
              high
              http://www.fontbureau.com/designersGSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                high
                http://www.fontbureau.com/designers/?SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                  high
                  http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  unknown
                  http://www.fontbureau.com/designers?SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                    high
                    http://www.biblegateway.com/passage/?search=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                      high
                      http://www.esvstudybible.org/search?q=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.tiro.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      http://www.esvstudybible.org/search?q=Whttp://www.blueletterbible.org/Bible.cfm?b=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.fontbureau.com/designersSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                        high
                        http://www.goodfont.co.krSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        http://topicalmemorysystem.googlecode.com/files/SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.biblija.net/biblija.cgi?m=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                          high
                          http://www.carterandcone.comlSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.sajatypeworks.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.typography.netDSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            high
                            http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://fontfabrik.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.founder.com.cn/cnSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.fontbureau.com/designers/frere-user.htmlSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                              high
                              http://www.blueletterbible.org/Bible.cfm?b=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                                high
                                http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://www.fontbureau.com/designers8SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                  high
                                  http://www.fonts.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    high
                                    http://www.sandoll.co.krSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.urwpp.deDPleaseSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.zhongyicts.com.cnSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.sakkal.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown

                                    Contacted IPs

                                    No contacted IP infos

                                    General Information

                                    Joe Sandbox Version:31.0.0 Emerald
                                    Analysis ID:356696
                                    Start date:23.02.2021
                                    Start time:15:07:12
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 8m 15s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:SecuriteInfo.com.Trojan.Packed2.42850.4964.3326 (renamed file extension from 3326 to exe)
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:17
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal92.troj.evad.winEXE@3/1@0/0
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 1.1% (good quality ratio 1%)
                                    • Quality average: 71.2%
                                    • Quality standard deviation: 30.8%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 33
                                    • Number of non-executed functions: 229
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Stop behavior analysis, all processes terminated
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    15:08:08API Interceptor1x Sleep call for process: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASN

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.log
                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1216
                                    Entropy (8bit):5.355304211458859
                                    Encrypted:false
                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                    MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                    SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                    SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                    SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                    Malicious:true
                                    Reputation:high, very likely benign file
                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):6.788526402195906
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
                                    File size:687616
                                    MD5:2201881c6cc2de12c71f906e43178ef9
                                    SHA1:2b494db5e52b74df25ff068d0d2a3295aae4f658
                                    SHA256:945ebbaf8c08902ed75eb98f5cabd2dbd88708c1aac37a35762db091c1ce0476
                                    SHA512:4ddf35b3d8c49c9334fe4e32e0db68b2780ad8528dc31595ae7d63906625faa045aaed0ef84a4264a29c3b8db8c35054478898df914c3df0512618edea59f167
                                    SSDEEP:6144:wxwz1c/m/gGqitttttwgGTyWI+G4bNSrAxx3qK6L+/rKniN0s2sdUgBODIpFds5O:9dSTES5//6L/iYsGgBODIpFds5erS8
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....4`..............0..t............... ........@.. ....................................@................................

                                    File Icon

                                    Icon Hash:00828e8e8686b000

                                    Static PE Info

                                    General

                                    Entrypoint:0x4a93da
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x6034A3B9 [Tue Feb 23 06:42:01 2021 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v4.0.30319
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa93880x4f.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x5bc.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xac0000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000xa73e00xa7400False0.628440594638data6.79752323577IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .rsrc0xaa0000x5bc0x600False0.43359375data4.23844738633IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0xac0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_VERSION0xaa0900x32cdata
                                    RT_MANIFEST0xaa3cc0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Version Infos

                                    DescriptionData
                                    Translation0x0000 0x04b0
                                    LegalCopyrightCopyright 2016
                                    Assembly Version1.0.0.0
                                    InternalNameJ.exe
                                    FileVersion1.0.0.0
                                    CompanyName
                                    LegalTrademarks
                                    Comments
                                    ProductNameCore.Numero
                                    ProductVersion1.0.0.0
                                    FileDescriptionCore.Numero
                                    OriginalFilenameJ.exe

                                    Network Behavior

                                    No network behavior found

                                    Code Manipulations

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Start time:15:07:59
                                    Start date:23/02/2021
                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe'
                                    Imagebase:0xb30000
                                    File size:687616 bytes
                                    MD5 hash:2201881C6CC2DE12C71F906E43178EF9
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    General

                                    Start time:15:08:21
                                    Start date:23/02/2021
                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
                                    Wow64 process (32bit):true
                                    Commandline:{path}
                                    Imagebase:0x6e0000
                                    File size:687616 bytes
                                    MD5 hash:2201881C6CC2DE12C71F906E43178EF9
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    Disassembly

                                    Code Analysis

                                    Reset < >

                                      Executed Functions

                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0157A736
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 8f22b6777f7f5d6c7a0db9535e13aa6154a05786e0feada14df2a58005371e08
                                      • Instruction ID: 4b37385b85472909892103cdeb54462bcfc1caec34bb899c4a41a3647b319f18
                                      • Opcode Fuzzy Hash: 8f22b6777f7f5d6c7a0db9535e13aa6154a05786e0feada14df2a58005371e08
                                      • Instruction Fuzzy Hash: C5712570A00B058FEB24DF2AE04675ABBF5FF88214F04892DD54ADBA50EB75E845CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 01575421
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 337cdf336e39667666b8863badce17a441006f06191a369127ca9996162d0891
                                      • Instruction ID: 757bdbc19fe9db8c895dc7713b3ded210734194c134ada8d18c3e8abcb050567
                                      • Opcode Fuzzy Hash: 337cdf336e39667666b8863badce17a441006f06191a369127ca9996162d0891
                                      • Instruction Fuzzy Hash: 9841E471D0461CCFDB24DFA9D885BDDBBB2BF88308F10805AD508AB255DBB56946CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 01575421
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 4138cc73f72ab5b4745628db79469eb4347c89fd462466d17a376f1b13f2fd83
                                      • Instruction ID: ce28a1552f3022cd794082302ed84cea660b36f5b59779e479b051318f9b7e31
                                      • Opcode Fuzzy Hash: 4138cc73f72ab5b4745628db79469eb4347c89fd462466d17a376f1b13f2fd83
                                      • Instruction Fuzzy Hash: B941F671D00619CFDB24DFA9D885BDDBBB2BF88304F10805AD408AB255DBB5694ACF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0157C9D6,?,?,?,?,?), ref: 0157CA97
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 79ab629495e56698ce9ce2b361bbf9bfe60c123ab5cff4d7eee33cb344e3369e
                                      • Instruction ID: 51419e314dffcf6334aa6cc730c2c8632027800fc989757e1688624a2f0514ea
                                      • Opcode Fuzzy Hash: 79ab629495e56698ce9ce2b361bbf9bfe60c123ab5cff4d7eee33cb344e3369e
                                      • Instruction Fuzzy Hash: C821E6B5900249EFDB10CFA9D885ADEBBF4FB48320F14841AE914B7310D378A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0157C9D6,?,?,?,?,?), ref: 0157CA97
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 353266b79d3f1ae1ae469ca17a88a27fb872c9250a260bc20713c6141b93c888
                                      • Instruction ID: d7e5a833c969ca60102323a2a42b0e8df9a70026703856fb3b998dfc19073cc7
                                      • Opcode Fuzzy Hash: 353266b79d3f1ae1ae469ca17a88a27fb872c9250a260bc20713c6141b93c888
                                      • Instruction Fuzzy Hash: 632116B5900249AFDF10CFA9D884ADEBFF8FB48320F14841AE954A7350C378A945CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0157A7B1,00000800,00000000,00000000), ref: 0157A9C2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 1456f086f42c42cc2cb114829ea306848e157c3b577839dd7d9a58d41e7eb356
                                      • Instruction ID: 29a6001409422ce40dd8248a924a111943e5f1df0a3556e4fca0fdb081e02642
                                      • Opcode Fuzzy Hash: 1456f086f42c42cc2cb114829ea306848e157c3b577839dd7d9a58d41e7eb356
                                      • Instruction Fuzzy Hash: E21114B69042499FDB10CFAAD445BEEFBF4FB88320F05842AD515AB600C379A545CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0157A7B1,00000800,00000000,00000000), ref: 0157A9C2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 5b26bfa158e54ae23f20867e65ac15e63e7c8d517c4939939c5e43286b7133f0
                                      • Instruction ID: a060d5db30a11853de868c4bfee98b4fab1512ef345269e4c113fd573a02d861
                                      • Opcode Fuzzy Hash: 5b26bfa158e54ae23f20867e65ac15e63e7c8d517c4939939c5e43286b7133f0
                                      • Instruction Fuzzy Hash: 9B1126B69002489FDB10CFAAD444BDEFBF4BB88324F15841ED815B7610C378A545CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0157A736
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: e25fe68a485342f0583b18319684510043ccbe6d59804117c9eff8b0cb2dba6c
                                      • Instruction ID: 361522ac570af232c349187ce74843d48e8efb7471dfbcc2dfdb9f7a2c0dd080
                                      • Opcode Fuzzy Hash: e25fe68a485342f0583b18319684510043ccbe6d59804117c9eff8b0cb2dba6c
                                      • Instruction Fuzzy Hash: 2A11E0B6C002498FDB14CF9AD844BDEFBF8AB88324F14852AD819B7610D379A545CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695397792.000000000129D000.00000040.00000001.sdmp, Offset: 0129D000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 19fa2e2a947142402d8faf924fb93cb3f0c61c03041a129c13459b0a2cc0d22f
                                      • Instruction ID: afd187558fbf59e9d02126f1512955d8c359740aa4a466b61380613d3654fd93
                                      • Opcode Fuzzy Hash: 19fa2e2a947142402d8faf924fb93cb3f0c61c03041a129c13459b0a2cc0d22f
                                      • Instruction Fuzzy Hash: CA2167B1514248EFCF01DF58E9C0B26BF61FB88328F20C569E9050B207C336E806DBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695595181.00000000014AD000.00000040.00000001.sdmp, Offset: 014AD000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e2fc14353e3c20c0dc16bd8d09351e21ac07542c43047083e90ff72d6d8fb355
                                      • Instruction ID: 8c26c2a6faa1c5aec167404083a31396ad4597e999393529ccd5fcf30c7d6d47
                                      • Opcode Fuzzy Hash: e2fc14353e3c20c0dc16bd8d09351e21ac07542c43047083e90ff72d6d8fb355
                                      • Instruction Fuzzy Hash: BC2137B1A48240DFCB15CF54D8C0B26BB61FB98358F60C56ED80A4B756C736D807CA61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695595181.00000000014AD000.00000040.00000001.sdmp, Offset: 014AD000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23c7c76662255f5f5bc4b4024a9ada1d2143b083d49ede870e87e6b28cfbb578
                                      • Instruction ID: 8cc1aea1de1ecf1cb6c01061741750208ee879eda6cf0c160d80f928cf70fe45
                                      • Opcode Fuzzy Hash: 23c7c76662255f5f5bc4b4024a9ada1d2143b083d49ede870e87e6b28cfbb578
                                      • Instruction Fuzzy Hash: 532149B2904200EFDB01CF94D9C0B26BB61FB98324F60C57ED8094B766C736D806CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695397792.000000000129D000.00000040.00000001.sdmp, Offset: 0129D000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 15e00ab0180662b097a36b170ee5e0122ef9b813bbc53ef17b167e6fd8fb8d96
                                      • Instruction ID: eef730e90c92e83fff0fbbdc80cf962fab26d428ca5c87604f1744ed0065492c
                                      • Opcode Fuzzy Hash: 15e00ab0180662b097a36b170ee5e0122ef9b813bbc53ef17b167e6fd8fb8d96
                                      • Instruction Fuzzy Hash: FD11B176404284CFCF12CF58D5C4B16BF71FB84324F24C6A9D9454B616C33AD45ADBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695595181.00000000014AD000.00000040.00000001.sdmp, Offset: 014AD000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d36124553d90c539148c45a8a93ecca56ad8a74831c1bc612bfc5b4ddcdf7be
                                      • Instruction ID: 3222aec581cce09042862de4173422cd939be7f63d41712575b10699b638bd72
                                      • Opcode Fuzzy Hash: 7d36124553d90c539148c45a8a93ecca56ad8a74831c1bc612bfc5b4ddcdf7be
                                      • Instruction Fuzzy Hash: 04118E76904280DFDB12CF54D5C4B16BB71FB84224F24C6AAD8494B766C33AD44ACB52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695595181.00000000014AD000.00000040.00000001.sdmp, Offset: 014AD000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d36124553d90c539148c45a8a93ecca56ad8a74831c1bc612bfc5b4ddcdf7be
                                      • Instruction ID: 09e9cfcdb66926f867cfe378328605b440a1e1b912a1fd05c1fdad3e961ee835
                                      • Opcode Fuzzy Hash: 7d36124553d90c539148c45a8a93ecca56ad8a74831c1bc612bfc5b4ddcdf7be
                                      • Instruction Fuzzy Hash: 1011BEB5948280CFCB12CF14D5C4B16BB71FB44318F24C6AAD8494BB66C33AD44ACB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695397792.000000000129D000.00000040.00000001.sdmp, Offset: 0129D000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 453b27621de42b098e4736a50e7bac5c04c5098e24e7a795270637510a2fa1fa
                                      • Instruction ID: 6b1daabcb09df98a2108efc759798bfc6f28d05f727ec154288a47b5506d5e1d
                                      • Opcode Fuzzy Hash: 453b27621de42b098e4736a50e7bac5c04c5098e24e7a795270637510a2fa1fa
                                      • Instruction Fuzzy Hash: DA012B710183D8AAEF185E6ECCC4BAABBD8DF45634F08C51AEE045B286C7799844D6B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695397792.000000000129D000.00000040.00000001.sdmp, Offset: 0129D000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7ed13cacf610d605deb749a6d858d709799d839212dab6b432466ebf335113f
                                      • Instruction ID: 65f2a538ddaae98ae9d51c89920178632b5ad7f7806f2309f0709d60a89071a5
                                      • Opcode Fuzzy Hash: d7ed13cacf610d605deb749a6d858d709799d839212dab6b432466ebf335113f
                                      • Instruction Fuzzy Hash: ECF0F6714043849FEB148E1ACCC4BA6FFD8EB41634F18C45AEE085B286C3799844CAB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 47d021d93fcc795c0b561aba5616bc433a97c8ec8354072048b7f815fb6f7ae5
                                      • Instruction ID: fd0a721da613c56787097c6d1da419b3bc599e0e75c61bb7f0d8607f1f923fc6
                                      • Opcode Fuzzy Hash: 47d021d93fcc795c0b561aba5616bc433a97c8ec8354072048b7f815fb6f7ae5
                                      • Instruction Fuzzy Hash: 3F12E9F1C9174E8ADB10CF65E498189BBA2F7C93A8FD04A08D2615FAD1D7B4016EEF44
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c5ac177068d53fe58a657f2639ef61c0553ba3db3bc3bf5acdf251ce872651c3
                                      • Instruction ID: 6070abec95b3014fe5d25c1d304d1a207341776744833be4aacb82ab7d6a6f4d
                                      • Opcode Fuzzy Hash: c5ac177068d53fe58a657f2639ef61c0553ba3db3bc3bf5acdf251ce872651c3
                                      • Instruction Fuzzy Hash: 88A15E32E0021A8FCF05DFA5D8455DEBBB2FF85300B1585AAE905BF261EB71E915CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000000.00000002.695706676.0000000001570000.00000040.00000001.sdmp, Offset: 01570000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1f8d6c95a9c022fd6964758ef2e97707c925c476835059fa89570f35058931db
                                      • Instruction ID: 3a3a8480cb9f660521e45fa81cb791108d84223eaa99ce9adab7713aabe1e11c
                                      • Opcode Fuzzy Hash: 1f8d6c95a9c022fd6964758ef2e97707c925c476835059fa89570f35058931db
                                      • Instruction Fuzzy Hash: 8CC14EF1C9174E8ADB10CF65E898189BBB2BBC93A8FD04A08D1612F6D1D7B4106ADF44
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Executed Functions

                                      APIs
                                      • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID: 2MA$2MA
                                      • API String ID: 2738559852-947276439
                                      • Opcode ID: 3634b11253fdd14103bfded4acbcb9f9c892439e8bdadd08714f6b90953b3e21
                                      • Instruction ID: 8c32b6a773e974be2d83541910c2928bb5b234720ce11cefcaacbc6fab0912a0
                                      • Opcode Fuzzy Hash: 3634b11253fdd14103bfded4acbcb9f9c892439e8bdadd08714f6b90953b3e21
                                      • Instruction Fuzzy Hash: 3A0125B2200104ABCB04DF99CC91DEB7BACEF8C314F05864AFA1C97241C630E9518BE0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID: 2MA$2MA
                                      • API String ID: 2738559852-947276439
                                      • Opcode ID: 5849f9594f08781742c1fec161881e491efc356eebc2daf21fed98e4ca02dbbc
                                      • Instruction ID: d4a04e8435a43ddd63bc6636f4d98e4173158a91039720b869e3cd3d9b714d93
                                      • Opcode Fuzzy Hash: 5849f9594f08781742c1fec161881e491efc356eebc2daf21fed98e4ca02dbbc
                                      • Instruction Fuzzy Hash: F1F0F9B6210108AFCB04DF89CC85EEB77A9AF8C754F018649BA1D97241C630E851CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID: 2MA$2MA
                                      • API String ID: 2738559852-947276439
                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                      • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                      • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID: wKA
                                      • API String ID: 823142352-3165208591
                                      • Opcode ID: c8499552cd11c8d086122647465828dc19da199b1d0c05bc3df0e0b2eada94b6
                                      • Instruction ID: 2c03fdad8d86b097c59aec2737737e4a79cf0f239827d133bed74f1669c60401
                                      • Opcode Fuzzy Hash: c8499552cd11c8d086122647465828dc19da199b1d0c05bc3df0e0b2eada94b6
                                      • Instruction Fuzzy Hash: 541106B2204209AFCB08DF98DC91DEB77A9AF8C314F15864DFA5D97241D634EC61CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID: wKA
                                      • API String ID: 823142352-3165208591
                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                      • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                      • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateMemoryVirtual
                                      • String ID:
                                      • API String ID: 2167126740-0
                                      • Opcode ID: 7d1ac7ea5e1ee10440e3f2fdeeedba387a41ccbbb03119f7c6c80820ded3b614
                                      • Instruction ID: 0ae78175b163730f311e04e7a6e94c5ebf89977c260b93ff93ffa72c953703be
                                      • Opcode Fuzzy Hash: 7d1ac7ea5e1ee10440e3f2fdeeedba387a41ccbbb03119f7c6c80820ded3b614
                                      • Instruction Fuzzy Hash: 7AF0E2B1250144AFCB10DF98DC85EE77BACEF88310F10865EF91C97202C234D851CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateMemoryVirtual
                                      • String ID:
                                      • API String ID: 2167126740-0
                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                      • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                      • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: d636d7988fb78b452f88fa13df8414a364d620349843997e0bf683fa4c588a9f
                                      • Instruction ID: d48fb427290e1a701454df81f7dd9493c5d3305e5fadaa35b0621f65a10253ba
                                      • Opcode Fuzzy Hash: d636d7988fb78b452f88fa13df8414a364d620349843997e0bf683fa4c588a9f
                                      • Instruction Fuzzy Hash: F1E0C275200200AFD710EFD4CC46EEB3B58EF44320F01449ABA1C5B242C530EA0087D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                      • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                      • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 31387e1fcfc266f75158341ea4a81c6f3709accf374c5e1b702d6ecddffb90cd
                                      • Instruction ID: c75ba83d2bfa5614a6e586ede72f40e3278ef563a64a62588e7aafb1232d67cb
                                      • Opcode Fuzzy Hash: 31387e1fcfc266f75158341ea4a81c6f3709accf374c5e1b702d6ecddffb90cd
                                      • Instruction Fuzzy Hash: 7990027121200813D21261E945047070009A7D0281F91C512A041455CED6D68952B261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: c18a7be9b128e55f7c221fb929de17ddb3984c7b9b0ec6fc6936c812e0c45dd9
                                      • Instruction ID: 6509aaae53daf29c159e9f0b9ba4833ba2095dacd6d8cf748883c068fce9e5ef
                                      • Opcode Fuzzy Hash: c18a7be9b128e55f7c221fb929de17ddb3984c7b9b0ec6fc6936c812e0c45dd9
                                      • Instruction Fuzzy Hash: 1C90027121200C02D28171E9440464A0005A7D1341F91C115A0015658ECA958A5977E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 32c38ba36c8f6fe9f2865a778b44faa9a8b51e8c9929201bc56e188a697ff877
                                      • Instruction ID: 4af5af87ddd07d12d30caba2d73573e4dfd4bd860b0a3ccb4e95fffd432da567
                                      • Opcode Fuzzy Hash: 32c38ba36c8f6fe9f2865a778b44faa9a8b51e8c9929201bc56e188a697ff877
                                      • Instruction Fuzzy Hash: F890027121208C02D21161E9840474A0005A7D0341F55C511A441465CEC6D588917261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8cc8ad2602947109d93759c0c81a18c9a26cd20e5980a219460c89eacf67366e
                                      • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
                                      • Opcode Fuzzy Hash: 8cc8ad2602947109d93759c0c81a18c9a26cd20e5980a219460c89eacf67366e
                                      • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID: oLA
                                      • API String ID: 1279760036-3789366272
                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                      • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                      • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID:
                                      • API String ID: 3298025750-0
                                      • Opcode ID: 2580f4634c812a01195ebb34490252aa4d74d11cb1de9f733482d936408262b6
                                      • Instruction ID: f27403a53ab5f41e5d96b91d5a71e0c9ad3c53aeef834d0011b3e803d21ca57a
                                      • Opcode Fuzzy Hash: 2580f4634c812a01195ebb34490252aa4d74d11cb1de9f733482d936408262b6
                                      • Instruction Fuzzy Hash: 8F019EB5640214BFD724DF68DC46EE77BACEF88350F01456AB91DAB242C631E910CAE1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID:
                                      • API String ID: 3298025750-0
                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                      • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                      • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: f41bfb187bfef27cc29d7af5ac7e4685e97214fea0a091e913bc756e96229912
                                      • Instruction ID: 770a2c9fa82dfa6532b6f004ef00ef20b8c7f378561e744f0aa54d07ca1045a9
                                      • Opcode Fuzzy Hash: f41bfb187bfef27cc29d7af5ac7e4685e97214fea0a091e913bc756e96229912
                                      • Instruction Fuzzy Hash: 88B09BB19024C9C5D716E7F546087177A007BD0755F16C155E2020645B8778C091F6B5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Strings
                                      • *** enter .exr %p for the exception record, xrefs: 0126B4F1
                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0126B314
                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0126B484
                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0126B476
                                      • *** Inpage error in %ws:%s, xrefs: 0126B418
                                      • Go determine why that thread has not released the critical section., xrefs: 0126B3C5
                                      • a NULL pointer, xrefs: 0126B4E0
                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0126B3D6
                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 0126B352
                                      • read from, xrefs: 0126B4AD, 0126B4B2
                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0126B39B
                                      • *** enter .cxr %p for the context, xrefs: 0126B50D
                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0126B53F
                                      • an invalid address, %p, xrefs: 0126B4CF
                                      • The instruction at %p referenced memory at %p., xrefs: 0126B432
                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0126B323
                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0126B305
                                      • The critical section is owned by thread %p., xrefs: 0126B3B9
                                      • The resource is owned shared by %d threads, xrefs: 0126B37E
                                      • The instruction at %p tried to %s , xrefs: 0126B4B6
                                      • <unknown>, xrefs: 0126B27E, 0126B2D1, 0126B350, 0126B399, 0126B417, 0126B48E
                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0126B47D
                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0126B2DC
                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0126B2F3
                                      • write to, xrefs: 0126B4A6
                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0126B38F
                                      • *** An Access Violation occurred in %ws:%s, xrefs: 0126B48F
                                      • The resource is owned exclusively by thread %p, xrefs: 0126B374
                                      • This failed because of error %Ix., xrefs: 0126B446
                                      • *** then kb to get the faulting stack, xrefs: 0126B51C
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                      • API String ID: 0-108210295
                                      • Opcode ID: 61f8708d8e72a1c06871ad2e397378741a0c07d34f947b4a49d226c26c1fa346
                                      • Instruction ID: 7bafa749d75839ec12d1e26e376cc42e751ba41c81839e851ceba99e4319d27f
                                      • Opcode Fuzzy Hash: 61f8708d8e72a1c06871ad2e397378741a0c07d34f947b4a49d226c26c1fa346
                                      • Instruction Fuzzy Hash: 14811339B60211BFDB2D9B4A9C46E7B3F29EF56651F800058F604AF192D3A18492C6B2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      C-Code - Quality: 44%
                                      			E01271C06() {
                                      				signed int _t27;
                                      				char* _t104;
                                      				char* _t105;
                                      				intOrPtr _t113;
                                      				intOrPtr _t115;
                                      				intOrPtr _t117;
                                      				intOrPtr _t119;
                                      				intOrPtr _t120;
                                      
                                      				_t105 = 0x11948a4;
                                      				_t104 = "HEAP: ";
                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                      					_push(_t104);
                                      					E011BB150();
                                      				} else {
                                      					E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                      				}
                                      				_push( *0x12a589c);
                                      				E011BB150("Heap error detected at %p (heap handle %p)\n",  *0x12a58a0);
                                      				_t27 =  *0x12a5898; // 0x0
                                      				if(_t27 <= 0xf) {
                                      					switch( *((intOrPtr*)(_t27 * 4 +  &M01271E96))) {
                                      						case 0:
                                      							_t105 = "heap_failure_internal";
                                      							goto L21;
                                      						case 1:
                                      							goto L21;
                                      						case 2:
                                      							goto L21;
                                      						case 3:
                                      							goto L21;
                                      						case 4:
                                      							goto L21;
                                      						case 5:
                                      							goto L21;
                                      						case 6:
                                      							goto L21;
                                      						case 7:
                                      							goto L21;
                                      						case 8:
                                      							goto L21;
                                      						case 9:
                                      							goto L21;
                                      						case 0xa:
                                      							goto L21;
                                      						case 0xb:
                                      							goto L21;
                                      						case 0xc:
                                      							goto L21;
                                      						case 0xd:
                                      							goto L21;
                                      						case 0xe:
                                      							goto L21;
                                      						case 0xf:
                                      							goto L21;
                                      					}
                                      				}
                                      				L21:
                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                      					_push(_t104);
                                      					E011BB150();
                                      				} else {
                                      					E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                      				}
                                      				_push(_t105);
                                      				E011BB150("Error code: %d - %s\n",  *0x12a5898);
                                      				_t113 =  *0x12a58a4; // 0x0
                                      				if(_t113 != 0) {
                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                      						_push(_t104);
                                      						E011BB150();
                                      					} else {
                                      						E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                      					}
                                      					E011BB150("Parameter1: %p\n",  *0x12a58a4);
                                      				}
                                      				_t115 =  *0x12a58a8; // 0x0
                                      				if(_t115 != 0) {
                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                      						_push(_t104);
                                      						E011BB150();
                                      					} else {
                                      						E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                      					}
                                      					E011BB150("Parameter2: %p\n",  *0x12a58a8);
                                      				}
                                      				_t117 =  *0x12a58ac; // 0x0
                                      				if(_t117 != 0) {
                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                      						_push(_t104);
                                      						E011BB150();
                                      					} else {
                                      						E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                      					}
                                      					E011BB150("Parameter3: %p\n",  *0x12a58ac);
                                      				}
                                      				_t119 =  *0x12a58b0; // 0x0
                                      				if(_t119 != 0) {
                                      					L41:
                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                      						_push(_t104);
                                      						E011BB150();
                                      					} else {
                                      						E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                      					}
                                      					_push( *0x12a58b4);
                                      					E011BB150("Last known valid blocks: before - %p, after - %p\n",  *0x12a58b0);
                                      				} else {
                                      					_t120 =  *0x12a58b4; // 0x0
                                      					if(_t120 != 0) {
                                      						goto L41;
                                      					}
                                      				}
                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                      					_push(_t104);
                                      					E011BB150();
                                      				} else {
                                      					E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                      				}
                                      				return E011BB150("Stack trace available at %p\n", 0x12a58c0);
                                      			}











                                      0x01271c10
                                      0x01271c16
                                      0x01271c1e
                                      0x01271c3d
                                      0x01271c3e
                                      0x01271c20
                                      0x01271c35
                                      0x01271c3a
                                      0x01271c44
                                      0x01271c55
                                      0x01271c5a
                                      0x01271c65
                                      0x01271c67
                                      0x00000000
                                      0x01271c6e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x01271c67
                                      0x01271cdc
                                      0x01271ce5
                                      0x01271d04
                                      0x01271d05
                                      0x01271ce7
                                      0x01271cfc
                                      0x01271d01
                                      0x01271d0b
                                      0x01271d17
                                      0x01271d1f
                                      0x01271d25
                                      0x01271d30
                                      0x01271d4f
                                      0x01271d50
                                      0x01271d32
                                      0x01271d47
                                      0x01271d4c
                                      0x01271d61
                                      0x01271d67
                                      0x01271d68
                                      0x01271d6e
                                      0x01271d79
                                      0x01271d98
                                      0x01271d99
                                      0x01271d7b
                                      0x01271d90
                                      0x01271d95
                                      0x01271daa
                                      0x01271db0
                                      0x01271db1
                                      0x01271db7
                                      0x01271dc2
                                      0x01271de1
                                      0x01271de2
                                      0x01271dc4
                                      0x01271dd9
                                      0x01271dde
                                      0x01271df3
                                      0x01271df9
                                      0x01271dfa
                                      0x01271e00
                                      0x01271e0a
                                      0x01271e13
                                      0x01271e32
                                      0x01271e33
                                      0x01271e15
                                      0x01271e2a
                                      0x01271e2f
                                      0x01271e39
                                      0x01271e4a
                                      0x01271e02
                                      0x01271e02
                                      0x01271e08
                                      0x00000000
                                      0x00000000
                                      0x01271e08
                                      0x01271e5b
                                      0x01271e7a
                                      0x01271e7b
                                      0x01271e5d
                                      0x01271e72
                                      0x01271e77
                                      0x01271e95

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                      • API String ID: 0-2897834094
                                      • Opcode ID: 140ad40a95b3c2fd22cc2372ab541d217dd688dc6d79295cd7fd6ff4e89d671a
                                      • Instruction ID: b0b3a52a9ca07b1315b89cf58a836431163745f527e5220ec2723804573332c2
                                      • Opcode Fuzzy Hash: 140ad40a95b3c2fd22cc2372ab541d217dd688dc6d79295cd7fd6ff4e89d671a
                                      • Instruction Fuzzy Hash: 3B61073A536142DFC719AB8AF58AE2277A8EF04930B4D802EF50D6B701D7749C908F5E
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • @, xrefs: 0122ABA3
                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 0122AC27
                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 0122AB0E
                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 0122AA1A
                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 0122AAC8
                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 0122A8EC
                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 0122AC2C
                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 0122ABF3
                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 0122AC0A
                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 0122AAA0
                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 0122AA11
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                      • API String ID: 0-4009184096
                                      • Opcode ID: b16dfa29d4db6317b8fc1d2768f9de64f4ab17ae925372d0e68eb506a489c197
                                      • Instruction ID: 817da121820acd9ef90f754f7fd4e89fe048a91c10b2ee75c857724d850605eb
                                      • Opcode Fuzzy Hash: b16dfa29d4db6317b8fc1d2768f9de64f4ab17ae925372d0e68eb506a489c197
                                      • Instruction Fuzzy Hash: FC02A0B1D00629ABDB39DB54CD84BEEB7B8AF14704F4101EAE709A7641D7309E84CF99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                      • API String ID: 0-3591852110
                                      • Opcode ID: 40b7bb960809b55fac51a97d155d88c6493ff7f6ebb2e4934391ef0a227db062
                                      • Instruction ID: 33d9086ffcae21d5b80331a0013e80d38347fb9200d4143cea09387e492662b2
                                      • Opcode Fuzzy Hash: 40b7bb960809b55fac51a97d155d88c6493ff7f6ebb2e4934391ef0a227db062
                                      • Instruction Fuzzy Hash: 5612D2306246829FDB29EF29C485BBBBBF5FF08314F18845DE5868B641D774E881CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                      • API String ID: 0-2224505338
                                      • Opcode ID: 3af3ec0acb74e1d19e0955367232866129c41b25685cf31ff1c3d6274041e590
                                      • Instruction ID: 5b15458cff84e81b1578e2085a3808d98ded71fc538e3231f792f109b265096d
                                      • Opcode Fuzzy Hash: 3af3ec0acb74e1d19e0955367232866129c41b25685cf31ff1c3d6274041e590
                                      • Instruction Fuzzy Hash: DB514832270246DFD729DB99D899F6B77A8FB08A24F088029F5069B741C7B4DC40CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$MUI$R$T${
                                      • API String ID: 0-2515562510
                                      • Opcode ID: 83cebb51865c021d04c7040c04a82362b2457c731a4685d197259bf124b1ba05
                                      • Instruction ID: 7b9794ab38f8f5acdb85b944fd705b0dd97d0f516ce6e336d6d9a454875a306a
                                      • Opcode Fuzzy Hash: 83cebb51865c021d04c7040c04a82362b2457c731a4685d197259bf124b1ba05
                                      • Instruction Fuzzy Hash: F0926A70E0462ADFEF29CF98C884BADBBF5BF44304F158259D959AB281E7349941CF81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-523794902
                                      • Opcode ID: 275b1e1f86294d2f4501b715fc3cfc75a87f4c2f169b88ddeb6dc2c4959e700b
                                      • Instruction ID: a99b6df362928d0d58b515b16f4392b7029417d212a28992fc89250377b82f1a
                                      • Opcode Fuzzy Hash: 275b1e1f86294d2f4501b715fc3cfc75a87f4c2f169b88ddeb6dc2c4959e700b
                                      • Instruction Fuzzy Hash: 9C420031618782EFD719CF28D884B2ABBE5FF98208F08496DE586CB352D735D941CB52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                      • API String ID: 0-1745908468
                                      • Opcode ID: b19452ad264df5f96266111e402595f97f5e8738260657290a2875c3979e99fd
                                      • Instruction ID: fe3cb9925f456f63ed80de7081e9137db2fdfc2b4fc85777410fae0131d1351d
                                      • Opcode Fuzzy Hash: b19452ad264df5f96266111e402595f97f5e8738260657290a2875c3979e99fd
                                      • Instruction Fuzzy Hash: 6E913331620642DFDB2ADFA8D494AAEBBF2FF49704F08801DE6455B691C7729842CB14
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • Kernel-MUI-Language-Disallowed, xrefs: 011C3E97
                                      • WindowsExcludedProcs, xrefs: 011C3D6F
                                      • Kernel-MUI-Number-Allowed, xrefs: 011C3D8C
                                      • Kernel-MUI-Language-Allowed, xrefs: 011C3DC0
                                      • Kernel-MUI-Language-SKU, xrefs: 011C3F70
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                      • API String ID: 0-258546922
                                      • Opcode ID: a96155a141ca97557d853e02e07b9857ea4ae83be3d14b965453ed9b8585e995
                                      • Instruction ID: 4812dae8c38ecd7d9f0d327d7f51b1edd12d4276adaa26f45cf197cca78ca8a0
                                      • Opcode Fuzzy Hash: a96155a141ca97557d853e02e07b9857ea4ae83be3d14b965453ed9b8585e995
                                      • Instruction Fuzzy Hash: A6F19172D1461AEFCB1ADF98C980AEEBBF8FF18A40F15405AE905E7650D7349E01CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      C-Code - Quality: 37%
                                      			E004172D3(signed int __eax, intOrPtr* __ebx, void* __edi) {
                                      				void* _t10;
                                      
                                      				asm("out 0x0, eax");
                                      				 *__ebx =  *__ebx + _t10;
                                      				asm("loop 0x2c");
                                      				return __eax ^ 0xe60c8bb8;
                                      			}




                                      0x004172d5
                                      0x004172dd
                                      0x004172e0
                                      0x004172ec

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID: Us$: $er-A$gent$urlmon.dll
                                      • API String ID: 0-1367105278
                                      • Opcode ID: 10856810b5f1d8d321ac3269559691c61947feda8324d40eddf848578fb6079c
                                      • Instruction ID: b8a4ebf0f7673431978adb552c80927709b78855b1a34c17fb067f78a6dc3c79
                                      • Opcode Fuzzy Hash: 10856810b5f1d8d321ac3269559691c61947feda8324d40eddf848578fb6079c
                                      • Instruction Fuzzy Hash: 5811C2B2E012196BEB11DF92DC02BFEBB74EB41754F11009AEC04BB241D3395A42C7EA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                      • API String ID: 0-188067316
                                      • Opcode ID: 4dabf4ccae445eb0e2e6b40dbb5589aaf2ac4a07031358ffaec4b2c0ceba96d6
                                      • Instruction ID: 27d8cf2c8fa9d217326d5b60f612e073ed121669149188885350e55e4f1fcfe7
                                      • Opcode Fuzzy Hash: 4dabf4ccae445eb0e2e6b40dbb5589aaf2ac4a07031358ffaec4b2c0ceba96d6
                                      • Instruction Fuzzy Hash: 6B0128322542419ED32DD769F48DF9277E8DB10F34F1D802DF10547A818BE89480C229
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: #$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                      • API String ID: 0-3266796247
                                      • Opcode ID: 4cb906777617c30104abf29200ac3af2a6c876b6c8b265a5a339d49bfc0408d3
                                      • Instruction ID: 567dea9a8c9abeab353ac09906a18be4fd811349976e3be78df18e56e722564f
                                      • Opcode Fuzzy Hash: 4cb906777617c30104abf29200ac3af2a6c876b6c8b265a5a339d49bfc0408d3
                                      • Instruction Fuzzy Hash: F032D23191466A9BEF7ACF58C888BEDB7F5AF45340F1440E9E949A7291D7309E81CF80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • HEAP: , xrefs: 012222E6, 012223F6
                                      • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 012222F3
                                      • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01222403
                                      • HEAP[%wZ]: , xrefs: 012222D7, 012223E7
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                      • API String ID: 0-1657114761
                                      • Opcode ID: 0a2f29202dd0a17f0c6cc38192dca0b6b8d602d661be767fc2491ab25faf8a82
                                      • Instruction ID: ec7f9228b0f3028e49d645fc488de87b4970f2256a54f31a924d1a92cdd97e9d
                                      • Opcode Fuzzy Hash: 0a2f29202dd0a17f0c6cc38192dca0b6b8d602d661be767fc2491ab25faf8a82
                                      • Instruction Fuzzy Hash: CCD1CC34A00246DFDB1DCF68D490BBABBF1FF48300F198669D99A9B742E335A941CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 0122348D
                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01223513
                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 012234D0
                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 0122344A
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                      • API String ID: 0-1468400865
                                      • Opcode ID: d1f29063cfca4a34eeb75c29d96f27fb748b20dd9a06314591fd06e9e8858378
                                      • Instruction ID: 5d328896421d83e53c432a73dd741f12edfb475e2393e9fdea08d2ee701533c0
                                      • Opcode Fuzzy Hash: d1f29063cfca4a34eeb75c29d96f27fb748b20dd9a06314591fd06e9e8858378
                                      • Instruction Fuzzy Hash: 5A71C1B1504306AFCB15DF94C884F9B7BA8EF59764F404568FA494B283D734D588CBD2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                      • API String ID: 2994545307-2586055223
                                      • Opcode ID: f218e0e31ebbf1f5f83d6f1fdbb2a5ea5562ca93d077c186f6341cd268f43790
                                      • Instruction ID: 6e2b95db6eb62ad6bdd73f5ef0c2541f20509d9d890c7d12aec7fc14059ec033
                                      • Opcode Fuzzy Hash: f218e0e31ebbf1f5f83d6f1fdbb2a5ea5562ca93d077c186f6341cd268f43790
                                      • Instruction Fuzzy Hash: D7513832214691AFD72AEB69D845F7B7BE8FF80B54F090468F651CB291D734E900CB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                      • API String ID: 2994545307-336120773
                                      • Opcode ID: 686b35c5664f2823323490db4c337547086451fa5772070fcad051b3e3dcd320
                                      • Instruction ID: b40cef6ee42c54f2caf55d461a5b563b1aee1085728d282698fa5cf1f25cf673
                                      • Opcode Fuzzy Hash: 686b35c5664f2823323490db4c337547086451fa5772070fcad051b3e3dcd320
                                      • Instruction Fuzzy Hash: 48316B31120192FFD729FB59C896F6777ECEF04624F184059F615CB281D770A880C768
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                      • API String ID: 0-1391187441
                                      • Opcode ID: 656ae0539acdf607e508d8f5a5a21366d8d7ecd97336ce8d9bf2d40d2ac14fea
                                      • Instruction ID: 7a36edc9ed799ebc8669b4c14e3cad49ef45c31468398e868d81a0f2cfabc49b
                                      • Opcode Fuzzy Hash: 656ae0539acdf607e508d8f5a5a21366d8d7ecd97336ce8d9bf2d40d2ac14fea
                                      • Instruction Fuzzy Hash: 2931F232A10249EFDB19DB99C8C5FEABBF8EB44720F254065F919A72D1D770E940CA60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                      • API String ID: 0-4256168463
                                      • Opcode ID: 48d917ad386b920a3273e8e2dac33f99ef8f1914554d068068ecf3157fc50b21
                                      • Instruction ID: d6a1c15fadc61b4e36d890ed271c84139d547b86b9802e7f984efb76f3cc3f22
                                      • Opcode Fuzzy Hash: 48d917ad386b920a3273e8e2dac33f99ef8f1914554d068068ecf3157fc50b21
                                      • Instruction Fuzzy Hash: 20018932130202DFCB28EB68A484BE777E8FB08A10F048455E5069B741DB74E840D664
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                      • API String ID: 0-3178619729
                                      • Opcode ID: 1babbe5c2351249d6f3599f7cc43990d79f251856bb19708798b6ae3eb5411e8
                                      • Instruction ID: 9fbaac8814c97e1dd91ccd1f2409121b34b6ecdd6520ec02a1392bcd2987758f
                                      • Opcode Fuzzy Hash: 1babbe5c2351249d6f3599f7cc43990d79f251856bb19708798b6ae3eb5411e8
                                      • Instruction Fuzzy Hash: DA223270610256AFEB28CF2CC485F7ABBF5EF44708F188569E9468B382E774D891CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                      • API String ID: 0-1145731471
                                      • Opcode ID: bcdbd6e56ce8307cad2a32e169cc3e51388129a89b19319651ec78b875a5203b
                                      • Instruction ID: b18e30498342a54d228bd193d07fa5268ecb7dd6d8648ea928cfaa32e312aa21
                                      • Opcode Fuzzy Hash: bcdbd6e56ce8307cad2a32e169cc3e51388129a89b19319651ec78b875a5203b
                                      • Instruction Fuzzy Hash: 62B1DE71B006169BDF2DCF68C891BACBBB5BF64A58F24412DE915EB385D730E851CB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: FilterFullPath$UseFilter$\??\
                                      • API String ID: 0-2779062949
                                      • Opcode ID: 017f787a6948549b0e8a40fc458d9a690c1be90691ef91008b4494003d4d9e9d
                                      • Instruction ID: 6cc615257759aa5641808e6f70ee241b2e416c00bc5509ca485f9bd0a9bfc24e
                                      • Opcode Fuzzy Hash: 017f787a6948549b0e8a40fc458d9a690c1be90691ef91008b4494003d4d9e9d
                                      • Instruction Fuzzy Hash: ADA17D7191162A9BDB35DF68CC88BEAB7B8FF54714F1001EAEA08A7250D7359E84CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • HEAP: , xrefs: 0126255C
                                      • HEAP[%wZ]: , xrefs: 0126254F
                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0126256F
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                      • API String ID: 0-3815128232
                                      • Opcode ID: 9a10d5c5219d407a22b0c394b8871987fd6be7418f0f5dca5dd1f14442f87091
                                      • Instruction ID: b648a8469ca69f4b4bb6594625449a1378a07f9bfb988823a2a128a5709252c1
                                      • Opcode Fuzzy Hash: 9a10d5c5219d407a22b0c394b8871987fd6be7418f0f5dca5dd1f14442f87091
                                      • Instruction Fuzzy Hash: FD511334130261CAE738CE2ED8497727BF9EB48744F544859EAC28B6C5D779D8C2DB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • HEAP: , xrefs: 012242AF
                                      • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 012242BA
                                      • HEAP[%wZ]: , xrefs: 012242A2
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                      • API String ID: 0-1596344177
                                      • Opcode ID: 931f4b4c47420b8b66888984831b51a60a9faa7979d37ee2a54303293b22cd55
                                      • Instruction ID: 90589d688b8c1d26d3b5ee2aaec60bb95491de5394fe147f03e27dbeb00ce5ed
                                      • Opcode Fuzzy Hash: 931f4b4c47420b8b66888984831b51a60a9faa7979d37ee2a54303293b22cd55
                                      • Instruction Fuzzy Hash: 9551DD31A01525EFCB1CDF69C484B6ABBB1FF85315F1A81A9E8099F342D731AC42CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • Failed to reallocate the system dirs string !, xrefs: 01230093
                                      • minkernel\ntdll\ldrinit.c, xrefs: 012300A4
                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 0123009A
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                      • API String ID: 0-1783798831
                                      • Opcode ID: 8934fe2464ff1d7d6da1fd281a2c232c24a86ae5318d326ad0eb2748a5d81936
                                      • Instruction ID: 44cdebd34b78590c2176bd993ce2bc64a89f6487ec835ca77b919cb9fd0b22c0
                                      • Opcode Fuzzy Hash: 8934fe2464ff1d7d6da1fd281a2c232c24a86ae5318d326ad0eb2748a5d81936
                                      • Instruction Fuzzy Hash: 7E411575910312ABC729EF68E848F6BBBE9EF84714F40441EFA54D7291EB74D800CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                      • API String ID: 0-2558761708
                                      • Opcode ID: c5f9cd52c4de2534311afa907c02492c167113603197c1b57a3da93cda2eeb7f
                                      • Instruction ID: 4e8377fda9de05bf41484bb0e3944c0398a3f32088d6bd1a172a6caa025c43e0
                                      • Opcode Fuzzy Hash: c5f9cd52c4de2534311afa907c02492c167113603197c1b57a3da93cda2eeb7f
                                      • Instruction Fuzzy Hash: 93112271318142DFDB2DDB19D485B3AB7A5EF82A24F1A812DE00BCB341EB30D841C759
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: $$.mui
                                      • API String ID: 0-2138749814
                                      • Opcode ID: 1b8384d0e2a40adaa247a9c2f88cd31803eaae827d0d28cc69f6d782e3598c19
                                      • Instruction ID: 8f07701d33f794fa4f199c080721192eb80b7d3556b865995ad95859fcc54ab1
                                      • Opcode Fuzzy Hash: 1b8384d0e2a40adaa247a9c2f88cd31803eaae827d0d28cc69f6d782e3598c19
                                      • Instruction Fuzzy Hash: 28426E7290666A9FEF29CF58CC40BEAB7B8BF54614F0041DAE509E7252DB309E81CF51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • LdrResFallbackLangList Exit, xrefs: 011C9A04
                                      • LdrResFallbackLangList Enter, xrefs: 011C99F2
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                      • API String ID: 0-1720564570
                                      • Opcode ID: 185b1a29764d033a304e048b6b49be3ba49d3c90f2a80f8a483602674ad613f4
                                      • Instruction ID: 8526b61c8007d4b0f4e9ea186669b8ca631c7482e77d493d7e0a32a396df0486
                                      • Opcode Fuzzy Hash: 185b1a29764d033a304e048b6b49be3ba49d3c90f2a80f8a483602674ad613f4
                                      • Instruction Fuzzy Hash: 05B1CE3220878ADBDB1DCF18C440B6AB7E0FFA5B48F04896DF98997281D734D944CB56
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: `$`
                                      • API String ID: 0-197956300
                                      • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                      • Instruction ID: 4f837d08da2147cb784088dd696e271b40bd41776d4b55b6830194e35e356a51
                                      • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                      • Instruction Fuzzy Hash: 8E91B2316143429FE724CF29C841B2BBBE6BF84714F19896DF695CB280E774E804CB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: Legacy$UEFI
                                      • API String ID: 2994545307-634100481
                                      • Opcode ID: ad8c1689b8e444be9a5bc198ba6a4f7ec801a6c7a8895b4612075715da35b66f
                                      • Instruction ID: 10bd81aca4e1c0a0aefbc68b7517e8a42f065ad05d3654fab3c4e23b5b534a08
                                      • Opcode Fuzzy Hash: ad8c1689b8e444be9a5bc198ba6a4f7ec801a6c7a8895b4612075715da35b66f
                                      • Instruction Fuzzy Hash: 5A515DB1E206099FDB25DFA8C980BADBBF8FF98704F14402DE659EB251D7719940CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 011C61CE
                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 011C61DD
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                      • API String ID: 0-2876891731
                                      • Opcode ID: a044ba36498a630e1fa1934468f2c64e26d986ddf41405d92e911b0d3fde5ead
                                      • Instruction ID: f687fb87a7f1d81dd225b767c23cb7081cf7ce16004fff3029b01b7833dfbdc9
                                      • Opcode Fuzzy Hash: a044ba36498a630e1fa1934468f2c64e26d986ddf41405d92e911b0d3fde5ead
                                      • Instruction Fuzzy Hash: A541E131A00246DBEB29CFA9C840B7A7BF6FFA5748F144069EA00DB395E735D940CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: MUI
                                      • API String ID: 0-1339004836
                                      • Opcode ID: 1fb00b94874cd8bd1159b93846b0d578cf72a631e8383f5c6b9360ecadd6b596
                                      • Instruction ID: 3ccb8b0d887de9c37b0b38131aa73945f7d0ada6718c6e1ad8f1c2236a7f8c47
                                      • Opcode Fuzzy Hash: 1fb00b94874cd8bd1159b93846b0d578cf72a631e8383f5c6b9360ecadd6b596
                                      • Instruction Fuzzy Hash: 4B726A75E00219CFDB29CFA8C8807ADBBB1BF68B14F14816ED959AB241D7309D85CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 03b7e27c7e3b12d462b7d57f42c7388c7f15879fd4470a0874dfa9aceb7af639
                                      • Instruction ID: 040878de45a972100cd9a6d5edc2c44e44582b7bbc899847717da922dfd0ca30
                                      • Opcode Fuzzy Hash: 03b7e27c7e3b12d462b7d57f42c7388c7f15879fd4470a0874dfa9aceb7af639
                                      • Instruction Fuzzy Hash: 0732D2746346528BEBA9CF2DC1C1372BBE1BF05300F09845AEE868F286D775E552DB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011DB9A5
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID:
                                      • API String ID: 885266447-0
                                      • Opcode ID: cc331b03bbf186101478d61a0eae821cc911cceb1707ddd53df3c610077da511
                                      • Instruction ID: 045f427b9d02d8951e8d0a2443e127f22ce330568b6950a314db4e5da8978778
                                      • Opcode Fuzzy Hash: cc331b03bbf186101478d61a0eae821cc911cceb1707ddd53df3c610077da511
                                      • Instruction Fuzzy Hash: D45169B1A08341CFC728DF29C08092BFBE5FB89644F56496EF68687355E731E840CB96
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: PATH
                                      • API String ID: 0-1036084923
                                      • Opcode ID: 5861ab6beb33c0b6b319957942540f356632861d16314f6b02ac622679884751
                                      • Instruction ID: d63bbfbf2532cb4d8a0abdced286ce05b515f13b4f17dfd06883c71e45358b27
                                      • Opcode Fuzzy Hash: 5861ab6beb33c0b6b319957942540f356632861d16314f6b02ac622679884751
                                      • Instruction Fuzzy Hash: A1C1C271D50A1ADBCB2CDF98D895BADBBF5FF58700F494029E901AB250E7749841CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0122BE0F
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                      • API String ID: 0-865735534
                                      • Opcode ID: 884c189e2f207e31f60259e048dccf1a1e950b97f6055f37bf7e84ccb7608e28
                                      • Instruction ID: d846618d3c4f335024044f49bbff6e8e560decc8608a948014673dd1a624575e
                                      • Opcode Fuzzy Hash: 884c189e2f207e31f60259e048dccf1a1e950b97f6055f37bf7e84ccb7608e28
                                      • Instruction Fuzzy Hash: 2CA11871B10A179BEB29CFA8C458B7EB7E5AF44724F14456DEE06CB681DB30D802CB81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: RTL: Re-Waiting
                                      • API String ID: 0-316354757
                                      • Opcode ID: 4f4e0e49b26bdccdd1b1cc1e6d8a7e60ba1d75ddc1cb6477fbaa21edcf3a555a
                                      • Instruction ID: 265ec59b01da68ebc742e1ab742a9062571da02dd64991e36d3a16c3ebca5e0f
                                      • Opcode Fuzzy Hash: 4f4e0e49b26bdccdd1b1cc1e6d8a7e60ba1d75ddc1cb6477fbaa21edcf3a555a
                                      • Instruction Fuzzy Hash: 4C615731A506069FDB3BDF6CC984BBE7BA0EB44714F150769EA11972C2C734B945C782
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                      • Instruction ID: 6c7b13b0ae976d9d0f0d919969081a218434888a121ffe8fa9eb32693e881fbe
                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                      • Instruction Fuzzy Hash: 8151AF72104716AFC324DF58C840A6BBBF4FF58714F00892EFA9587690E7B4E945CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: BinaryHash
                                      • API String ID: 0-2202222882
                                      • Opcode ID: f39eda21c018857632a33588ee98baea84b820002145317dc89c6af9849f5067
                                      • Instruction ID: f11a8243ecaaa1723b2d99864ab7b5f13cfb037458f959155051686750d06848
                                      • Opcode Fuzzy Hash: f39eda21c018857632a33588ee98baea84b820002145317dc89c6af9849f5067
                                      • Instruction Fuzzy Hash: 534124F291052D9FDB21DA50CC84FEEB77CAB54718F0045A5E709AB240DB709F898F98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: `
                                      • API String ID: 0-2679148245
                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                      • Instruction ID: 1cc3f9a54bde63265f827186fca8a9d96d7ec58bd52fab1ffde9c3561c21b2f0
                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                      • Instruction Fuzzy Hash: 3E31F3322107166FE720EE29CC45F9B7BD9AB84758F184229FA549B2C0D770E918CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 011E40E8
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                      • API String ID: 0-996340685
                                      • Opcode ID: 0dec87fe4ccab1227747bbcd7a96b807637cc447349d60bed2fe8aa76548181f
                                      • Instruction ID: abe26f467be517553069cbdfe96080d1a2958a71055a39dfd6d30b38abdca7d5
                                      • Opcode Fuzzy Hash: 0dec87fe4ccab1227747bbcd7a96b807637cc447349d60bed2fe8aa76548181f
                                      • Instruction Fuzzy Hash: 80416275A00B469ADB29DFE8C4456EAFBF4EF19704F00453ED6AAC3A40E334A545CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: BinaryName
                                      • API String ID: 0-215506332
                                      • Opcode ID: 552e7281ce77bc9290f5ce763efc3185d13c79c345cee774fb8a569c28278d44
                                      • Instruction ID: 9d0a14dc5656cdeda187f1ae645dd9c5fdb01763e10d67ea00d3914a96fbc3d0
                                      • Opcode Fuzzy Hash: 552e7281ce77bc9290f5ce763efc3185d13c79c345cee774fb8a569c28278d44
                                      • Instruction Fuzzy Hash: 4131C3B2D1151AEFEB15DA58C945E6BFB74FBC0B24F024169EA15AB290D7309F00CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 356d331405c8e5ad6ab5fa4ba7a404996983df3a95be03b0a08bf46ce2e01a67
                                      • Instruction ID: 3b98e944e56de5b944b8e31a533d98cd767117fa5f4db3a20016aa68a5a7ca79
                                      • Opcode Fuzzy Hash: 356d331405c8e5ad6ab5fa4ba7a404996983df3a95be03b0a08bf46ce2e01a67
                                      • Instruction Fuzzy Hash: FA31E4B550C7059FC729DFA8D984A5BFBE8EB85658F01092EF99483250D734DD04CB93
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: WindowsExcludedProcs
                                      • API String ID: 0-3583428290
                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                      • Instruction ID: c3d82c5db335375dfd009cb16e3956ac6aae670f1a8ef18e60997e38a71217e3
                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                      • Instruction Fuzzy Hash: AF210A7B640219FBDB2ADA59C840F9BBBADEFA1E50F064429FE048B205D734DD01C7A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      • Critical error detected %lx, xrefs: 01268E21
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: Critical error detected %lx
                                      • API String ID: 0-802127002
                                      • Opcode ID: 573e959c3a1650250cdd6346bb245918895e36b94c136feaca306b8337b58b47
                                      • Instruction ID: a29d737d99cee732e650de78de365f362746ca66f98cac2a61167c684bb5b4da
                                      • Opcode Fuzzy Hash: 573e959c3a1650250cdd6346bb245918895e36b94c136feaca306b8337b58b47
                                      • Instruction Fuzzy Hash: 9F113975D25349DBDF29CFE889057ACBBB4AB18314F20425DE5696B2C2C3740641CF14
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0c27c5eb0811123b38f34d21d225c9b66a0d53809b94a930bb17d475ce5234a
                                      • Instruction ID: 06a86a728e904d0d98b8de8fdaba823d28c26388e8b65a579cff6c781fa7550d
                                      • Opcode Fuzzy Hash: f0c27c5eb0811123b38f34d21d225c9b66a0d53809b94a930bb17d475ce5234a
                                      • Instruction Fuzzy Hash: 60426E7192121ACFDB24DF68C881BA9BBB1FF45304F1481AADA4DEB382D7749985CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d90b1fda1e10ba12c92e886bb3dae4efbc4ca2231c3d169caec25e99b472172e
                                      • Instruction ID: d25053d5d89911cb2727b93e74cf8b5d5ca7e14c36e05705bc5e71d3f0cea060
                                      • Opcode Fuzzy Hash: d90b1fda1e10ba12c92e886bb3dae4efbc4ca2231c3d169caec25e99b472172e
                                      • Instruction Fuzzy Hash: A3226E31A206168FDB19CF59C4906BFF7B2BF89314F28856DDA519B385DB30A942CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96a162ca0ea3f7c9b4460211a1ec288d0485f5acc9713d57247be3a0c34afc02
                                      • Instruction ID: 3cabe753b2d607fd39a6f155fedf5534543bd6615ff2d604217200cd26a0744b
                                      • Opcode Fuzzy Hash: 96a162ca0ea3f7c9b4460211a1ec288d0485f5acc9713d57247be3a0c34afc02
                                      • Instruction Fuzzy Hash: 4B22B471614B128FE729CF18C490A2BB7E2FF88314F144A6DEA96CB395D730E845CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e493cfc47d648e82f79257c52dbf1799ae45fc78b30f73e9c3c8211b70cc8bd2
                                      • Instruction ID: 78bec5e80564c3f1bc8d7f9da9905db06f13929384f34aaced0068f83934cf62
                                      • Opcode Fuzzy Hash: e493cfc47d648e82f79257c52dbf1799ae45fc78b30f73e9c3c8211b70cc8bd2
                                      • Instruction Fuzzy Hash: B0F19F706183128FD729CF19C490A7AB7E1FF98714F45892EF986CBA90E734D881CB52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 248ddba87c5e9f421c2a252923b0574f992b58833fc812428bacbb90a12382eb
                                      • Instruction ID: 104082b4d17aa2ca516644b74cf10a6c1db9e8df1162a2ed98064b5d36a48dc0
                                      • Opcode Fuzzy Hash: 248ddba87c5e9f421c2a252923b0574f992b58833fc812428bacbb90a12382eb
                                      • Instruction Fuzzy Hash: 71F12531618752AFE72ECF6CC45876EBBE9AF85314F08C51DEA958B281D774D840CB82
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d1b43ded240b74716c11905469816883ebb3914905d0e25f4fe3902c74799645
                                      • Instruction ID: 55d5aad33b30e76efb47f09735d75801e6defbdedb48660973908a27cfb7a528
                                      • Opcode Fuzzy Hash: d1b43ded240b74716c11905469816883ebb3914905d0e25f4fe3902c74799645
                                      • Instruction Fuzzy Hash: 40D1AE71A102069BCB1CDF69C8D1AFAB7B4BF24718F05412DEA16D7280F734E955CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5337c3a97ea4890d520caf551db53e0c8c523843446aa6c00c8ca801ae10f16
                                      • Instruction ID: c5734b963eab8e5d2e56917ae32af791eaf55d6577cdb0da1d7364160c074bfe
                                      • Opcode Fuzzy Hash: f5337c3a97ea4890d520caf551db53e0c8c523843446aa6c00c8ca801ae10f16
                                      • Instruction Fuzzy Hash: E1E19F75A00606DFCB1CCF99C884AAEBBF1FF58310F588169E955AB391D734E941CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 24e0e9ded785e69af25006e802d8bae706ea0e33329363a772234c4901011100
                                      • Instruction ID: 1c70a497b5a411b7f93c97ee1b51d6a8735b48d53588989ec180fcb1bf953fb2
                                      • Opcode Fuzzy Hash: 24e0e9ded785e69af25006e802d8bae706ea0e33329363a772234c4901011100
                                      • Instruction Fuzzy Hash: 9AE1F430A0075ACFEF39DF68D884B6AB7B1BF65B08F0541ADDA0957291D7309D81CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea50b665510676e25056c569f8faccef1ceaca915cbff8fa99a9a0791f525fb9
                                      • Instruction ID: 9da96f4281531b79568435643d7252f6d34d58e1af3eebdc035966239cded9d2
                                      • Opcode Fuzzy Hash: ea50b665510676e25056c569f8faccef1ceaca915cbff8fa99a9a0791f525fb9
                                      • Instruction Fuzzy Hash: 6CE1FF71E10618DFCB29CFA9C984AEDFBF1BF48300F24452AE566A7265D731A891CF10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f58d0345607aa422c7d91644cac1545a27443f82aba38b21c795354e54bcf2bf
                                      • Instruction ID: 4a503d1cd446af6eaa8d89d8f872d78f13102610bfdcd8443949f31c83b2fe09
                                      • Opcode Fuzzy Hash: f58d0345607aa422c7d91644cac1545a27443f82aba38b21c795354e54bcf2bf
                                      • Instruction Fuzzy Hash: 6AD121B2610602EFC729DF28C980BAAB7E9FF58B08F05452DF58997250D774EC41CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                      • Instruction ID: 3a84b178aeafcc85e196ee0c71e191ba1a8a4b144a10355b35a2138dd7070b90
                                      • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                      • Instruction Fuzzy Hash: 76B1E331B18616EFDB1DCBA9C890B7EBBF5AF45204F160169E642D7381DB70E900CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1f3b0674270dab76facbaae894d0948bb3624fb7939d6e70f300c6cc7679ddfa
                                      • Instruction ID: a803ce735fd583fa48149c9c0aeda92fd5fd217b978bedb9e08f8ea8d93e7cc5
                                      • Opcode Fuzzy Hash: 1f3b0674270dab76facbaae894d0948bb3624fb7939d6e70f300c6cc7679ddfa
                                      • Instruction Fuzzy Hash: 69C113755083819FD358CF28C580A6AFBF2BF88308F18496EF9998B352D771E945CB42
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f847981cad62361a98a5a0190ffd74f09edae6dad06bee10b02f95b10b3ed3f8
                                      • Instruction ID: 6bdad1b192a2988084324a1299aff4d58e827a1e239107abdeb86c068b0a9f57
                                      • Opcode Fuzzy Hash: f847981cad62361a98a5a0190ffd74f09edae6dad06bee10b02f95b10b3ed3f8
                                      • Instruction Fuzzy Hash: 02912C31F00666AFEB39ABACD848BBD7BE4AF05714F050265FA11AB2D1D7B49D40C781
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 50c7a8b62bc4a2fdf7479fcff11deb09e8a94295a73b06267ec44d7cbe80e9a6
                                      • Instruction ID: fb82f6589401e7983c5b718e400a8a006db24045487d52c8e7583fe60da4032c
                                      • Opcode Fuzzy Hash: 50c7a8b62bc4a2fdf7479fcff11deb09e8a94295a73b06267ec44d7cbe80e9a6
                                      • Instruction Fuzzy Hash: 01A17F74900A06CFDF2DCFD8E4487A97BF0BF1A358F584559D9219B292E771D882CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 06f4ffb8fdfa54c10addbc4b768887b95494f59316b2eebf326d09accbd81741
                                      • Instruction ID: 6a78c0283c3bb2f72e85ee00f7bd15cefdf5314ff38bc6e7da9feb6278f71602
                                      • Opcode Fuzzy Hash: 06f4ffb8fdfa54c10addbc4b768887b95494f59316b2eebf326d09accbd81741
                                      • Instruction Fuzzy Hash: 5C81E5B1A1012A8BDB39CB28CD40BEAB7E9EF54304F0445A9DB05E3285E7749DD18B94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                      • Instruction ID: 60a8acd56a685201869e0f6eb7c6ab442b3db4625082aeeba850daf1ec42e986
                                      • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                      • Instruction Fuzzy Hash: 76819971A00746AFCB29CFA8C445BEABBF5EF48310F14856AE956C7751D330EA51CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5dfce5b724839f4501703f3f106625e6983c6322af9479bbd05fc93c9bd7dd9e
                                      • Instruction ID: f458ec819fb942b3b3fd677b39dc643cc4fdaf11743b87e573531a819b777cc0
                                      • Opcode Fuzzy Hash: 5dfce5b724839f4501703f3f106625e6983c6322af9479bbd05fc93c9bd7dd9e
                                      • Instruction Fuzzy Hash: 4D71FF72224341AFD711DF69C884A6BBFE8FF88754F04482DFE498B255D630D808CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 09729920ca8257df8aa08c937bd91a06111e29272e7f38c2784d6df07892ef88
                                      • Instruction ID: 147a76375f2335a4603a2c8401c0b8f004c01b462b4f876f3eaaa437478b3d01
                                      • Opcode Fuzzy Hash: 09729920ca8257df8aa08c937bd91a06111e29272e7f38c2784d6df07892ef88
                                      • Instruction Fuzzy Hash: B3712232220706AFE73ADF28C845F66BBA5FF44724F154928E755876A0EB75E940CB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                      • Instruction ID: 99e432c48d0396be81105dc1d88c929c6c36643034cd071157741e0a865f920f
                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                      • Instruction Fuzzy Hash: 4C718FB1A1061AEFCB15DFA8C984EEEBBB9FF88314F104169E505E7250D734AA41CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1a53004e97e6bafcefba1b90f74cccbcba1fad6ca47989532078f6bd287805d5
                                      • Instruction ID: 81ee98f3615692882cba68a6f89b10d29cc33fa440177c8bb5c19ff88020a237
                                      • Opcode Fuzzy Hash: 1a53004e97e6bafcefba1b90f74cccbcba1fad6ca47989532078f6bd287805d5
                                      • Instruction Fuzzy Hash: 3E610F36A042168FCB2DCF5CC4806AEBBB2EFA5B10B1980ADE955DB345DB34C943C791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fdc937618cf7fc63fa0537865b65c7f88f4abca9991983b68bb2d959290dbc62
                                      • Instruction ID: b57a0444bd0e1e58297abb6667d11de3736b8a7a45a23247e79a30cbea370c6d
                                      • Opcode Fuzzy Hash: fdc937618cf7fc63fa0537865b65c7f88f4abca9991983b68bb2d959290dbc62
                                      • Instruction Fuzzy Hash: 2F51CE71A10706DFCB28DF69C8C4AAAB3E9FF54309F20482DE112C7A11C774E895CB81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9eb7729f9dd061c229f3098708756eeac49c8e70a269f5f9c61cd5b57c72d61d
                                      • Instruction ID: f1e927a61a09f4d173d27f4388ae11677dce757bbeb99497544261cfdceea5fe
                                      • Opcode Fuzzy Hash: 9eb7729f9dd061c229f3098708756eeac49c8e70a269f5f9c61cd5b57c72d61d
                                      • Instruction Fuzzy Hash: 44510471D2029A8EDF35EF68C840BBEBBF1AF10314F1142ADD95DAB286D7704941CB81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e74acf1ec98c37ba0fd023be3f80ff2ce3648d49871a7cbf42e3c920b58c2544
                                      • Instruction ID: b1252de1f6d6dab34e27df3a43c045b67ca985cabec46e94f712743a011d4a3d
                                      • Opcode Fuzzy Hash: e74acf1ec98c37ba0fd023be3f80ff2ce3648d49871a7cbf42e3c920b58c2544
                                      • Instruction Fuzzy Hash: 3051CE71A10A1AAFDF1DDFA8C848BBEB7F5BF58319F00412AD51297290DB74A950CF81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cc6b28cfdcee505706075993d2b662737367fe3d27a1466eb88892c019e248aa
                                      • Instruction ID: dbcdffce5267c5d28f17338735f8678f11659f083f74f71692446ca9e2b65cde
                                      • Opcode Fuzzy Hash: cc6b28cfdcee505706075993d2b662737367fe3d27a1466eb88892c019e248aa
                                      • Instruction Fuzzy Hash: 8E51EF326247438FE315DF28C995B6BBBE0FF90318F18046DEA458B290EB74E805CB81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5ee782fd1f51961633e36457b755cd0617a58e343fdc57646a0a5f6c06d3c364
                                      • Instruction ID: b9da90fa00012a31bee1be839a49fa43f69302142c321c23267ed4d0c7a63808
                                      • Opcode Fuzzy Hash: 5ee782fd1f51961633e36457b755cd0617a58e343fdc57646a0a5f6c06d3c364
                                      • Instruction Fuzzy Hash: 3B51EB31146742ABD329EF28C885B6BBBE5FF64718F14081EF58583651E770E844CBA6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8e5d0fd4ca1a98018fc34195704fff8176cf018fe0af534fd46e5f007d525113
                                      • Instruction ID: edae9c8727bb78313ee149bb9992ff5792cea9807d4c25ec3e5cc55c0ac93cf6
                                      • Opcode Fuzzy Hash: 8e5d0fd4ca1a98018fc34195704fff8176cf018fe0af534fd46e5f007d525113
                                      • Instruction Fuzzy Hash: 4A51B476B009258FCB1CCF9CC8A89BDB7F5FB8870071A845AE8469B315D734AE51CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e493c08825d8e552091bd3fb880cb68eacec7fa9b68afe6198f7c1d5d3813b66
                                      • Instruction ID: 542f20d656515b94b6d223f8ae386c8f33b199af51b5fd11ede9d4fd5a5aaf71
                                      • Opcode Fuzzy Hash: e493c08825d8e552091bd3fb880cb68eacec7fa9b68afe6198f7c1d5d3813b66
                                      • Instruction Fuzzy Hash: 4C51F872A20609AFDB16CF68DC41BAFB7B5EF44314F058569EA15EB280D7749A04CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 068790ac7b5bdfa5e4560b440a80abe8bc99720cd53549690b1e193ea2438409
                                      • Instruction ID: 6cb4b981759d154bdb3563d3ed98c9680937f6aaae5948c20a7d05b1eb33d87f
                                      • Opcode Fuzzy Hash: 068790ac7b5bdfa5e4560b440a80abe8bc99720cd53549690b1e193ea2438409
                                      • Instruction Fuzzy Hash: 6551A171618751AFC704DF69C848A6AB7E9FF88218F14492EF9A9C7281D730D905CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b289a6044682149f3667ae0f64b801292cf6ba98fbd367a4f2954e7a9fb81a50
                                      • Instruction ID: f68fff4f094fd31e7573a1204ce8ccffd96d9a3cc745aebf8214f5306d24f74a
                                      • Opcode Fuzzy Hash: b289a6044682149f3667ae0f64b801292cf6ba98fbd367a4f2954e7a9fb81a50
                                      • Instruction Fuzzy Hash: 8151CE71E00616DFCF18CFA8D480AAEFBF5BF48310F25815AD555A7384EB34A944CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                                      • Instruction ID: 4b07b9eeceb7c23b755019c33a1eddeddb408c87037cc53f7d8e97a311dca09a
                                      • Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                                      • Instruction Fuzzy Hash: 7C517C35E00625DFCB19CF98C480AAEF7B1FF89714F2442A9DA15A7791D734AE81CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b1c2edead7cb39c142acf13a5e7d3e9610dbd2c69c5753d00a30ca591dc7e57
                                      • Instruction ID: 7551a8a242c95d31f88c471540d692ae29b0aa5a293b72ea03a448af9c99669d
                                      • Opcode Fuzzy Hash: 5b1c2edead7cb39c142acf13a5e7d3e9610dbd2c69c5753d00a30ca591dc7e57
                                      • Instruction Fuzzy Hash: 70519E3190061AEFDF29CF98C854AEEBBB9BF88354F158119F9146B260D7358D52CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e5b371319c8f00b2749a046120aed61cd7fcfb29bcde96fd78439ee98b8d34fe
                                      • Instruction ID: 6f0abe2819502e4a61802e2d7cbcea042775f7b7ad0692514b07a391f37265fc
                                      • Opcode Fuzzy Hash: e5b371319c8f00b2749a046120aed61cd7fcfb29bcde96fd78439ee98b8d34fe
                                      • Instruction Fuzzy Hash: DD4117366143129BC328EF28C880B6ABBE5AF64714F110929FD9597391E770DC46CBDA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4839f1c8335cadea8d1044befddffc9b0bc5bf72ffb9c5c7504124d17fca78a
                                      • Instruction ID: 744f0524a2bec73dab28c1809b661c46dd5fbad863694dbac1aeb775e005d40d
                                      • Opcode Fuzzy Hash: a4839f1c8335cadea8d1044befddffc9b0bc5bf72ffb9c5c7504124d17fca78a
                                      • Instruction Fuzzy Hash: CE41E736A00629ABDB29DF68C944BEE77F4EF55700F0104A5EA08EB641DB74DE80CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 315506ef6472abc40ce04e77eaaca6f940d4ee05ee31db510d8d2715cc10932b
                                      • Instruction ID: 92d78243f918d542505de0074e161d9314a03a68badf56053186b65b4789f12f
                                      • Opcode Fuzzy Hash: 315506ef6472abc40ce04e77eaaca6f940d4ee05ee31db510d8d2715cc10932b
                                      • Instruction Fuzzy Hash: 22410871A44728AFEB3ADF54CC88FAAB7E9EB54714F000099E905D7681D774DD40CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c830c114911c96bf63052c1f1767081f4b4f7167b6e358dc2383d963275b6b82
                                      • Instruction ID: 73ce4e997956341d2eb8554da9c2f252ecd9d2840c4b82c74b7fc31b3ec9a21f
                                      • Opcode Fuzzy Hash: c830c114911c96bf63052c1f1767081f4b4f7167b6e358dc2383d963275b6b82
                                      • Instruction Fuzzy Hash: 3E41D371A10217EFEB2DAFACC840BAEB6B5BF58718F140019E642E7291E7749A038751
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                      • Instruction ID: 1a49df56e5852f9398d7d6d05a9c0dfa48db4517ab0f783dc4950d6800ef009c
                                      • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                      • Instruction Fuzzy Hash: 2B410336610146EBDB2DDF68CC91BAF3B79EF41B14F094068EA029B280D771DD01C7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                      • Instruction ID: 5a2fdd836a06f3d36190ead21057bac32a4eaffd5fca8e65ffe31fe4dae85b30
                                      • Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                      • Instruction Fuzzy Hash: 39413E71A00605EFDB28CFA9D9D0AAABBF9FF08310B21496DE556D7650E330FA44CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98806ff3900a8a66c588b2496e27b4deaaa1ba9e0fa481b592c66c5b0a98cee6
                                      • Instruction ID: 614c33ec2a8a5985d08a1527e41c45964b08aa63a4e291765561d6a72b18b258
                                      • Opcode Fuzzy Hash: 98806ff3900a8a66c588b2496e27b4deaaa1ba9e0fa481b592c66c5b0a98cee6
                                      • Instruction Fuzzy Hash: 5B41DD35945605CFCF29DF68D8807AEBBB1BF78B58F490119E4116B396C371C940CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14a6b8142f5f98baff0b3a45550b9263ac9709ce0195638f8e0abfdbc0b00021
                                      • Instruction ID: d97b81c6c6ad46766031ff6af345897bdcb2c4c39a12c059d2cb9b840a1c92a1
                                      • Opcode Fuzzy Hash: 14a6b8142f5f98baff0b3a45550b9263ac9709ce0195638f8e0abfdbc0b00021
                                      • Instruction Fuzzy Hash: C24160B4A0022D9BDB28DF59C8C8BA9B7F4FB64700F1145EAD91997252E770DE80CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                      • Instruction ID: 8162b04ee0bba5a5919e564fc043f06879fc91bedb29103601c30a9c1cdaba7f
                                      • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                      • Instruction Fuzzy Hash: 2B310632F106066BEB159B69C855BBFFBBAEF90220F0D4469E905A7291EA749D00C750
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 57cb86b14a3af7fdf3b2c3739e174f6bbce696d309c80a6fe7e78a3e5a53daf6
                                      • Instruction ID: e2696ec8f5f164d13bcbed0b362d30057dea6391c4943afefd2c6da1f2f8fd8b
                                      • Opcode Fuzzy Hash: 57cb86b14a3af7fdf3b2c3739e174f6bbce696d309c80a6fe7e78a3e5a53daf6
                                      • Instruction Fuzzy Hash: 594194B0901B09CFCB29DFA8C948B59B7F6FF94318F55829DD1168B291D7309941CB41
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                      • Instruction ID: 9b36fbbe496584dca85d11a914585a4e5de9d65eb990ec10f25d87f6b10245a8
                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                      • Instruction Fuzzy Hash: E6314A323286426FD3229B6CC945F7B7BE5EBC5650F084458EA558B781DB70DC41C760
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dfff9f1fb1965436a302a52f8e15f667b2ba8fab992492d631cc4532c4d80014
                                      • Instruction ID: 16dbec24f80fa78f391af240b6288c0ccbc3a3742ef300688f3c2a21c12e3804
                                      • Opcode Fuzzy Hash: dfff9f1fb1965436a302a52f8e15f667b2ba8fab992492d631cc4532c4d80014
                                      • Instruction Fuzzy Hash: 1C31A4306142068BEB2DDE29CEC46BA3799FBD1659F244C1AEB118B1D1D731C481CF56
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                      • Instruction ID: 8d7306bfeda6c232d1edd252064fee7323c4bf5165fbcc2cf10208da3d008dba
                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                      • Instruction Fuzzy Hash: FB31D2726147069BC719DF28C880A6BB7AAFFD4214F05496DF65287681EF30E805CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3651046514608e9ee2eb646ccb10efd9b70ff9d33f51a565daa11e067fc01c68
                                      • Instruction ID: 1eaed248358ea63d97d5607866b6f20d5d6e562bb725231c42c03980e3031d48
                                      • Opcode Fuzzy Hash: 3651046514608e9ee2eb646ccb10efd9b70ff9d33f51a565daa11e067fc01c68
                                      • Instruction Fuzzy Hash: AD415EB1D00209AFDB18DFA9D940BFEBBF9EF48714F14812AEA14A7250DB749906CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4b3b68d5729e1255827e97e80845261addc95265162e68c9fe245eb40ed82faf
                                      • Instruction ID: 2c39190dbfc40eec02448f4cc5a6051ef2c168916179c8a493fac054882c55e9
                                      • Opcode Fuzzy Hash: 4b3b68d5729e1255827e97e80845261addc95265162e68c9fe245eb40ed82faf
                                      • Instruction Fuzzy Hash: 69315931262602DFC72AEF18C881F7A7BB6FF30764F51462AF5150B1A4D770E841C695
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23f16684644280205e89238a3532b6b2f732d00ff6a532282be2d8a2f3364397
                                      • Instruction ID: f210863ca1a7753a08362a1565d618d656a64b9c0029a89dcd4a1078db4b4216
                                      • Opcode Fuzzy Hash: 23f16684644280205e89238a3532b6b2f732d00ff6a532282be2d8a2f3364397
                                      • Instruction Fuzzy Hash: FC31DE31A21621DBD72D8F2DC841A7EBBE5FF55700B06806EEA59CB391E730D841C791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                      • Instruction ID: 72a8450f0b72003d32d9a5f77359d53d16f1dcedceeeac905e4a05ce9d021875
                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                      • Instruction Fuzzy Hash: AF314672A0558BFED70DEBB4C480BE9FB55BF62208F08415ED51C47241DB396A0ACBE6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 17a73229894a0733a118cdc3513374a74013bfd7ce3b816c4f8ab29f4cf4a666
                                      • Instruction ID: 9435aeaa5e89c6cb89be4cd9a21902fef1b8e83c3dd3bb3d83d1aec4dea036b0
                                      • Opcode Fuzzy Hash: 17a73229894a0733a118cdc3513374a74013bfd7ce3b816c4f8ab29f4cf4a666
                                      • Instruction Fuzzy Hash: F131E4B26147529BC724DF28C840A6AB7E9FFC8700F044A2DFA9597690E730E904CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 27b19957353f8233d72990df854a8c9591cc2ab3093525bb1c05fd664ebf8ce3
                                      • Instruction ID: 0d1a74fda72e223b38a317ed07191de894e28ba6a1b61aa721e46a08a4ebf7ee
                                      • Opcode Fuzzy Hash: 27b19957353f8233d72990df854a8c9591cc2ab3093525bb1c05fd664ebf8ce3
                                      • Instruction Fuzzy Hash: F0412834619B568FDB25DFB8C4043AFBAF2BF21308F14051DD185A7341DB755A09C7A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 60dddb9b3602f5e7892e9fb07d9d58e4deaad6bde8413fb53c8d14c4c1f9bf04
                                      • Instruction ID: 1b9a40b4de2cf38a10dfdc5babac002ae097e4431cca6fdb6b8a41fd9c32828a
                                      • Opcode Fuzzy Hash: 60dddb9b3602f5e7892e9fb07d9d58e4deaad6bde8413fb53c8d14c4c1f9bf04
                                      • Instruction Fuzzy Hash: 62317772A19302DFC718DF18D98481ABBE9FF85714F44496EF9989B281D730ED44CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1fa3176a7464a78d4d25d247d48e659fac75ddeff945ec1cc8b40cf6d4da0aa1
                                      • Instruction ID: 63be12fa9a644e7345a38f283368b70104d1b8196dd4a669df55ad67c2f3c5e7
                                      • Opcode Fuzzy Hash: 1fa3176a7464a78d4d25d247d48e659fac75ddeff945ec1cc8b40cf6d4da0aa1
                                      • Instruction Fuzzy Hash: 59319232E5121AAFDB25DEA9C980AEEBBB8FB04750F014529E925D7250E7709A108BD1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76bfd152b94b4180e966b1f24d86ba446053e66dffe4a70d6815935df27a6126
                                      • Instruction ID: 06cd8f284d6b98b803ea97f335f205be8971043de1695933c03ce2c9001c99ee
                                      • Opcode Fuzzy Hash: 76bfd152b94b4180e966b1f24d86ba446053e66dffe4a70d6815935df27a6126
                                      • Instruction Fuzzy Hash: DB31F672A20217EBDB169B99D840B6FBBB9EF54724F180069F615DB340EBB0DD018790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 067deeb0f53d13dcf03e2932cdac971491db24bb5e225989a6f69bc0b46e17d1
                                      • Instruction ID: 9f502c3d366eb868c52a294f5b1ecd7793e9a52ec74a10c66102d4f8ebfd5241
                                      • Opcode Fuzzy Hash: 067deeb0f53d13dcf03e2932cdac971491db24bb5e225989a6f69bc0b46e17d1
                                      • Instruction Fuzzy Hash: 4F31EF716187129FE324CF4DC804B2ABBE4FFA8B00F04486DEA8897351E7B0E840CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 71bcd71849009308d68fe3d7a2d70cb2b49043782290204743cefe5d5195b05e
                                      • Instruction ID: a1a82c1e686189839a6d55281102456ab45d43e57fcfc316492a4c7c91d1bf85
                                      • Opcode Fuzzy Hash: 71bcd71849009308d68fe3d7a2d70cb2b49043782290204743cefe5d5195b05e
                                      • Instruction Fuzzy Hash: 6B31F772A0051AABCF19EFA8CD81ABFB7B9FF54704F414469F905EB240E7749911CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4e8ab50cc875ad9022ab41d041a9587004e1ea3611da6726eb2df668c9f3e753
                                      • Instruction ID: ef13842bea2a5402807155d4a6d2ec19abd0c0b4b05aebf8beba8c92d1f554d2
                                      • Opcode Fuzzy Hash: 4e8ab50cc875ad9022ab41d041a9587004e1ea3611da6726eb2df668c9f3e753
                                      • Instruction Fuzzy Hash: B73100322156129FD72ADF18C944B2BBBA5FF81B14F45452DEA560BA41C7B0E808CB8A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
                                      • Instruction ID: 3ef0f81c4e0f8d821b681b11874cdab9900d640c65f35a7643ebf69458fd0988
                                      • Opcode Fuzzy Hash: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
                                      • Instruction Fuzzy Hash: 5C3122B2600504EFDB15DF18CC80F5ABBAAEF99654F294099F948CB381E635DD41CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8f83fd75e7fc5b53422b23aaaab643c8163192e8d6b76ce6a4ae46c8a383c807
                                      • Instruction ID: 23ec0e0d82c965364ebf548aa44dfc3c7d680acc24b67ffb8cdfc4d627cb3606
                                      • Opcode Fuzzy Hash: 8f83fd75e7fc5b53422b23aaaab643c8163192e8d6b76ce6a4ae46c8a383c807
                                      • Instruction Fuzzy Hash: AD31C5B5A11249DFEB2ADF6CC0C87ECBBF1BB58328F58814DC61467281C334A981DB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                      • Instruction ID: a121778d72a655e3c84eaa2f0758c7e9653d04a232284e5523db60445a0af388
                                      • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                      • Instruction Fuzzy Hash: D8317C31600A4AEFD729CFA8C888F6AB7F9EF44354F1445A9E915CB290E770EE01CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                      • Instruction ID: 4b85dd92eeb76c6ce6d64771587db47d73b865629ce6928030166510d27d36d7
                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                      • Instruction Fuzzy Hash: 61217C72600529FFD72ACF99CC84EAABBB9EF85744F154055FA05A7250D734AE01CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7a8fd4791d4e8dd2623f8007ef4ee546dc68ffca23cce3e7d46f3980b2f700ab
                                      • Instruction ID: 2dd521da47651c1c1800dfddad4208b107266f388af3d22665572b262216c5ac
                                      • Opcode Fuzzy Hash: 7a8fd4791d4e8dd2623f8007ef4ee546dc68ffca23cce3e7d46f3980b2f700ab
                                      • Instruction Fuzzy Hash: 4421BF79211A91DFE32ECF2CD094B7A77E4FB51704F0944A6E9828B691D738E882C720
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b3cd9f715b6a3c0a99a9765fa0b13651d73f90785575574eb7cb3bbf40fe64f
                                      • Instruction ID: d973027fddd481245191ff1804bd10f2fb90d451f4687e4d42d10ea7cfded6d9
                                      • Opcode Fuzzy Hash: 5b3cd9f715b6a3c0a99a9765fa0b13651d73f90785575574eb7cb3bbf40fe64f
                                      • Instruction Fuzzy Hash: 7431CC31201B04DFD72ACF2CC844BAAB7E5FF88754F14856DE59A87B90EB75A801CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02e36ab2140ce03c0d5d21a8d8a9fd4216c9bd91e8141fe532747e0aeed2c9b4
                                      • Instruction ID: 21a1f0f26ef64f92610bf1f829201b0dfcad872757fb8403ffcf3c1575931ee2
                                      • Opcode Fuzzy Hash: 02e36ab2140ce03c0d5d21a8d8a9fd4216c9bd91e8141fe532747e0aeed2c9b4
                                      • Instruction Fuzzy Hash: D031F374E212298FCB51DFA8D888AECBBF9BF58740F184169E901F3251E770A850CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 55fa997b77c4d3302042a48958c971d3e22f4689b092c627ba14a6a3bcb81b4b
                                      • Instruction ID: 7ebcaba33637005e88c515fa345909d894ded1678cd88935dd020c223435ea97
                                      • Opcode Fuzzy Hash: 55fa997b77c4d3302042a48958c971d3e22f4689b092c627ba14a6a3bcb81b4b
                                      • Instruction Fuzzy Hash: 7E21F23AA12516AFDB21AF49CD84F5ABBB4FF45710F018065EE049B298D334ED40CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 142203b0ff6af86a41a8d579158c09a07c738670590537bfff1ad94f4237468c
                                      • Instruction ID: 56ae1cee5caa1417f83d8c7fed9623e8399c4636daf45020b5b631dd3f7c9b6f
                                      • Opcode Fuzzy Hash: 142203b0ff6af86a41a8d579158c09a07c738670590537bfff1ad94f4237468c
                                      • Instruction Fuzzy Hash: 1E212E31510602DFDB3E9A38D884B6777E5EB50724F108719E253469E6D730A841CB8A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                      • Instruction ID: 657c10d6693d486f0773377e99fa70a585a0d64f8dbb878c43a311d43164b527
                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                      • Instruction Fuzzy Hash: 7E217F71A00309EFDB25EF59C844EAAFBF8EB54324F15887EFA45A7211D330A914CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ce4b9e7c44ad96e7315e0a0326a7b8ef14b4acc193a201742977471a3a7a5dde
                                      • Instruction ID: fc2d1473bcc681d59459881796bbc75463581ee739774fe6b070d9244a4e6ec7
                                      • Opcode Fuzzy Hash: ce4b9e7c44ad96e7315e0a0326a7b8ef14b4acc193a201742977471a3a7a5dde
                                      • Instruction Fuzzy Hash: 8321A1B2A00509AFC718DF98DD85F5ABBBDFB44708F250069EA09AB251D371ED15CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                      • Instruction ID: e471f8674e9a8202874e95ed494feb0ea7ed4c8f45e74d6aa646b04c3e7d0d01
                                      • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                      • Instruction Fuzzy Hash: 2E31DD31900625DFC72CCF68C0C06B9B3F4FF48A10F25C669C86A97A22E770A940CB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 04a609ace1f7d28019a8cf732fe4094c30927b6aa567276d043a1702ccad3a0c
                                      • Instruction ID: c32d56525a82018610647870c8971e92563030923c66dd4f928a096846b41dac
                                      • Opcode Fuzzy Hash: 04a609ace1f7d28019a8cf732fe4094c30927b6aa567276d043a1702ccad3a0c
                                      • Instruction Fuzzy Hash: AD216E316156C29FF72A976C8C04F393BC49B61B38F190764FB20976E2DB789440C211
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 016160dd9861a097cfcf25bd205c04f867fcd52d7608ae0202a4f9640e61af1e
                                      • Instruction ID: 092d5d1e5e0c893d2be53aff1062e04748db55486448c2bf0383b12046afefa3
                                      • Opcode Fuzzy Hash: 016160dd9861a097cfcf25bd205c04f867fcd52d7608ae0202a4f9640e61af1e
                                      • Instruction Fuzzy Hash: 7E11E135911306ABCB78EF68C580AFABFE6AB24714F15016AF94697680E731C881CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                      • Instruction ID: 79d14ba61fb668801e953a724edc83ed1070b1ec18a95fcb6966ef0e2ea918ef
                                      • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                      • Instruction Fuzzy Hash: 0611E673600605FFD7299F54D880FDABBA8EB84764F114029EB058B550E771EE45C750
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                      • Instruction ID: 8a8f42667aeb62af231a8278b67764b2fd7a7b400ba2e3adf162134d881607c3
                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                      • Instruction Fuzzy Hash: AE21AC72600A52DFD739CF8DC544A6AFBE5FB94B10F22846EE94587B11D731AC42CB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5f07fc98f8e8b54a70c7162a1f4bf79bb710fbffe9613f27d3e5390b15a77f19
                                      • Instruction ID: ee4d46ac3db9560293ba31faca96ad1dc6a04a6fd6045d93e17fc11122dd262f
                                      • Opcode Fuzzy Hash: 5f07fc98f8e8b54a70c7162a1f4bf79bb710fbffe9613f27d3e5390b15a77f19
                                      • Instruction Fuzzy Hash: 6D213871604A00EFD738CFA8D884B6AB7E9FB48760F55882DE59AC7651DB70A840CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f04d70e1b96213b6f3912d3073e8888defd291af9affd31bee5c6f87812204bf
                                      • Instruction ID: 50fefff14a065b00dd3f847454d9323d7134d875595b3ee1a708eb8c6c232335
                                      • Opcode Fuzzy Hash: f04d70e1b96213b6f3912d3073e8888defd291af9affd31bee5c6f87812204bf
                                      • Instruction Fuzzy Hash: 5C113839251662DFE32D8B2CE1E0779B3E5EF06708F08045EEA8287751E369EC99C750
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d905ee32357d3a9d3fcda7b05ab74425b3d6da24d64cae62f829b6872fe6268d
                                      • Instruction ID: a8b65d013a8171b0e6e255e7978ef0f45ffd99c66ab5520efa06a0947c12cddf
                                      • Opcode Fuzzy Hash: d905ee32357d3a9d3fcda7b05ab74425b3d6da24d64cae62f829b6872fe6268d
                                      • Instruction Fuzzy Hash: D1116F377195115FCB1D8A598D4262F72A7EFC5730B29412DEE16C7B80CA319C01C694
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ba8caa24044aeb2927d2c5faa9452e3f40eb8259e90446a75faf916443792a24
                                      • Instruction ID: 8838a7c2822b818ba3b0d3db322985a72d82d940abf722e9a45290e8c548792b
                                      • Opcode Fuzzy Hash: ba8caa24044aeb2927d2c5faa9452e3f40eb8259e90446a75faf916443792a24
                                      • Instruction Fuzzy Hash: 602189B2051A01DFC32AEF68CA84F59B7B9FF18708F41456CE209866B2CB34E942CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                      • Instruction ID: c15581e1bac06443b48e48f894931756bec3cbc1eb65663221333c5087d6af36
                                      • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                      • Instruction Fuzzy Hash: 57119331910705EFDB2ACF64C944F6AB7F9FB85314F148699E4119B281EB71A842CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                      • Instruction ID: ebeda5e5e594a638648893aba0276e29ed56f6cc34a056ce694ff170858a45d9
                                      • Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                      • Instruction Fuzzy Hash: 05110433610919EFDB19CB58CC01AAEBBB5EF84310F0582A9EC4597380DA31AD51CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 09073faf47aee246a22ea13413a7260879717164cfdb78824ef06099f158e8f0
                                      • Instruction ID: 1918f2adc6d756d35fe7e212f3b021665a81d716f22e8434a4623eaa8b7053bd
                                      • Opcode Fuzzy Hash: 09073faf47aee246a22ea13413a7260879717164cfdb78824ef06099f158e8f0
                                      • Instruction Fuzzy Hash: 30216AB5A21742CFC72DEF68E444B24BBF1FB95355BA0826EC2098F299DB319491CF00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a5634a1b2434a1722151344aa1c267f76330eef6ddeb33e6f21d372dce5c374d
                                      • Instruction ID: f4c60c719a9d773f2898705daddbe761ce193e6525f933b863db67310deef21e
                                      • Opcode Fuzzy Hash: a5634a1b2434a1722151344aa1c267f76330eef6ddeb33e6f21d372dce5c374d
                                      • Instruction Fuzzy Hash: 04112636354680ABF32E932DCD44F663BD8DFE1F94F190069FA018B2D1EBA4D801C161
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6be7d5af79f0223ada61583da1db36157b59374baa07af894c1cd922f9cf6160
                                      • Instruction ID: ea828b764c755684bbef28468e934c9ae834485558b7203456a13a7e47ae607f
                                      • Opcode Fuzzy Hash: 6be7d5af79f0223ada61583da1db36157b59374baa07af894c1cd922f9cf6160
                                      • Instruction Fuzzy Hash: A2118E327087526BE73C966DAC58F25B7CDFB64721F0C802AF603A7280C7B0D8018B55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cf33701f400f3b3ba71bb9c50dd63966fadd60291e6b4640b5ef94226f05f098
                                      • Instruction ID: 8242088a0a2f97089f0a492823d29646fcaaceb8451a483071f9ec84f2ad864a
                                      • Opcode Fuzzy Hash: cf33701f400f3b3ba71bb9c50dd63966fadd60291e6b4640b5ef94226f05f098
                                      • Instruction Fuzzy Hash: B411E131728617AFC724AF3CEC85A6B7BE5BBA4614F40052DEA4183651DF61EC14CBD2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                      • Instruction ID: 2d50e63596cf404226195db36e0784701c210010f212f6c9feaeb27b758a851e
                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                      • Instruction Fuzzy Hash: 18110C32B11AD29FD72BA76CC948B393BD4AF45798F1A00A0EE0497692E368D841C251
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: edefbd030c4826180506adbfc982c481982abebbc8d3fb186f45770fdb3f44d7
                                      • Instruction ID: 55f332f35e63323fb0396ff036b0d4202cde2110a1dd1b9d0e54dadc68506c34
                                      • Opcode Fuzzy Hash: edefbd030c4826180506adbfc982c481982abebbc8d3fb186f45770fdb3f44d7
                                      • Instruction Fuzzy Hash: 8F01A4B39116099FD32D9F18D880B56BBA9EF85729F264066E6058B692C378DC42CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae2132dcbcabf6fcbcfa5111303999d369f03b1be621412b7d7d84648c6b08a6
                                      • Instruction ID: d1905aae859a449c284a1d7f704245e0c530162fca43d3dae816e332bc8a28a9
                                      • Opcode Fuzzy Hash: ae2132dcbcabf6fcbcfa5111303999d369f03b1be621412b7d7d84648c6b08a6
                                      • Instruction Fuzzy Hash: AA01D472102605AFD32A9A65CC84EA7B7AEEF95B64F154169F5268B281CB30DD02C790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 48659dc12d65da90f3cab47af8b164ba0970baddaeead2601a1d2e12cb91477a
                                      • Instruction ID: ce3061788fe91e068f7886d6b1bc325aba35b032d590bd57ebb7c2884c8abdd4
                                      • Opcode Fuzzy Hash: 48659dc12d65da90f3cab47af8b164ba0970baddaeead2601a1d2e12cb91477a
                                      • Instruction Fuzzy Hash: 10114876611961DFCB29DF88CA44F6EB7B9FB08604F5A016CEA05A7752C328FC00CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c2c0e78dcfe1c69dd4c823b9e1c6f7febd83d21a76218619b0800f4695e5908b
                                      • Instruction ID: a8ba4aa48d0b449e08529b40bb02f5b315e4cc8c3d38ff87d5d740aaf49d43cd
                                      • Opcode Fuzzy Hash: c2c0e78dcfe1c69dd4c823b9e1c6f7febd83d21a76218619b0800f4695e5908b
                                      • Instruction Fuzzy Hash: 2C116171A0120DABCB14EFA9D845EAFBBF8EF44710F40406AF904EB380D6749A14CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                      • Instruction ID: 5491dfc37a94002faa87309aff5ab67742c101f4ffcd9d5bb924becf11816155
                                      • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                      • Instruction Fuzzy Hash: 2F012832250B019FEB3BD66AD940BA777E9FFC5614F044419EB5287582DB30F811C751
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7de65e779620e06aa99d2ac2d3adc7d1a1dc9d295fee4e4dbeb525e515474382
                                      • Instruction ID: 69cec421ebf9660998076ed48cfcc91d48fbfa08e5059ea0e96dd7d5934bc47b
                                      • Opcode Fuzzy Hash: 7de65e779620e06aa99d2ac2d3adc7d1a1dc9d295fee4e4dbeb525e515474382
                                      • Instruction Fuzzy Hash: B30184722119477FD219BB79CD84E13F7ACFF55A59B000229F50883A51DB34EC12C6E4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 30dd053b3843825188a9b56c60df8b0bd60bb74b3f070d179a202399d9c42059
                                      • Instruction ID: d4726ce7010c965229d78c574fd6f6bc1d29b480597addd8dbef02dca6fcde6a
                                      • Opcode Fuzzy Hash: 30dd053b3843825188a9b56c60df8b0bd60bb74b3f070d179a202399d9c42059
                                      • Instruction Fuzzy Hash: 31019271A1120DABCB14EFA9D845EAFBBB8EF44710F00405AF900AB380D674DA15CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 023ccf4b67b4fba342c27f1764fab5314a9e0090906e70949d187dd5f3d329ce
                                      • Instruction ID: 0d2ff72e6d0a85d6acee6dd5898b91a038d7223e318cce5d18e6e3bac14ca272
                                      • Opcode Fuzzy Hash: 023ccf4b67b4fba342c27f1764fab5314a9e0090906e70949d187dd5f3d329ce
                                      • Instruction Fuzzy Hash: 07015271E1125DABDB14EFA9D845EAFBBB8EF44710F04405AF900AB380D6749A14CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                      • Instruction ID: cd03bb4c33a0edc160498da56a1d4e585a960462ed49b3b0d4b69eb9909cc6e6
                                      • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                      • Instruction Fuzzy Hash: EF118B32410B02DFD7369E19C880B62B7E1FB91726F16886AE5894A5E2C778E880CB10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8c780f0810bf01e5c7257c6e1bf82f15c323c47a4780c046fb9908ba50c906c
                                      • Instruction ID: 019de6ddc7fa07f6d83471cc0e8f1079de2e36e6714a43406e923b9c856e9871
                                      • Opcode Fuzzy Hash: c8c780f0810bf01e5c7257c6e1bf82f15c323c47a4780c046fb9908ba50c906c
                                      • Instruction Fuzzy Hash: A1019271A0120DABCB14EFA9D845EAFBBB8EF44710F00405AF901AB380D6749A11CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8bf844309c7f161a3bdec25089682125052154d4e40bda3ada20484369bad424
                                      • Instruction ID: 187364a48fcc6256c016a30a26f6d655707a203d90ff4516409724b0e1966a6b
                                      • Opcode Fuzzy Hash: 8bf844309c7f161a3bdec25089682125052154d4e40bda3ada20484369bad424
                                      • Instruction Fuzzy Hash: D8014071A10219ABDB14EFA9D845AAEBBB8EF44714F40405AB904AB280D6749A15CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a26823f1a298b7afacf9aaf8e1dea80136b8a502b25ea54a90b5146afe77b84d
                                      • Instruction ID: b9263509b5558f3fbd9cfa48847fdf965afde25f7168f47a69b18aa9ea41bfb9
                                      • Opcode Fuzzy Hash: a26823f1a298b7afacf9aaf8e1dea80136b8a502b25ea54a90b5146afe77b84d
                                      • Instruction Fuzzy Hash: 6001F271A101099BCB1CEB29D8809FFBBBAEF92230F850069DA15A7244FF30DD02C795
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                      • Instruction ID: 91502699710ec091210fe15f6ff012ee6b73da6e11d58dc24e1d211de188401c
                                      • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                      • Instruction Fuzzy Hash: B4017BB2A11149DBE719DB58C840FA93797AB9173CF114159EF158B3D0DB34ED02C791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a1098f4625f0ba0be7b999cf8b0aa7f1aaddfcf9745f79e19dad942f61d6375
                                      • Instruction ID: 35e6a8cd4f5d4f5dacee069b7f2107328652f15d3fb693cedf7b259fdb9570e0
                                      • Opcode Fuzzy Hash: 6a1098f4625f0ba0be7b999cf8b0aa7f1aaddfcf9745f79e19dad942f61d6375
                                      • Instruction Fuzzy Hash: 9E014CB1A0121DEBDB04DFA9D8419AEB7F8FF58304F10445AFA01E7380D774AA00CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                      • Instruction ID: 97898139db4932290e4e8fd2fa8be88c023771734ff322ac75ec114a770f5a70
                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                      • Instruction Fuzzy Hash: 6601D4722159C09FE72AC71CC944F767BE8EBA1B80F0904A5FA15CB651D728DC40C629
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b00ca69ad9f539cd0fc1c456407044d8aac05cd342cee7e7613885047d4fbf18
                                      • Instruction ID: 59c56da1f379db039db3803e01181a93a6e27fa903002e7ad1dd6e3d69d3f108
                                      • Opcode Fuzzy Hash: b00ca69ad9f539cd0fc1c456407044d8aac05cd342cee7e7613885047d4fbf18
                                      • Instruction Fuzzy Hash: E0014C726257429FC710EF28DD04B1A7BE5BB84314F048519FD85836D0EE30D452CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 931c645895e8e64fcb32f367b1619791d7d0df888601f5d95369018e2f01a1d7
                                      • Instruction ID: a69be2bd024e7227e3cb8d46479da6a7efb99d696ba5d94b62c013f384de8726
                                      • Opcode Fuzzy Hash: 931c645895e8e64fcb32f367b1619791d7d0df888601f5d95369018e2f01a1d7
                                      • Instruction Fuzzy Hash: E8018471A10269ABD714EFA9D805FAFBBB8EF55704F40406AF905EB380D674D910CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 879bbf10937963a79aae219473656a402ebbb1206af12037bfd2e60303e312eb
                                      • Instruction ID: 7ff7400d84637df0237b56c082c489b50117fa142cae57ecefa58123f46179dc
                                      • Opcode Fuzzy Hash: 879bbf10937963a79aae219473656a402ebbb1206af12037bfd2e60303e312eb
                                      • Instruction Fuzzy Hash: E401D871A1020DABCB14DFA9D805FAEB7B8EF50704F00406ABA00AB380DA709900C794
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 866d3b11082d9d55bb5582f2e6bea486b2b07d1454d14d41b98645fab0d225f2
                                      • Instruction ID: ff4544efff23ccf62cad827cee620c1a4878f0ac5e745552ba95e27fbf9a796c
                                      • Opcode Fuzzy Hash: 866d3b11082d9d55bb5582f2e6bea486b2b07d1454d14d41b98645fab0d225f2
                                      • Instruction Fuzzy Hash: AC012171A1121D9FDB04DFA9D9419AEBBB8EF58314F54405AFA05E7380D734AA01CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8f81359a7f508323a870b7d340f4e7f60088b17a16d90910932f12a38560145b
                                      • Instruction ID: 4b90146c985d43e2a649e6f77c0109b8b6de62ae63b49afa220248a913432359
                                      • Opcode Fuzzy Hash: 8f81359a7f508323a870b7d340f4e7f60088b17a16d90910932f12a38560145b
                                      • Instruction Fuzzy Hash: 52012C71A1121DAFCB04EFA9D9419AEBBB8EF58314F50405AFA04E7381D734A900CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 13533288b663664ad3c4ddf460c3e7594ac7828d287ce0c4c2187a48071894b8
                                      • Instruction ID: fd56194eee1677163a41990aff9dc6362ebd042a091cfb1565528a0e61da04df
                                      • Opcode Fuzzy Hash: 13533288b663664ad3c4ddf460c3e7594ac7828d287ce0c4c2187a48071894b8
                                      • Instruction Fuzzy Hash: 6A0121B1A1121D9FDB04DFA9D9419EEBBB8FF58314F50405AFA04E7380D734AA01CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                      • Instruction ID: be934fcbd6caafa01d70108f66f18801b56726d764e6fb2c50dd868926a97ec5
                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                      • Instruction Fuzzy Hash: C6F0C8332419239BDB3E6AD999C4BD7B6958F93B68F160035F2059B344CF64880286D6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                      • Instruction ID: 1b8731ad42e81d979267bfb7809e40421f5186e1e6888ca1136dec4ebc288cb1
                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                      • Instruction Fuzzy Hash: 8401F9336145C09BD32AE75DC844FA97BD9EF65754F0A00A1FE148B6B5D774E800C319
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f57c953e89f20bff04e50f29bdc38b5e4b825507b4c79cd68e51de719acba6b2
                                      • Instruction ID: d3e19c2a498a34d594195c33ab6f6e1cb97357f922f80564544339790c9ae117
                                      • Opcode Fuzzy Hash: f57c953e89f20bff04e50f29bdc38b5e4b825507b4c79cd68e51de719acba6b2
                                      • Instruction Fuzzy Hash: 9601AD35200608AFD739DF68DC45FABBBF9EF85614F10056DE90583290CBA1AA04CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3be9ec329f00b3bf02602280bfb138bdbee57c10b8190f19bb118a4ab67ed8cd
                                      • Instruction ID: 33d74d3814612752bf564ac87243c9b53c544b70a30e4a2f58e9f534374aa6a4
                                      • Opcode Fuzzy Hash: 3be9ec329f00b3bf02602280bfb138bdbee57c10b8190f19bb118a4ab67ed8cd
                                      • Instruction Fuzzy Hash: 8C018F71A0160D9FCB04EFA9D841AAEBBF8FF58314F14005AF900AB380D734AA00CB98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ed097ee7a1a687685d8522b2e8602be1dd1756ded5f269ec2bc1ace7b273a902
                                      • Instruction ID: 1e2183454363f3136ccaa3f515b98aaa497f74df21b79e7c96864f9230a638af
                                      • Opcode Fuzzy Hash: ed097ee7a1a687685d8522b2e8602be1dd1756ded5f269ec2bc1ace7b273a902
                                      • Instruction Fuzzy Hash: C901A972A10619ABDB14DBF9D4059AFB7B8EF54714F00805AF611E7290DA7499108790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ce080b7b163bbed2093627008ef8f8f05474b63f6880098508505e4430cfa42f
                                      • Instruction ID: 6431403c05b296afce763ae1fb85866aae2de5a1d803127e1cc7de042451bfcd
                                      • Opcode Fuzzy Hash: ce080b7b163bbed2093627008ef8f8f05474b63f6880098508505e4430cfa42f
                                      • Instruction Fuzzy Hash: 87F02233352A936BD63A77B48E58F1679A5EFE8F48F490428F7010B6A0CF658C02C684
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                      • Instruction ID: 4b381eda03a6544cf499e48b135ea37597f0e2b2d26cfc99c1237ace1bfec28f
                                      • Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                      • Instruction Fuzzy Hash: 04014435551B5AAFD729EB58C888F2A37DAAF50728F014141FD148B2D1DBB4ED80C7A2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                      • Instruction ID: f76350ec9bac4556fdde3119b9074b679506615a4d08b2ffdee6967fecf4600d
                                      • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                      • Instruction Fuzzy Hash: 90F0C871A212299BE718DB698490BEA7BA8EB54610F04C155EE11D7140DB31E95186A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02d978eb9dc3e19fa0fd84e35d3aa125a03e17d10c781f83dfec44a99bc6b4c8
                                      • Instruction ID: 7049acb4aa7cb8bcfea713a55b0892be910df2372c56395a6d4659ff015e2471
                                      • Opcode Fuzzy Hash: 02d978eb9dc3e19fa0fd84e35d3aa125a03e17d10c781f83dfec44a99bc6b4c8
                                      • Instruction Fuzzy Hash: B3F0C231B14648ABDF08EBA9E905E7EB7B8EF45604F400069FA01EB6D0EA70E911C745
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                      • Instruction ID: 0d1c93ee31780a2b64f09c2297b48121cf790e5bd61c3679130a86abebf0b806
                                      • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                      • Instruction Fuzzy Hash: F7F0CD31654208ABE71CCB29E841B96B6EDEF98204F1180789949C7260EBB2ED019254
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6358289d3b0201525316be293dc951c7048bbee1a40236223b11e288db2127bc
                                      • Instruction ID: 87b5d279248e380e9e27d83d943e54798d4850d8f67a9ad1be30937979a19223
                                      • Opcode Fuzzy Hash: 6358289d3b0201525316be293dc951c7048bbee1a40236223b11e288db2127bc
                                      • Instruction Fuzzy Hash: AC013C71A0120DAFCB04EFA9D545AAEB7F4FF18704F404059F905EB381E674AA10CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd37312e36703f62b4e2c8864e3f24160f688be06c9d9cec718e17363f65a4e6
                                      • Instruction ID: 05913e8897ddceb5243a3999689c5d1c17a191c910104738976bccecf6003702
                                      • Opcode Fuzzy Hash: bd37312e36703f62b4e2c8864e3f24160f688be06c9d9cec718e17363f65a4e6
                                      • Instruction Fuzzy Hash: E6F0FAB2B212909EE73E832CC104B227FE99B14230FC58D6ED41683202C3A0C880CAC1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 74cbe2b466d9910fd0a51f8968a3dad02bb704dcc361521f0ddfe4222ef7c701
                                      • Instruction ID: 3ce0bd59e91a306560faae7535b42e2d05d6788956430cbe830ccf9fce2180bf
                                      • Opcode Fuzzy Hash: 74cbe2b466d9910fd0a51f8968a3dad02bb704dcc361521f0ddfe4222ef7c701
                                      • Instruction Fuzzy Hash: FAF0552A836196CBDF376B3D39083E37F96EB75110F890085D6A017209C43588D3CB31
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                      • Instruction ID: c2b9147b3038503babec397467530b7a1fabfb7a80dfb8b999ae7c20ac8e03ba
                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                      • Instruction Fuzzy Hash: 6EE0ED32240A416BE725AF4ACCC0B0336A9AF92728F00407CBA001E282CBE6D80987A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 425fdb1651e8af7696825c202c6fe75c85cd0ca5314612a90d05dcba9613e2c9
                                      • Instruction ID: 074300d1e9d21e143c64d2611d44c8e89fa2cb8fa241c179e261df5f658d956b
                                      • Opcode Fuzzy Hash: 425fdb1651e8af7696825c202c6fe75c85cd0ca5314612a90d05dcba9613e2c9
                                      • Instruction Fuzzy Hash: 71F0B470A1460D9FDB18FFB8D445B6E77B4EF14304F508099EA05EB281DA34D900CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ccbfb55199e3516c2f2ea98b6f6cd229dc3f39503e19e1530754796f92e81b5
                                      • Instruction ID: 711bb13ee1e083a523a6c2fe4eb5678145acc216dc4278b82215af076b627612
                                      • Opcode Fuzzy Hash: 6ccbfb55199e3516c2f2ea98b6f6cd229dc3f39503e19e1530754796f92e81b5
                                      • Instruction Fuzzy Hash: 09F05EB0A15259ABDB14EBA8D906A6E77A4AF44304F440459BA05DB2C0FB74D900C798
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b5ee4139cde9831fe670678a490645415d7aa5ec5a151b153d58314276645498
                                      • Instruction ID: 81b9a22ad8f3b14b261c4ed27961f42db2b2f8aa931dd8f045d4743abede3250
                                      • Opcode Fuzzy Hash: b5ee4139cde9831fe670678a490645415d7aa5ec5a151b153d58314276645498
                                      • Instruction Fuzzy Hash: F7F08271A1524DABDB18EBE9D44AAAF77B4EF08308F400099F605EB280EA74E914C758
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 586a234b98e3a427866ee3171f5cc9222cfc7375415b1ae417e14faf816dccc9
                                      • Instruction ID: 31cde21f30a36c57735839f15b8b9689bc3742a5ad8f552a7a92ff03cdc4c194
                                      • Opcode Fuzzy Hash: 586a234b98e3a427866ee3171f5cc9222cfc7375415b1ae417e14faf816dccc9
                                      • Instruction Fuzzy Hash: 1DF05E71A1525DABDB14EBA8E906A6EB7B4EB44204F440059BA05DB2C1EA74D900C758
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c870bcd59fd997b1aee36d9931acc5eac3b3c2eadb2c6e2785d76cf31518f1cb
                                      • Instruction ID: 125dde4cde3c6dac0dbf25993502a100297eec7797b09e2939822a0a94bf61bc
                                      • Opcode Fuzzy Hash: c870bcd59fd997b1aee36d9931acc5eac3b3c2eadb2c6e2785d76cf31518f1cb
                                      • Instruction Fuzzy Hash: 38F082319B169ADFD733971CC244B21BBD49B01A70F564665E605879C3C768DC84C690
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                      • Instruction ID: eedbf88fd70eadd0f1f82e2a9d8e932311b392de5e0dfb4ff3aad8395238a647
                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                      • Instruction Fuzzy Hash: EAE0DF32A41119FBDB25AAD99E45FAABFACDB58A60F000195FA08D75A0D6719E00C3D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                      • Instruction ID: dbaa5d21a5bd2a57d98d0843b7e9f8f03de03bfa03b57764e1abc22846ab697f
                                      • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                      • Instruction Fuzzy Hash: B2E02B32210146B3CF3AAA48D490BF6B399AF52704F0B8035E9028B582D760DC81C3D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a370b3922fe619329cb22a00b2f79393ba09e503784a1263856dc903885099ed
                                      • Instruction ID: 5e1a80861223286ae6d3a0825839ea47e537ae803ce250e85e0fac048b921e59
                                      • Opcode Fuzzy Hash: a370b3922fe619329cb22a00b2f79393ba09e503784a1263856dc903885099ed
                                      • Instruction Fuzzy Hash: 73F0397E971745CFCBB9EFA9E9087283EB4F754312F80412AD1048B289C77445A0CF01
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                      • Instruction ID: 5823253bebc690ad6b977cd963f9adf815bfd356e8a4da711156c887b70edb48
                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                      • Instruction Fuzzy Hash: A0E0C23238160EBBDB226F84CC00FA9BB1ADB607A4F104031FE489A6D0C6719CA1DAC4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67d89467ec74d146d1ffa66d9235028f0e0a4e73dfc3f6ecce46899e0029eb81
                                      • Instruction ID: f7ea67db0ca6ce1a7fc1a1889261d0b9bdfe24acbf87b3b4d71bf71d7efe3cc7
                                      • Opcode Fuzzy Hash: 67d89467ec74d146d1ffa66d9235028f0e0a4e73dfc3f6ecce46899e0029eb81
                                      • Instruction Fuzzy Hash: 5CD02E621308006BC62D2380AC3CB253A92FB847A4FBE480CF2034F9E0EB60C8D48209
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                      • Instruction ID: 470662b179b789d28f91fa3b3fc2d5851c29fc7ab6ea903a4e3609dfd3476826
                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                      • Instruction Fuzzy Hash: E4E08C729507819BCF16DB48C650F5EBBF5FB84B00F190408A1085B660C734AC00CB00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 08a8d959c48d4755431c2a973da2fe9fedd1ed40260d4537a8926c1333fea967
                                      • Instruction ID: 6d041f508585869c45c00fdcba949f432bdefebfec732279de3c97c4f0f5b76c
                                      • Opcode Fuzzy Hash: 08a8d959c48d4755431c2a973da2fe9fedd1ed40260d4537a8926c1333fea967
                                      • Instruction Fuzzy Hash: 76C02B32D4C06C0AD3150C4C7C102B0FB79C0C7121EC032FBCE44330002111C4C6C28D
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
                                      • Instruction ID: 6ca19e04bfd7b50d880251392e7c78cc4119a69475b955a9bb69c8465024dcbb
                                      • Opcode Fuzzy Hash: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
                                      • Instruction Fuzzy Hash: 78D0227320607093CB2C5648BD44FA3BA059F80A58F1B00AEBA0A8390082108C03C2E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6f9ae49fc6c2a19662247300c9e173f5a5df57a9d8aaa21e31fef7975e2812d2
                                      • Instruction ID: 404189e0932b07d92c1ab3ee669e6464a99feeb41e0d8af27d3d35c161a394c0
                                      • Opcode Fuzzy Hash: 6f9ae49fc6c2a19662247300c9e173f5a5df57a9d8aaa21e31fef7975e2812d2
                                      • Instruction Fuzzy Hash: A3D0A732040508ABC715FF4CDD44F057BADEB54704F400024B50887262DB30EC60C658
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                      • Instruction ID: 6565e7d5dc1bd6594d5a724ff5ed32a3ae81adab1673e20862e8f831cb840eb8
                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                      • Instruction Fuzzy Hash: 93D0C935352980CFD61BCB0CC554B0633A4FF04B44FC50490E500CB722E72CD940CA00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                      • Instruction ID: c04d8ac9d45b2652ec986307f91fd5511e1460b55f922b2b00ae90d1866b402a
                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                      • Instruction Fuzzy Hash: 3AD0A9314629819AEB0EAB94C21C7783BF2BF00308F582069801307A52C33A4A0ACE01
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                      • Instruction ID: 2e3fea06df5885a039e224b18c12f90bc803a81fa84358cc421993a26a04bddf
                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                      • Instruction Fuzzy Hash: DEC08C30280A01AAEB2A1F20CE81B403AA0BB11B09F8400A0A301DA8F0DB78D801E600
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                      • Instruction ID: 4c3eda3b8157ca5d0da8fb9e418998bfd3c5e3a455c6b9d833b912344563d86b
                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                      • Instruction Fuzzy Hash: A9C08C33080248BBCB126F81CC00F467F2AFBA4B60F008010FA080B570C632E970EB84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                      • Instruction ID: 18fdd8e8c90108538a968798adbe5b7979e37f22efa5a62f3adca7eebcb61633
                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                      • Instruction Fuzzy Hash: C2C08C32080248BBC7126E41DC40F017B29E7A0B60F000020B6040A9608632EC60D588
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                      • Instruction ID: 1ffd548789d86df60006a1b9453360901983dd2a5d51ac0f56263052b3e7cae2
                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                      • Instruction Fuzzy Hash: CCC02B330C0648BBC7126F45CD00F01BF2DE7A0B60F010020F6040B6B1CA32EC60D588
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                      • Instruction ID: 9127e6369eec1b12cd2d1f354b51a6a0b6f682b65201a314c4cddac5d5387418
                                      • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                      • Instruction Fuzzy Hash: FBC04C367119418FCF15CB29C284F1937E4F744748F1508D0E905DB735D724F800CA10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                      • Instruction ID: 858839d6557ce20215d297228bf8144b5f1bcbeff690632391e7c7777b047eae
                                      • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                      • Instruction Fuzzy Hash: 38C04C1E1656C549CD278F3442127D5BF64D7529D0F191481D4D11F552C11445539625
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                      • Instruction ID: 0910bddeac083dd1cc3d141e8f8f760dbe6d5aa4d137c1866716143a982fb76d
                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                      • Instruction Fuzzy Hash: 5AB092353019408FCE1ADF18C080B1933E4BB45A44B8400D4E400CBA21D329E8008900
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                      • Instruction ID: 6df0640e60757bd2e5102f6e75000f8307e079b4396155ee2cd1ac5d08d5d9a9
                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                      • Instruction Fuzzy Hash: 89B01232C51441CFCF06EF40C610B297731FB10B50F094494900127930C328AC01CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 30613501e137fb42f96d3af11dc0eba48cfc33b27cf5f8d5e2b5b20f464c605d
                                      • Instruction ID: 3e36a38dd5c03beb41ba3e0c7188607ffedad3e35a76322b6e1dedfe4035fd69
                                      • Opcode Fuzzy Hash: 30613501e137fb42f96d3af11dc0eba48cfc33b27cf5f8d5e2b5b20f464c605d
                                      • Instruction Fuzzy Hash: A19002B121200802D24171E944047460005A7D0341F51C111A5054558FC6D98DD577A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c010639965ba89ccf4d6ab859b485e883e67d0cf255c642d03e98bfc15762d67
                                      • Instruction ID: a91d85b677013b937a1c1e9b3230402a7f133f8a735dab4a7e95c0481544b102
                                      • Opcode Fuzzy Hash: c010639965ba89ccf4d6ab859b485e883e67d0cf255c642d03e98bfc15762d67
                                      • Instruction Fuzzy Hash: 4F9002A121240803D24165E948046070005A7D0342F51C111A2054559FCAA98C517275
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f33003bd2a1b14bbddf11a7a2defae5bf1feac0fec65a4f38e4f4838c3b6eed5
                                      • Instruction ID: c7b565f258914ccd36aec45a9dfa4db48b6722b9620d0664109099b989105639
                                      • Opcode Fuzzy Hash: f33003bd2a1b14bbddf11a7a2defae5bf1feac0fec65a4f38e4f4838c3b6eed5
                                      • Instruction Fuzzy Hash: A99002A135200842D20161E94414B060005E7E1341F51C115E1054558EC699CC527266
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cbd0b199dc4752aad507adba28717defde3d5b0a2292a461c00063e5c397eb74
                                      • Instruction ID: 1f244f2bb79157389f7c4f8214ec0ab0d70089671650e34ad20684a47c0970f6
                                      • Opcode Fuzzy Hash: cbd0b199dc4752aad507adba28717defde3d5b0a2292a461c00063e5c397eb74
                                      • Instruction Fuzzy Hash: B79002A122200442D20561E944047060045A7E1241F51C112A2144558DC5A98C616265
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c4d6dd0bedd169ffc34b6d1f41d8785027b37c8e372c5196b1f33bbc619aa6b6
                                      • Instruction ID: 34b66a795b109f6b7d0b31fc3c810d68f5eeba0c61a8b61b39b2ce6ee0d9c7dc
                                      • Opcode Fuzzy Hash: c4d6dd0bedd169ffc34b6d1f41d8785027b37c8e372c5196b1f33bbc619aa6b6
                                      • Instruction Fuzzy Hash: 7190027125200802D24271E944046060009B7D0281F91C112A0414558FC6D58A56BBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf845008721411ee8362f6c8983cf65b04231720ff784ae9aed3168d7b607a04
                                      • Instruction ID: d3c43a3442814b46b9da8ad3840b74955ffc7d6519ccc393e76b5e6e81133f35
                                      • Opcode Fuzzy Hash: bf845008721411ee8362f6c8983cf65b04231720ff784ae9aed3168d7b607a04
                                      • Instruction Fuzzy Hash: 9B9002A1612144434641B1E948044065015B7E1341391C221A0444564DC6E88855A3A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eab53debc7b6cb6c61efa40faaa7566b136bd1053cb31a503e21174e8d9f5805
                                      • Instruction ID: 374b5fe426e43de1f13ce6953d7da039849a0b801b1aab11678638c12c2a21e4
                                      • Opcode Fuzzy Hash: eab53debc7b6cb6c61efa40faaa7566b136bd1053cb31a503e21174e8d9f5805
                                      • Instruction Fuzzy Hash: 00900261253045525646B1E944045074006B7E0281791C112A1404954DC5A69856E761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 637d10860ce7af8baf5b5d511f16d6bd76060c9ee7e534ae4264bfb828075b89
                                      • Instruction ID: 7619089af34b3d48731371423a0415100e1e035145185f57ee34d66d90329b08
                                      • Opcode Fuzzy Hash: 637d10860ce7af8baf5b5d511f16d6bd76060c9ee7e534ae4264bfb828075b89
                                      • Instruction Fuzzy Hash: 9390026131200802D20361E944146060009E7D1385F91C112E1414559EC6A58953B272
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ff5eef3b0643fe3717bf9d424ca4f84c2464e512348f949139bc88a63410a87
                                      • Instruction ID: 47b68b85eea10ea57bf409ec0655602e0ab8c96cb0ab56327910272158a78e9a
                                      • Opcode Fuzzy Hash: 6ff5eef3b0643fe3717bf9d424ca4f84c2464e512348f949139bc88a63410a87
                                      • Instruction Fuzzy Hash: D090026161200902D20271E94404616000AA7D0281F91C122A1014559FCAA58992B271
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: af549c6ada4b79bd9edbdbb40e600bb83fcf4cf52a041c3657ab0e784e42dfc4
                                      • Instruction ID: d1ccbb055ede2d6dbffa9f2b868c128a1b6ec805f8b322dbf8a253e20512d4f3
                                      • Opcode Fuzzy Hash: af549c6ada4b79bd9edbdbb40e600bb83fcf4cf52a041c3657ab0e784e42dfc4
                                      • Instruction Fuzzy Hash: E790026125200C02D24171E984147070006E7D0641F51C111A0014558EC696896577F1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 41fe11fe97159c9e28c5ed2226bbe5efb7a301e9fa37b1179d8108ac857701ec
                                      • Instruction ID: dd6e3d2fd97e50e36d0f6735de5afc2b30514758e74aadf05ee5af0723e7a12c
                                      • Opcode Fuzzy Hash: 41fe11fe97159c9e28c5ed2226bbe5efb7a301e9fa37b1179d8108ac857701ec
                                      • Instruction Fuzzy Hash: E290027121244402D24171E9844460B5005B7E0341F51C511E0415558DC6958856A361
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 17228241ace65138f1a6f741fb12fa074077a823640cdf7e3e3aa3dee60b1a95
                                      • Instruction ID: 2118dd5958b793406f974cd80ddce9d3b5e9f72c834d94282b53abbf469a35e7
                                      • Opcode Fuzzy Hash: 17228241ace65138f1a6f741fb12fa074077a823640cdf7e3e3aa3dee60b1a95
                                      • Instruction Fuzzy Hash: 5790027121240802D20161E948087470005A7D0342F51C111A5154559FC6E5C8917671
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 342275a2cd08eff1657feed3ebb1494fff51a752773ca72b9da0935e01be2dab
                                      • Instruction ID: 2da29b95a0c92c2006117ddef0a69bf0513a97a24499ea5f12e6e81101e0c1a0
                                      • Opcode Fuzzy Hash: 342275a2cd08eff1657feed3ebb1494fff51a752773ca72b9da0935e01be2dab
                                      • Instruction Fuzzy Hash: 0B90027121240802D20161E9481470B0005A7D0342F51C111A1154559EC6A5885176B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4136143671708393429bfb943fbbf13a0d9d7d1c842e1dc4f649221d5eac475a
                                      • Instruction ID: 8aa91584aba53603c092010b49048c39b076bac403e524e4595f8a1e782a0b31
                                      • Opcode Fuzzy Hash: 4136143671708393429bfb943fbbf13a0d9d7d1c842e1dc4f649221d5eac475a
                                      • Instruction Fuzzy Hash: 0590026161200442424171F988449064005BBE1251751C221A0988554EC5D9886567A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e0c4cc96174ff9df64f272a816d9bfe21fd4dad276d2ba148c1fd846f5ffde10
                                      • Instruction ID: bdc18501c9e37f8ca0da1e0adff7196f75e96d992d4b910f24d5f93dd06ae42b
                                      • Opcode Fuzzy Hash: e0c4cc96174ff9df64f272a816d9bfe21fd4dad276d2ba148c1fd846f5ffde10
                                      • Instruction Fuzzy Hash: FE90026122280442D30165F94C14B070005A7D0343F51C215A0144558DC99588616661
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: de2e2cd00e7f78a8a70e8cacdc408440bc4d753cc463e4e7bd98b01547d432e8
                                      • Instruction ID: 6ec8c351679e43acc52e9025977f4b1baad11551470f72f086c5823e525c2c8c
                                      • Opcode Fuzzy Hash: de2e2cd00e7f78a8a70e8cacdc408440bc4d753cc463e4e7bd98b01547d432e8
                                      • Instruction Fuzzy Hash: 2990026121244842D24162E94804B0F4105A7E1242F91C119A4146558DC99588556761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 77a012dd2ad8f8688f24ad72f0040aae5adff9cd70f5c12bd321d78f1655e316
                                      • Instruction ID: e26a3d6c434def3d72fa013602d43dc83a5cf5dbfebb48ee2883d7b349494682
                                      • Opcode Fuzzy Hash: 77a012dd2ad8f8688f24ad72f0040aae5adff9cd70f5c12bd321d78f1655e316
                                      • Instruction Fuzzy Hash: ED900271A1600412924171E948146464006B7E0781B55C111A0504558DC9D48A5563E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 99c2322033a6714a1cc70ddda50f3e9591313bcdee944bad6cbf311b33e137b8
                                      • Instruction ID: 75b409d44ea933926d0ffcd97109725b1c852cf1694dbeab294712793beb37e5
                                      • Opcode Fuzzy Hash: 99c2322033a6714a1cc70ddda50f3e9591313bcdee944bad6cbf311b33e137b8
                                      • Instruction Fuzzy Hash: 199002E1212144924601A2E98404B0A4505A7E0241B51C116E1044564DC5A58851A275
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 771952c1bbc65a9a8e0d60a20799925ac41499e827fca1648e34cb216b358713
                                      • Instruction ID: 6c707740720beebb3452197c62ab293f97e89b41db34ecf80c00d00dd7a9b474
                                      • Opcode Fuzzy Hash: 771952c1bbc65a9a8e0d60a20799925ac41499e827fca1648e34cb216b358713
                                      • Instruction Fuzzy Hash: 95900265222004030206A5E907045070046A7D5391351C121F1005554DD6A188616261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 21585a85154d1db2a8f700762908c0f0e7cef82e5c3b5f54c3c24ebf9fdc5b48
                                      • Instruction ID: fc94c86833266e8550b94c15e619f9d655619dd2baa7b178d15e7f6c87deefb0
                                      • Opcode Fuzzy Hash: 21585a85154d1db2a8f700762908c0f0e7cef82e5c3b5f54c3c24ebf9fdc5b48
                                      • Instruction Fuzzy Hash: 1C900265232004020246A5E9060450B0445B7D6391391C115F1406594DC6A188656361
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fa103e21a1548633340fad33e704fc1e25931b5185425691135497ad7dcc8bd0
                                      • Instruction ID: 7dbff81ab4e49e81d2e03a227a2f26513246702eb389c5ae48cf99c4c544208e
                                      • Opcode Fuzzy Hash: fa103e21a1548633340fad33e704fc1e25931b5185425691135497ad7dcc8bd0
                                      • Instruction Fuzzy Hash: 199002A121300403420671E94414616400AA7E0241B51C121E1004594EC5A588917265
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b8bb7899b1f3957edb9746da72ac2cc11f8f9f0c62f4a4dce94ed9956448b633
                                      • Instruction ID: 0e5ec52bfd1af58c88e4bedfda97d5994d7de12a745393baa9f0942e79a36e36
                                      • Opcode Fuzzy Hash: b8bb7899b1f3957edb9746da72ac2cc11f8f9f0c62f4a4dce94ed9956448b633
                                      • Instruction Fuzzy Hash: 7C90027121200C02D20561E948046860005A7D0341F51C111A6014659FD6E588917271
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7912b7f33dc39d27d570a03d311c3e28d52d4b7511c4cc44b4b78d3d2a1e37a6
                                      • Instruction ID: 9ca1dcf1480de3f26f1de01e3d57ceb343aad6d247d570beda2a5ed5defea311
                                      • Opcode Fuzzy Hash: 7912b7f33dc39d27d570a03d311c3e28d52d4b7511c4cc44b4b78d3d2a1e37a6
                                      • Instruction Fuzzy Hash: 0D90027121200802D20165E954086460005A7E0341F51D111A5014559FC6E588917271
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 60e4d7c98b00514123eeea6dcca086dcbfe8a6efd4275dd30eb7b4a89e9ef180
                                      • Instruction ID: e73ba4646342da9288615c6c01cce6c9fd33d279f703c954eefd6b24965eba11
                                      • Opcode Fuzzy Hash: 60e4d7c98b00514123eeea6dcca086dcbfe8a6efd4275dd30eb7b4a89e9ef180
                                      • Instruction Fuzzy Hash: 31900271312004529601A6E95804A4A4105A7F0341B51D115A4004558DC5D488616261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6148f4ee165c11c5f64b628288d27b62730991ecfc62896ccf0907a55248ea5b
                                      • Instruction ID: e036a28e92121ace590c544b298a0183c86d6f2bd6fee139d475fc141f2d54ac
                                      • Opcode Fuzzy Hash: 6148f4ee165c11c5f64b628288d27b62730991ecfc62896ccf0907a55248ea5b
                                      • Instruction Fuzzy Hash: 2390026161600802D24171E954187060015A7D0241F51D111A0014558EC6D98A5577E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cad660e6209fe0b1473945074c8fb440fd01ce7809275fda73210e04ec2a5c5f
                                      • Instruction ID: ce2c0d800d732885075f2655243025443ba17c8763f6b45b71a614eabbf361ae
                                      • Opcode Fuzzy Hash: cad660e6209fe0b1473945074c8fb440fd01ce7809275fda73210e04ec2a5c5f
                                      • Instruction Fuzzy Hash: 4B90027521604842D60165E95804A870005A7D0345F51D511A041459CEC6D48861B261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b2a02eb37246a036df6b34551f14a528471eadf038cc5c2d8b5ad259c3f97c45
                                      • Instruction ID: 2e249176d5fcae4b5c37865aa2c3b44150b7a8e156601d53b013ccb50e4cb3dc
                                      • Opcode Fuzzy Hash: b2a02eb37246a036df6b34551f14a528471eadf038cc5c2d8b5ad259c3f97c45
                                      • Instruction Fuzzy Hash: 3B90026121604842D20165E95408A060005A7D0245F51D111A1054599EC6B58851B271
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c9d1ac3195ebeca4e1d7846047d58a12766e35c6fe24cc36efa7cb691ba0b770
                                      • Instruction ID: bb119c6366b7c21a984f833b8cc86c50289e6fcb660737fcec8001a41a74071f
                                      • Opcode Fuzzy Hash: c9d1ac3195ebeca4e1d7846047d58a12766e35c6fe24cc36efa7cb691ba0b770
                                      • Instruction Fuzzy Hash: 8E90027121200803D20161E955087070005A7D0241F51D511A041455CED6D688517261
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dc799f6eb1cb68beae5a2b523d4001bc68b25ea07bc80498553c6cf6553a6d7d
                                      • Instruction ID: c82b068bbf52536eb326550633df526f6003702bff52ac262ce37e4a827c3635
                                      • Opcode Fuzzy Hash: dc799f6eb1cb68beae5a2b523d4001bc68b25ea07bc80498553c6cf6553a6d7d
                                      • Instruction Fuzzy Hash: 1290026922300402D28171E9540860A0005A7D1242F91D515A000555CDC99588696361
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5c1b711526405917ab61ae3fab3a6f7954d06a3646e020f202e84ae017b3cdca
                                      • Instruction ID: 348d6ad9992facb9bdbb669b743f244a401d16a002ab4c86aab3b3c53e784447
                                      • Opcode Fuzzy Hash: 5c1b711526405917ab61ae3fab3a6f7954d06a3646e020f202e84ae017b3cdca
                                      • Instruction Fuzzy Hash: 7390026131200403D24171E954186064005F7E1341F51D111E0404558DD99588566362
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 50e28ad5a8ae7d86e6744eb5e14e45b32e083631a2a82a36ab88a4c521533ca9
                                      • Instruction ID: b771df5ac57e08505374339fa49ecec2aaa29b5730467a727480086cd1c3db04
                                      • Opcode Fuzzy Hash: 50e28ad5a8ae7d86e6744eb5e14e45b32e083631a2a82a36ab88a4c521533ca9
                                      • Instruction Fuzzy Hash: 5A90027132214802D21161E984047060005A7D1241F51C511A081455CEC6D588917262
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8f95e5b1cdf135d4c9328e7b9108a98da63e6dae488a9a51f709e5048fcfd5ee
                                      • Instruction ID: fc53e0fc4c0a99db4d717d17efb2ea66c962fa9276c0ce56d89154c68aed139b
                                      • Opcode Fuzzy Hash: 8f95e5b1cdf135d4c9328e7b9108a98da63e6dae488a9a51f709e5048fcfd5ee
                                      • Instruction Fuzzy Hash: 4490027161600C02D25171E944147460005A7D0341F51C111A0014658EC7D58A5577E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 722668a59f5b7a43694b184351e9b081b05b12776deea6c4e502bfe8aeb184d2
                                      • Instruction ID: 093694d2740061feb89a69decd43a083d90e2cceab536dbd6fbd435be700f184
                                      • Opcode Fuzzy Hash: 722668a59f5b7a43694b184351e9b081b05b12776deea6c4e502bfe8aeb184d2
                                      • Instruction Fuzzy Hash: 1690027121604C42D24171E94404A460015A7D0345F51C111A0054698ED6A58D55B7A1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dce8a303657d72a819cfe031c8ead40250cb629a5b53d879213a31be018fb729
                                      • Instruction ID: 83506dccf0df5d5a3ef652091e95a80fbb56cae3b081bef9c1e765cf439c3865
                                      • Opcode Fuzzy Hash: dce8a303657d72a819cfe031c8ead40250cb629a5b53d879213a31be018fb729
                                      • Instruction Fuzzy Hash: 3490027121200C42D20161E94404B460005A7E0341F51C116A0114658EC695C8517661
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                      • Instruction ID: 21dd757bfc7974d86c490018f33deb06f16bf7284309ef2c1ec8343648a45764
                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                      • Instruction Fuzzy Hash:
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      C-Code - Quality: 41%
                                      			E011B7CC0(intOrPtr* _a4, intOrPtr _a8) {
                                      				signed int _v8;
                                      				signed int _v12;
                                      				intOrPtr _v16;
                                      				signed int _v20;
                                      				intOrPtr _v24;
                                      				signed int _t60;
                                      				signed int _t65;
                                      				void* _t70;
                                      				void* _t73;
                                      				signed int _t86;
                                      				void* _t92;
                                      				signed int _t94;
                                      				intOrPtr _t101;
                                      				signed int _t102;
                                      				intOrPtr _t103;
                                      				intOrPtr _t104;
                                      				signed int _t105;
                                      				signed int _t115;
                                      				intOrPtr _t116;
                                      				signed char _t117;
                                      				void* _t118;
                                      				intOrPtr* _t120;
                                      				signed int _t121;
                                      				void* _t122;
                                      
                                      				_t101 = _a8;
                                      				_t120 = _a4;
                                      				_t121 = 0;
                                      				_t104 = _t101 + 0x2e;
                                      				_v24 = 8;
                                      				_v16 = _t104;
                                      				if( *_t120 == 0) {
                                      					__eflags =  *(_t120 + 2);
                                      					if( *(_t120 + 2) != 0) {
                                      						goto L1;
                                      					}
                                      					__eflags =  *(_t120 + 4);
                                      					if( *(_t120 + 4) != 0) {
                                      						goto L1;
                                      					}
                                      					__eflags =  *(_t120 + 6);
                                      					if( *(_t120 + 6) != 0) {
                                      						goto L1;
                                      					}
                                      					_t117 =  *(_t120 + 0xc) & 0x0000ffff;
                                      					_v20 = _t117 >> 8;
                                      					__eflags = _t117;
                                      					if(_t117 == 0) {
                                      						goto L1;
                                      					}
                                      					_t86 =  *(_t120 + 8) & 0x0000ffff;
                                      					__eflags = _t86;
                                      					if(_t86 != 0) {
                                      						_v12 = 0xffff;
                                      						__eflags = _t86 - _v12;
                                      						if(_t86 != _v12) {
                                      							goto L1;
                                      						}
                                      						__eflags =  *(_t120 + 0xa);
                                      						if( *(_t120 + 0xa) != 0) {
                                      							goto L1;
                                      						}
                                      						__eflags = _t104 - _t101;
                                      						_push( *(_t120 + 0xf) & 0x000000ff);
                                      						_push( *(_t120 + 0xe) & 0x000000ff);
                                      						_push(_v20 & 0x000000ff);
                                      						_t92 = E01206B30(_t101, _t104 - _t101, "::ffff:0:%u.%u.%u.%u", _t117 & 0x000000ff);
                                      						L29:
                                      						return _t92 + _t101;
                                      					}
                                      					_t94 =  *(_t120 + 0xa) & 0x0000ffff;
                                      					__eflags = _t94;
                                      					if(_t94 == 0) {
                                      						_t118 = 0x11948a4;
                                      						L27:
                                      						_push( *(_t120 + 0xf) & 0x000000ff);
                                      						_push( *(_t120 + 0xe) & 0x000000ff);
                                      						_push(_v20 & 0x000000ff);
                                      						_push( *(_t120 + 0xc) & 0xff);
                                      						_t92 = E01206B30(_t101, _t104 - _t101, "::%hs%u.%u.%u.%u", _t118);
                                      						goto L29;
                                      					}
                                      					__eflags = _t94 - 0xffff;
                                      					if(_t94 != 0xffff) {
                                      						goto L1;
                                      					}
                                      					_t118 = 0x11ad700;
                                      					goto L27;
                                      				}
                                      				L1:
                                      				_t105 = _t121;
                                      				_t60 = _t121;
                                      				_v8 = _t105;
                                      				_v20 = _t60;
                                      				if(( *(_t120 + 8) & 0x0000fffd) == 0) {
                                      					__eflags =  *(_t120 + 0xa) - 0xfe5e;
                                      					if( *(_t120 + 0xa) == 0xfe5e) {
                                      						_v24 = 6;
                                      					}
                                      				}
                                      				_t115 = _t121;
                                      				_t102 = _t60;
                                      				do {
                                      					if( *((intOrPtr*)(_t120 + _t115 * 2)) == _t121) {
                                      						__eflags = _t115 - _t60 + 1 - _v8 - _t102;
                                      						_t60 = _v20;
                                      						if(__eflags <= 0) {
                                      							_t105 = _v8;
                                      						} else {
                                      							_t49 = _t115 + 1; // 0x1
                                      							_t105 = _t49;
                                      							_t102 = _t60;
                                      							_v8 = _t105;
                                      						}
                                      					} else {
                                      						_t13 = _t115 + 1; // 0x1
                                      						_t60 = _t13;
                                      						_v20 = _t60;
                                      					}
                                      					_t115 = _t115 + 1;
                                      				} while (_t115 < _v24);
                                      				_v12 = _t102;
                                      				_t103 = _a8;
                                      				if(_t105 - _t102 > 1) {
                                      					_t65 = _v12;
                                      				} else {
                                      					_t105 = _t121;
                                      					_t65 = _t121;
                                      					_v8 = _t105;
                                      					_v12 = _t65;
                                      				}
                                      				do {
                                      					if(_t121 < _t105) {
                                      						__eflags = _t65 - _t121;
                                      						if(_t65 > _t121) {
                                      							goto L9;
                                      						}
                                      						_push("::");
                                      						_push(_v16 - _t103);
                                      						_push(_t103);
                                      						_t70 = E01206B30();
                                      						_t105 = _v8;
                                      						_t122 = _t122 + 0xc;
                                      						_t121 = _t105 - 1;
                                      						goto L13;
                                      					}
                                      					L9:
                                      					if(_t121 != 0 && _t121 != _t105) {
                                      						_push(":");
                                      						_push(_v16 - _t103);
                                      						_push(_t103);
                                      						_t73 = E01206B30();
                                      						_t122 = _t122 + 0xc;
                                      						_t103 = _t103 + _t73;
                                      					}
                                      					_t70 = E01206B30(_t103, _v16 - _t103, "%x",  *(_t120 + _t121 * 2) & 0x0000ffff);
                                      					_t105 = _v8;
                                      					_t122 = _t122 + 0x10;
                                      					L13:
                                      					_t116 = _v24;
                                      					_t103 = _t103 + _t70;
                                      					_t65 = _v12;
                                      					_t121 = _t121 + 1;
                                      				} while (_t121 < _t116);
                                      				if(_t116 < 8) {
                                      					_push( *(_t120 + 0xf) & 0x000000ff);
                                      					_push( *(_t120 + 0xe) & 0x000000ff);
                                      					_push( *(_t120 + 0xd) & 0x000000ff);
                                      					_t103 = _t103 + E01206B30(_t103, _v16 - _t103, ":%u.%u.%u.%u",  *(_t120 + 0xc) & 0x000000ff);
                                      				}
                                      				return _t103;
                                      			}



























                                      0x011b7cc9
                                      0x011b7cce
                                      0x011b7cd1
                                      0x011b7cd3
                                      0x011b7cd6
                                      0x011b7cdd
                                      0x011b7ce3
                                      0x01212bbb
                                      0x01212bbf
                                      0x00000000
                                      0x00000000
                                      0x01212bc5
                                      0x01212bc9
                                      0x00000000
                                      0x00000000
                                      0x01212bcf
                                      0x01212bd3
                                      0x00000000
                                      0x00000000
                                      0x01212bd9
                                      0x01212be2
                                      0x01212be5
                                      0x01212be8
                                      0x00000000
                                      0x00000000
                                      0x01212bee
                                      0x01212bf2
                                      0x01212bf5
                                      0x01212c74
                                      0x01212c7b
                                      0x01212c7f
                                      0x00000000
                                      0x00000000
                                      0x01212c85
                                      0x01212c89
                                      0x00000000
                                      0x00000000
                                      0x01212c4b
                                      0x01212c4d
                                      0x01212c52
                                      0x01212c59
                                      0x01212c65
                                      0x01212c6d
                                      0x00000000
                                      0x01212c6d
                                      0x01212bf7
                                      0x01212bfb
                                      0x01212bfe
                                      0x01212c15
                                      0x01212c1a
                                      0x01212c20
                                      0x01212c25
                                      0x01212c2c
                                      0x01212c34
                                      0x01212c3d
                                      0x00000000
                                      0x01212c42
                                      0x01212c05
                                      0x01212c08
                                      0x00000000
                                      0x00000000
                                      0x01212c0e
                                      0x00000000
                                      0x01212c0e
                                      0x011b7ce9
                                      0x011b7cee
                                      0x011b7cf0
                                      0x011b7cf2
                                      0x011b7cf5
                                      0x011b7cfc
                                      0x01212c96
                                      0x01212c9a
                                      0x01212ca0
                                      0x01212ca0
                                      0x01212c9a
                                      0x011b7d02
                                      0x011b7d04
                                      0x011b7d06
                                      0x011b7d0a
                                      0x01212cb6
                                      0x01212cb8
                                      0x01212cbb
                                      0x01212cca
                                      0x01212cbd
                                      0x01212cbd
                                      0x01212cbd
                                      0x01212cc0
                                      0x01212cc2
                                      0x01212cc2
                                      0x011b7d10
                                      0x011b7d10
                                      0x011b7d10
                                      0x011b7d13
                                      0x011b7d13
                                      0x011b7d16
                                      0x011b7d17
                                      0x011b7d1e
                                      0x011b7d23
                                      0x011b7d29
                                      0x011b7d9f
                                      0x011b7d2b
                                      0x011b7d2b
                                      0x011b7d2d
                                      0x011b7d2f
                                      0x011b7d32
                                      0x011b7d32
                                      0x011b7d35
                                      0x011b7d37
                                      0x01212cd2
                                      0x01212cd4
                                      0x00000000
                                      0x00000000
                                      0x01212cdd
                                      0x01212ce4
                                      0x01212ce5
                                      0x01212ce6
                                      0x01212ceb
                                      0x01212cee
                                      0x01212cf1
                                      0x00000000
                                      0x01212cf1
                                      0x011b7d3d
                                      0x011b7d3f
                                      0x011b7d48
                                      0x011b7d4f
                                      0x011b7d50
                                      0x011b7d51
                                      0x011b7d56
                                      0x011b7d59
                                      0x011b7d59
                                      0x011b7d73
                                      0x011b7d78
                                      0x011b7d7b
                                      0x011b7d7e
                                      0x011b7d7e
                                      0x011b7d81
                                      0x011b7d83
                                      0x011b7d86
                                      0x011b7d87
                                      0x011b7d8e
                                      0x01212cfd
                                      0x01212d02
                                      0x01212d07
                                      0x01212d21
                                      0x01212d21
                                      0x00000000

                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: ___swprintf_l
                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                      • API String ID: 48624451-2108815105
                                      • Opcode ID: b9c46aa2054c54777a501754c76e137f725982f5310fb6ab2552edc36e517903
                                      • Instruction ID: 5e30ba8ddc6c99ddb74bebe76f6c78a5f9d8d832b86af751e6df8ece9530b539
                                      • Opcode Fuzzy Hash: b9c46aa2054c54777a501754c76e137f725982f5310fb6ab2552edc36e517903
                                      • Instruction Fuzzy Hash: BD6106B6A10517ABCB19DF9CC8C09BEFBF8BB582407108229F955D36C5E370EE5087A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      C-Code - Quality: 63%
                                      			E011B40FD(void* __ecx) {
                                      				signed int _v8;
                                      				char _v548;
                                      				unsigned int _v552;
                                      				unsigned int _v556;
                                      				unsigned int _v560;
                                      				char _v564;
                                      				char _v568;
                                      				void* __ebx;
                                      				void* __edi;
                                      				void* __esi;
                                      				unsigned int _t49;
                                      				signed char _t53;
                                      				unsigned int _t55;
                                      				unsigned int _t56;
                                      				unsigned int _t65;
                                      				unsigned int _t66;
                                      				void* _t68;
                                      				unsigned int _t73;
                                      				unsigned int _t77;
                                      				unsigned int _t85;
                                      				char* _t98;
                                      				unsigned int _t102;
                                      				signed int _t103;
                                      				void* _t105;
                                      				signed int _t107;
                                      				void* _t108;
                                      				void* _t110;
                                      				void* _t111;
                                      				void* _t112;
                                      
                                      				_t45 =  *0x12ad360 ^ _t107;
                                      				_v8 =  *0x12ad360 ^ _t107;
                                      				_t105 = __ecx;
                                      				if( *0x12a84d4 == 0) {
                                      					L5:
                                      					return E011FB640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
                                      				}
                                      				_t85 = 0;
                                      				E011CE9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
                                      				if(( *0x7ffe02d5 & 0x00000003) == 0) {
                                      					_t45 = 0;
                                      				} else {
                                      					_t45 =  *(_v564 + 0x5f) & 0x00000001;
                                      				}
                                      				if(_t45 == 0) {
                                      					_v552 = _t85;
                                      					_t49 = E011B42EB(_t105);
                                      					__eflags = _t49;
                                      					if(_t49 != 0) {
                                      						L15:
                                      						_t103 = 2;
                                      						_v552 = _t103;
                                      						L10:
                                      						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
                                      						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
                                      							_t45 = 1;
                                      						} else {
                                      							_t53 = E011B41EA(_v564);
                                      							asm("sbb al, al");
                                      							_t45 =  ~_t53 + 1;
                                      							__eflags = _t45;
                                      						}
                                      						__eflags = _t45;
                                      						if(_t45 == 0) {
                                      							_t102 = _t103 | 0x00000040;
                                      							_v552 = _t102;
                                      						}
                                      						__eflags = _t102;
                                      						if(_t102 != 0) {
                                      							L33:
                                      							_push(4);
                                      							_push( &_v552);
                                      							_push(0x22);
                                      							_push(0xffffffff);
                                      							_t45 = L011F96C0();
                                      						}
                                      						goto L4;
                                      					}
                                      					_v556 = _t85;
                                      					_t102 =  &_v556;
                                      					_t55 = E011B429E(_t105 + 0x2c, _t102);
                                      					__eflags = _t55;
                                      					if(_t55 >= 0) {
                                      						__eflags = _v556 - _t85;
                                      						if(_v556 == _t85) {
                                      							goto L8;
                                      						}
                                      						_t85 = _t105 + 0x24;
                                      						E01245720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
                                      						_v560 = 0x214;
                                      						E011FFA60( &_v548, 0, 0x214);
                                      						_t106 =  *0x12a84d4;
                                      						_t110 = _t108 + 0x20;
                                      						 *0x12ab1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
                                      						_t65 =  *((intOrPtr*)( *0x12a84d4))();
                                      						__eflags = _t65;
                                      						if(_t65 == 0) {
                                      							goto L8;
                                      						}
                                      						_t66 = _v560;
                                      						__eflags = _t66;
                                      						if(_t66 == 0) {
                                      							goto L8;
                                      						}
                                      						__eflags = _t66 - 0x214;
                                      						if(_t66 >= 0x214) {
                                      							goto L8;
                                      						}
                                      						_t68 = (_t66 >> 1) * 2 - 2;
                                      						__eflags = _t68 - 0x214;
                                      						if(_t68 >= 0x214) {
                                      							E011FB75A();
                                      							goto L33;
                                      						}
                                      						_push(_t85);
                                      						 *((short*)(_t107 + _t68 - 0x220)) = 0;
                                      						E01245720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
                                      						_t111 = _t110 + 0x14;
                                      						_t73 = E01201480( &_v548, L"Execute=1");
                                      						_push(_t85);
                                      						__eflags = _t73;
                                      						if(_t73 == 0) {
                                      							E01245720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
                                      							_t106 =  &_v548;
                                      							_t98 =  &_v548;
                                      							_t112 = _t111 + 0x14;
                                      							_t77 = _v560 + _t98;
                                      							_v556 = _t77;
                                      							__eflags = _t98 - _t77;
                                      							if(_t98 >= _t77) {
                                      								goto L8;
                                      							} else {
                                      								goto L27;
                                      							}
                                      							do {
                                      								L27:
                                      								_t85 = E01201150(_t106, 0x20);
                                      								__eflags = _t85;
                                      								if(__eflags != 0) {
                                      									__eflags = 0;
                                      									 *_t85 = 0;
                                      								}
                                      								E01245720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
                                      								_t112 = _t112 + 0x10;
                                      								E01233E13(_t105, _t106, __eflags);
                                      								__eflags = _t85;
                                      								if(_t85 == 0) {
                                      									goto L8;
                                      								}
                                      								_t41 = _t85 + 2; // 0x2
                                      								_t106 = _t41;
                                      								__eflags = _t106 - _v556;
                                      							} while (_t106 < _v556);
                                      							goto L8;
                                      						}
                                      						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
                                      						_push(3);
                                      						_push(0x55);
                                      						E01245720();
                                      						goto L15;
                                      					}
                                      					L8:
                                      					_t56 = E011B41F7(_t105);
                                      					__eflags = _t56;
                                      					if(_t56 != 0) {
                                      						goto L15;
                                      					}
                                      					_t103 = _v552;
                                      					goto L10;
                                      				} else {
                                      					L4:
                                      					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
                                      					goto L5;
                                      				}
                                      			}
































                                      0x011b410d
                                      0x011b410f
                                      0x011b411c
                                      0x011b411e
                                      0x011b4158
                                      0x011b4168
                                      0x011b4168
                                      0x011b4126
                                      0x011b4130
                                      0x011b413c
                                      0x012104a2
                                      0x011b4142
                                      0x011b414b
                                      0x011b414b
                                      0x011b414f
                                      0x011b416b
                                      0x011b4171
                                      0x011b4176
                                      0x011b4178
                                      0x011b41d0
                                      0x011b41d2
                                      0x011b41d3
                                      0x011b41a7
                                      0x011b41ae
                                      0x011b41b0
                                      0x011b41db
                                      0x011b41b2
                                      0x011b41b8
                                      0x011b41bf
                                      0x011b41c1
                                      0x011b41c1
                                      0x011b41c1
                                      0x011b41c3
                                      0x011b41c5
                                      0x011b41df
                                      0x011b41e2
                                      0x011b41e2
                                      0x011b41c7
                                      0x011b41c9
                                      0x01210628
                                      0x01210628
                                      0x01210630
                                      0x01210631
                                      0x01210633
                                      0x01210635
                                      0x01210635
                                      0x00000000
                                      0x011b41c9
                                      0x011b417d
                                      0x011b4183
                                      0x011b4189
                                      0x011b418e
                                      0x011b4190
                                      0x012104a9
                                      0x012104af
                                      0x00000000
                                      0x00000000
                                      0x012104b5
                                      0x012104c8
                                      0x012104d5
                                      0x012104e5
                                      0x012104ea
                                      0x012104f6
                                      0x01210518
                                      0x0121051e
                                      0x01210520
                                      0x01210522
                                      0x00000000
                                      0x00000000
                                      0x01210528
                                      0x0121052e
                                      0x01210530
                                      0x00000000
                                      0x00000000
                                      0x0121053b
                                      0x0121053d
                                      0x00000000
                                      0x00000000
                                      0x01210545
                                      0x0121054c
                                      0x0121054e
                                      0x01210623
                                      0x00000000
                                      0x01210623
                                      0x01210556
                                      0x01210557
                                      0x0121056f
                                      0x01210574
                                      0x01210583
                                      0x0121058a
                                      0x0121058b
                                      0x0121058d
                                      0x012105b5
                                      0x012105c0
                                      0x012105c6
                                      0x012105c8
                                      0x012105cb
                                      0x012105cd
                                      0x012105d3
                                      0x012105d5
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x012105db
                                      0x012105db
                                      0x012105e3
                                      0x012105e7
                                      0x012105e9
                                      0x012105eb
                                      0x012105ed
                                      0x012105ed
                                      0x012105fa
                                      0x012105ff
                                      0x01210606
                                      0x0121060b
                                      0x0121060d
                                      0x00000000
                                      0x00000000
                                      0x01210613
                                      0x01210613
                                      0x01210616
                                      0x01210616
                                      0x00000000
                                      0x0121061e
                                      0x0121058f
                                      0x01210594
                                      0x01210596
                                      0x01210598
                                      0x00000000
                                      0x0121059d
                                      0x011b4196
                                      0x011b4198
                                      0x011b419d
                                      0x011b419f
                                      0x00000000
                                      0x00000000
                                      0x011b41a1
                                      0x00000000
                                      0x011b4151
                                      0x011b4151
                                      0x011b4151
                                      0x00000000
                                      0x011b4151

                                      Strings
                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 012105AC
                                      • Execute=1, xrefs: 0121057D
                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01210566
                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 012104BF
                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 012105F1
                                      • ExecuteOptions, xrefs: 0121050A
                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 0121058F
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                      • API String ID: 0-484625025
                                      • Opcode ID: 0c6e8f8b4472e7021d31c4727048adbf5e12660cd00d857a206cb4d4acb9e8da
                                      • Instruction ID: 7db391a41d6ebcf7f700cd8a92193c2d43fe2675d08656da4435aaf655b13afb
                                      • Opcode Fuzzy Hash: 0c6e8f8b4472e7021d31c4727048adbf5e12660cd00d857a206cb4d4acb9e8da
                                      • Instruction Fuzzy Hash: B3613C35F40219BBEF2CEA55ECC5FF977A8EF24304F0441A9E60697582D770AA418F64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01212953
                                      Strings
                                      • RTL: Resource at %p, xrefs: 0121296B
                                      • RTL: Re-Waiting, xrefs: 01212988
                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 0121295B
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                      • API String ID: 885266447-605551621
                                      • Opcode ID: 5f5333166bff43be952b67585d5cffc13aa5139d31ac2bd3b4f7afe00f40199f
                                      • Instruction ID: d060afcc201f3e56c0f89038201df9216c8ea43c434b5ff855bc78aeaa00f585
                                      • Opcode Fuzzy Hash: 5f5333166bff43be952b67585d5cffc13aa5139d31ac2bd3b4f7afe00f40199f
                                      • Instruction Fuzzy Hash: 77315B31A20633FBCB25CA19CC80F677BA5EF61B60F210218FE446B685CB21B811C7E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID:
                                      • String ID: $$@
                                      • API String ID: 0-1194432280
                                      • Opcode ID: 39d57a4053654a287628ffb4a553a1ec7bf2db889093d59ffd5d06ebbb37e276
                                      • Instruction ID: b3b25a79bd22477939b38864479d2e1233c96b09f92a43c5f57d48dabcc0c49c
                                      • Opcode Fuzzy Hash: 39d57a4053654a287628ffb4a553a1ec7bf2db889093d59ffd5d06ebbb37e276
                                      • Instruction Fuzzy Hash: 37810A71D50269ABDB35DF94CC44BEDBAB4AB09714F0041EAEA1DB7280D7705E85CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0124FDFA
                                      Strings
                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0124FE01
                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0124FE2B
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.697236673.0000000001190000.00000040.00000001.sdmp, Offset: 01190000, based on PE: true
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                      • API String ID: 885266447-3903918235
                                      • Opcode ID: 214f3f0430efcfd0317159a5b744d1f94a4e528cf073e23f011ccf0777bdb01d
                                      • Instruction ID: b1027dc5b22659fc4bd813ffe203218ce684d9c8b48a7701dd6dcd7522a8458c
                                      • Opcode Fuzzy Hash: 214f3f0430efcfd0317159a5b744d1f94a4e528cf073e23f011ccf0777bdb01d
                                      • Instruction Fuzzy Hash: 1EF0F636250202BFE72C1A49DD02F33BF5AEB84B30F140318F7685A5D1DA62F82096F0
                                      Uniqueness

                                      Uniqueness Score: -1.00%