Loading ...

Play interactive tourEdit tour

Analysis Report DHL_document11022020680908006.exe

Overview

General Information

Sample Name:DHL_document11022020680908006.exe
Analysis ID:385270
MD5:68d63479e5a11048e6bc1eaa242f8c7b
SHA1:8637b7ec04a9ff11b8fc6d99a51f911aaad5a889
SHA256:0bc287a98874b2ba0b818013c4026180a2e210a65d0800a169dde7ad7725277b
Tags:CHNDHLexeFormbookgeo
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.bendhighswimming.com/crdi/"], "decoy": ["propertyjumpstartwebinar.com", "boc-vip.club", "polestarnyc.com", "travelonlinebiz.com", "bukovynaent.com", "bestfashoin.com", "miniindiastore.com", "wehatebillgates.com", "holmescountyjusticecourt.com", "colectivorenovemosjuntos.com", "houstowarehouse.com", "aocsw.com", "sml-uniform.com", "bandanasaint.com", "petposhdeluxe.com", "ezcscpawq.com", "ladiesoption.club", "refixu.com", "selfwrrrth.com", "rovietry.com", "enaoc.com", "karyolaw.com", "diversitymarketingtx.net", "browsersentenderbanco.net", "samtheshepherd.com", "nash-arbitrazh.com", "gampang-kerja.tech", "ereplacementparrts.com", "eventmidasbuy14.com", "sia-rikvel.com", "top2016.net", "686638.com", "ton.blue", "desktower.net", "dbykq020.com", "stack30.com", "tiendasfotoprix.com", "kylesmaier.com", "ekmantsang.com", "jumlasx.xyz", "qingqingyuyin.com", "cdnsubs.xyz", "maxamoose.com", "huelling.com", "xn--bjrnnstet-z2a8q.online", "betale-posten.com", "lalatendu.info", "nochipmanicure.net", "bichat.website", "washington32reds.com", "centrodesaludcrecer.com", "phihoteldeimedaglioni.com", "kilmalliefarms.com", "icecreamsocialwp.com", "mac-makeup.club", "elzooz.com", "iqomw.com", "bestattorneycle.com", "startonsocial.com", "purensoessentials.com", "therealyolandafay.com", "feildwolf.com", "nativesupps.com", "nbatimeout.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x161fe0:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x16225a:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x18e800:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x18ea7a:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x16dd7d:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x19a59d:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x16d869:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x19a089:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x16de7f:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x19a69f:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x16dff7:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x19a817:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x162c72:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x18f492:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16cae4:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x199304:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x16396b:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19018b:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x173bef:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a040f:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x174bf2:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x170b11:$sqlite3step: 68 34 1C 7B E1
    • 0x170c24:$sqlite3step: 68 34 1C 7B E1
    • 0x19d331:$sqlite3step: 68 34 1C 7B E1
    • 0x19d444:$sqlite3step: 68 34 1C 7B E1
    • 0x170b40:$sqlite3text: 68 38 2A 90 C5
    • 0x170c65:$sqlite3text: 68 38 2A 90 C5
    • 0x19d360:$sqlite3text: 68 38 2A 90 C5
    • 0x19d485:$sqlite3text: 68 38 2A 90 C5
    • 0x170b53:$sqlite3blob: 68 53 D8 7F 8C
    • 0x170c7b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x19d373:$sqlite3blob: 68 53 D8 7F 8C
    • 0x19d49b:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 3 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.DHL_document11022020680908006.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          6.2.DHL_document11022020680908006.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a6f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b6fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          6.2.DHL_document11022020680908006.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17619:$sqlite3step: 68 34 1C 7B E1
          • 0x1772c:$sqlite3step: 68 34 1C 7B E1
          • 0x17648:$sqlite3text: 68 38 2A 90 C5
          • 0x1776d:$sqlite3text: 68 38 2A 90 C5
          • 0x1765b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17783:$sqlite3blob: 68 53 D8 7F 8C
          6.2.DHL_document11022020680908006.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            6.2.DHL_document11022020680908006.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            Click to see the 1 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.bendhighswimming.com/crdi/"], "decoy": ["propertyjumpstartwebinar.com", "boc-vip.club", "polestarnyc.com", "travelonlinebiz.com", "bukovynaent.com", "bestfashoin.com", "miniindiastore.com", "wehatebillgates.com", "holmescountyjusticecourt.com", "colectivorenovemosjuntos.com", "houstowarehouse.com", "aocsw.com", "sml-uniform.com", "bandanasaint.com", "petposhdeluxe.com", "ezcscpawq.com", "ladiesoption.club", "refixu.com", "selfwrrrth.com", "rovietry.com", "enaoc.com", "karyolaw.com", "diversitymarketingtx.net", "browsersentenderbanco.net", "samtheshepherd.com", "nash-arbitrazh.com", "gampang-kerja.tech", "ereplacementparrts.com", "eventmidasbuy14.com", "sia-rikvel.com", "top2016.net", "686638.com", "ton.blue", "desktower.net", "dbykq020.com", "stack30.com", "tiendasfotoprix.com", "kylesmaier.com", "ekmantsang.com", "jumlasx.xyz", "qingqingyuyin.com", "cdnsubs.xyz", "maxamoose.com", "huelling.com", "xn--bjrnnstet-z2a8q.online", "betale-posten.com", "lalatendu.info", "nochipmanicure.net", "bichat.website", "washington32reds.com", "centrodesaludcrecer.com", "phihoteldeimedaglioni.com", "kilmalliefarms.com", "icecreamsocialwp.com", "mac-makeup.club", "elzooz.com", "iqomw.com", "bestattorneycle.com", "startonsocial.com", "purensoessentials.com", "therealyolandafay.com", "feildwolf.com", "nativesupps.com", "nbatimeout.com"]}
            Multi AV Scanner detection for submitted fileShow sources
            Source: DHL_document11022020680908006.exeReversingLabs: Detection: 25%
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 6.2.DHL_document11022020680908006.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.DHL_document11022020680908006.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: DHL_document11022020680908006.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            Source: DHL_document11022020680908006.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: wntdll.pdbUGP source: DHL_document11022020680908006.exe, 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: DHL_document11022020680908006.exe
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_011B78E8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_011B789F

            Networking:

            barindex
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: www.bendhighswimming.com/crdi/
            Source: DHL_document11022020680908006.exe, 00000000.00000003.233610834.000000000120D000.00000004.00000001.sdmpString found in binary or memory: http://en.wQ
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234631685.0000000005B7B000.00000004.00000001.sdmp, DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: DHL_document11022020680908006.exe, 00000000.00000003.236661880.0000000005B70000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com?
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: DHL_document11022020680908006.exe, 00000000.00000003.240077453.0000000005B69000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers-
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: DHL_document11022020680908006.exe, 00000000.00000003.240581343.0000000005B6D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersY
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270290969.0000000005B60000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234241493.0000000005B7B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234336459.0000000005B7B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comn
            Source: DHL_document11022020680908006.exe, 00000000.00000003.236076294.0000000005B9D000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: DHL_document11022020680908006.exe, 00000000.00000003.236076294.0000000005B9D000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn-
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: DHL_document11022020680908006.exe, 00000000.00000003.236076294.0000000005B9D000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnl-g&
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: DHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//
            Source: DHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ana
            Source: DHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/iva
            Source: DHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
            Source: DHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/_
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234241493.0000000005B7B000.00000004.00000001.sdmp, DHL_document11022020680908006.exe, 00000000.00000003.233917646.0000000005B81000.00000004.00000001.sdmp, DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234241493.0000000005B7B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com5
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
            Source: DHL_document11022020680908006.exe, 00000000.00000003.235507174.0000000005B69000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: DHL_document11022020680908006.exe, 00000000.00000003.235507174.0000000005B69000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krntact
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234631685.0000000005B7B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comU
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234707922.0000000005B7B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comh
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234663283.0000000005B7B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.coml
            Source: DHL_document11022020680908006.exe, 00000000.00000003.234631685.0000000005B7B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comnh
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

            E-Banking Fraud:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 6.2.DHL_document11022020680908006.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.DHL_document11022020680908006.exe.400000.0.raw.unpack, type: UNPACKEDPE

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Initial sample is a PE file and has a suspicious nameShow sources
            Source: initial sampleStatic PE information: Filename: DHL_document11022020680908006.exe
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041A060 NtClose,6_2_0041A060
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041A110 NtAllocateVirtualMemory,6_2_0041A110
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00419F30 NtCreateFile,6_2_00419F30
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00419FE0 NtReadFile,6_2_00419FE0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041A05A NtClose,6_2_0041A05A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041A10C NtAllocateVirtualMemory,6_2_0041A10C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00419FDA NtReadFile,6_2_00419FDA
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9860 NtQuerySystemInformation,LdrInitializeThunk,6_2_018E9860
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E96E0 NtFreeVirtualMemory,LdrInitializeThunk,6_2_018E96E0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9660 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_018E9660
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E99A0 NtCreateSection,6_2_018E99A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E99D0 NtCreateProcessEx,6_2_018E99D0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9910 NtAdjustPrivilegesToken,6_2_018E9910
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9950 NtQueueApcThread,6_2_018E9950
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E98A0 NtWriteVirtualMemory,6_2_018E98A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E98F0 NtReadVirtualMemory,6_2_018E98F0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9820 NtEnumerateKey,6_2_018E9820
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018EB040 NtSuspendThread,6_2_018EB040
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9840 NtDelayExecution,6_2_018E9840
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018EA3B0 NtGetContextThread,6_2_018EA3B0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9B00 NtSetValueKey,6_2_018E9B00
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9A80 NtOpenDirectoryObject,6_2_018E9A80
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9A00 NtProtectVirtualMemory,6_2_018E9A00
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9A10 NtQuerySection,6_2_018E9A10
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9A20 NtResumeThread,6_2_018E9A20
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9A50 NtCreateFile,6_2_018E9A50
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E95D0 NtClose,6_2_018E95D0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E95F0 NtQueryInformationFile,6_2_018E95F0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_00714D160_2_00714D16
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_0071869D0_2_0071869D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B81680_2_011B8168
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B09600_2_011B0960
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B13B00_2_011B13B0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B1A6B0_2_011B1A6B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B55FC0_2_011B55FC
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B6CC80_2_011B6CC8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B09150_2_011B0915
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B50380_2_011B5038
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B4DF00_2_011B4DF0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B55F00_2_011B55F0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B540F0_2_011B540F
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B6CBF0_2_011B6CBF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B2E080_2_011B2E08
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B56380_2_011B5638
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B56470_2_011B5647
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B6EE90_2_011B6EE9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_02ABC4280_2_02ABC428
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_02AB98900_2_02AB9890
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 3_2_002F4D163_2_002F4D16
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 3_2_002F869D3_2_002F869D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4_2_00254D164_2_00254D16
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4_2_0025869D4_2_0025869D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_004010296_2_00401029
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_004010306_2_00401030
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041D1736_2_0041D173
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041E3E66_2_0041E3E6
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041DBBB6_2_0041DBBB
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00402D876_2_00402D87
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041D5896_2_0041D589
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00402D906_2_00402D90
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00409E406_2_00409E40
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00409E3B6_2_00409E3B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041DFAA6_2_0041DFAA
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00402FB06_2_00402FB0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00DE4D166_2_00DE4D16
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00DE869D6_2_00DE869D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C29906_2_018C2990
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AF9006_2_018AF900
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C41206_2_018C4120
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BB0906_2_018BB090
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D20A06_2_018D20A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019720A86_2_019720A8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019728EC6_2_019728EC
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A68006_2_018A6800
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019610026_2_01961002
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0197E8246_2_0197E824
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA8306_2_018CA830
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D138B6_2_018D138B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CEB9A6_2_018CEB9A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0194EB8A6_2_0194EB8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DEBB06_2_018DEBB0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196DBD26_2_0196DBD2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019603DA6_2_019603DA
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DABD86_2_018DABD8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018F8BE86_2_018F8BE8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019523E36_2_019523E3
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA3096_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196231B6_2_0196231B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01972B286_2_01972B28
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CAB406_2_018CAB40
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0194CB4F6_2_0194CB4F
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C33606_2_018C3360
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019722AE6_2_019722AE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019732A96_2_019732A9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196E2C56_2_0196E2C5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB2366_2_018CB236
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0195FA2B6_2_0195FA2B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D25816_2_018D2581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962D826_2_01962D82
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D65A06_2_018D65A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019725DD6_2_019725DD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BD5E06_2_018BD5E0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01972D076_2_01972D07
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: String function: 018AB150 appears 88 times
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: String function: 01935720 appears 47 times
            Source: DHL_document11022020680908006.exe, 00000000.00000002.272033610.00000000077C0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll2 vs DHL_document11022020680908006.exe
            Source: DHL_document11022020680908006.exe, 00000000.00000000.231107081.00000000007C6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameResolveEventHandler.exe> vs DHL_document11022020680908006.exe
            Source: DHL_document11022020680908006.exe, 00000000.00000002.271515431.0000000007150000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll" vs DHL_document11022020680908006.exe
            Source: DHL_document11022020680908006.exe, 00000003.00000002.255099385.00000000003A6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameResolveEventHandler.exe> vs DHL_document11022020680908006.exe
            Source: DHL_document11022020680908006.exe, 00000004.00000000.255948475.0000000000306000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameResolveEventHandler.exe> vs DHL_document11022020680908006.exe
            Source: DHL_document11022020680908006.exe, 00000006.00000002.259562052.0000000000E96000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameResolveEventHandler.exe> vs DHL_document11022020680908006.exe
            Source: DHL_document11022020680908006.exe, 00000006.00000002.260362622.0000000001B2F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DHL_document11022020680908006.exe
            Source: DHL_document11022020680908006.exeBinary or memory string: OriginalFilenameResolveEventHandler.exe> vs DHL_document11022020680908006.exe
            Source: DHL_document11022020680908006.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            Source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 6.2.DHL_document11022020680908006.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: DHL_document11022020680908006.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@0/0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL_document11022020680908006.exe.logJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeMutant created: \Sessions\1\BaseNamedObjects\NIuDJQPdpTkCF
            Source: DHL_document11022020680908006.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: Select * from UnmanagedMemoryStreamWrapper WHERE modelo=@modelo;?
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel5Erro ao listar Banco sql-UnmanagedMemoryStreamWrapper.INSERT INTO Aluguel VALUES(@clienteID, @data);
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: INSERT INTO UnmanagedMemoryStreamWrapper VALUES(@modelo, @fabricante, @ano, @cor);
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
            Source: DHL_document11022020680908006.exeReversingLabs: Detection: 25%
            Source: unknownProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe 'C:\Users\user\Desktop\DHL_document11022020680908006.exe'
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exe
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exe
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exe
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exeJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exeJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exeJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: DHL_document11022020680908006.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: DHL_document11022020680908006.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: wntdll.pdbUGP source: DHL_document11022020680908006.exe, 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: DHL_document11022020680908006.exe
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_007BB088 push eax; ret 0_2_007BB08C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_007BA258 push edi; iretd 0_2_007BA259
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_007B8F6B push FFFFFFFEh; retf 0_2_007B8F6D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_007B8B14 pushfd ; iretd 0_2_007B8B17
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_007BA30F push ebx; retf 0_2_007BA310
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 0_2_011B4590 push FFFFFFA0h; iretd 0_2_011B4597
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 3_2_0039B088 push eax; ret 3_2_0039B08C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 3_2_0039A258 push edi; iretd 3_2_0039A259
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 3_2_00398B14 pushfd ; iretd 3_2_00398B17
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 3_2_0039A30F push ebx; retf 3_2_0039A310
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 3_2_00398F6B push FFFFFFFEh; retf 3_2_00398F6D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4_2_002FB088 push eax; ret 4_2_002FB08C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4_2_002FA258 push edi; iretd 4_2_002FA259
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4_2_002FA30F push ebx; retf 4_2_002FA310
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4_2_002F8B14 pushfd ; iretd 4_2_002F8B17
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 4_2_002F8F6B push FFFFFFFEh; retf 4_2_002F8F6D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041C875 push ss; retf 6_2_0041C87C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041C811 push ss; retf 6_2_0041C87C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041D0D2 push eax; ret 6_2_0041D0D8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041D0DB push eax; ret 6_2_0041D142
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041D085 push eax; ret 6_2_0041D0D8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041D13C push eax; ret 6_2_0041D142
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0041A1C6 pushfd ; iretd 6_2_0041A1CB
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00419AC6 push edx; ret 6_2_00419ACA
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00407B28 push FFFFFFC4h; ret 6_2_00407B2A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00416B8B push cs; iretd 6_2_00416B93
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00E8B088 push eax; ret 6_2_00E8B08C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00E8A258 push edi; iretd 6_2_00E8A259
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00E8A30F push ebx; retf 6_2_00E8A310
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00E88B14 pushfd ; iretd 6_2_00E88B17
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00E88F6B push FFFFFFFEh; retf 6_2_00E88F6D
            Source: initial sampleStatic PE information: section name: .text entropy: 7.95739583157
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Yara detected AntiVM3Show sources
            Source: Yara matchFile source: 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: DHL_document11022020680908006.exe PID: 240, type: MEMORY
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00409A90 rdtsc 6_2_00409A90
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exe TID: 5292Thread sleep time: -103301s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exe TID: 5288Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exe TID: 2248Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeThread delayed: delay time: 103301Jump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: vmware
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: VMWARE
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
            Source: DHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_00409A90 rdtsc 6_2_00409A90
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E9860 NtQuerySystemInformation,LdrInitializeThunk,6_2_018E9860
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DA185 mov eax, dword ptr fs:[00000030h]6_2_018DA185
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CC182 mov eax, dword ptr fs:[00000030h]6_2_018CC182
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A519E mov eax, dword ptr fs:[00000030h]6_2_018A519E
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A519E mov ecx, dword ptr fs:[00000030h]6_2_018A519E
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D2990 mov eax, dword ptr fs:[00000030h]6_2_018D2990
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D4190 mov eax, dword ptr fs:[00000030h]6_2_018D4190
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196A189 mov eax, dword ptr fs:[00000030h]6_2_0196A189
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196A189 mov ecx, dword ptr fs:[00000030h]6_2_0196A189
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0197F1B5 mov eax, dword ptr fs:[00000030h]6_2_0197F1B5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0197F1B5 mov eax, dword ptr fs:[00000030h]6_2_0197F1B5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019251BE mov eax, dword ptr fs:[00000030h]6_2_019251BE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019251BE mov eax, dword ptr fs:[00000030h]6_2_019251BE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019251BE mov eax, dword ptr fs:[00000030h]6_2_019251BE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019251BE mov eax, dword ptr fs:[00000030h]6_2_019251BE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B61A7 mov eax, dword ptr fs:[00000030h]6_2_018B61A7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B61A7 mov eax, dword ptr fs:[00000030h]6_2_018B61A7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B61A7 mov eax, dword ptr fs:[00000030h]6_2_018B61A7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B61A7 mov eax, dword ptr fs:[00000030h]6_2_018B61A7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D61A0 mov eax, dword ptr fs:[00000030h]6_2_018D61A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D61A0 mov eax, dword ptr fs:[00000030h]6_2_018D61A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019649A4 mov eax, dword ptr fs:[00000030h]6_2_019649A4
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019649A4 mov eax, dword ptr fs:[00000030h]6_2_019649A4
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019649A4 mov eax, dword ptr fs:[00000030h]6_2_019649A4
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019649A4 mov eax, dword ptr fs:[00000030h]6_2_019649A4
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DC9BF mov eax, dword ptr fs:[00000030h]6_2_018DC9BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DC9BF mov eax, dword ptr fs:[00000030h]6_2_018DC9BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov ecx, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov ecx, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov eax, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov ecx, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov ecx, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov eax, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov ecx, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov ecx, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov eax, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov ecx, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov ecx, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C99BF mov eax, dword ptr fs:[00000030h]6_2_018C99BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019269A6 mov eax, dword ptr fs:[00000030h]6_2_019269A6
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B99C7 mov eax, dword ptr fs:[00000030h]6_2_018B99C7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B99C7 mov eax, dword ptr fs:[00000030h]6_2_018B99C7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B99C7 mov eax, dword ptr fs:[00000030h]6_2_018B99C7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B99C7 mov eax, dword ptr fs:[00000030h]6_2_018B99C7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019619D8 mov eax, dword ptr fs:[00000030h]6_2_019619D8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A31E0 mov eax, dword ptr fs:[00000030h]6_2_018A31E0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AB1E1 mov eax, dword ptr fs:[00000030h]6_2_018AB1E1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AB1E1 mov eax, dword ptr fs:[00000030h]6_2_018AB1E1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AB1E1 mov eax, dword ptr fs:[00000030h]6_2_018AB1E1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019789E7 mov eax, dword ptr fs:[00000030h]6_2_019789E7
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019341E8 mov eax, dword ptr fs:[00000030h]6_2_019341E8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A9100 mov eax, dword ptr fs:[00000030h]6_2_018A9100
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A9100 mov eax, dword ptr fs:[00000030h]6_2_018A9100
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A9100 mov eax, dword ptr fs:[00000030h]6_2_018A9100
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B0100 mov eax, dword ptr fs:[00000030h]6_2_018B0100
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B0100 mov eax, dword ptr fs:[00000030h]6_2_018B0100
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B0100 mov eax, dword ptr fs:[00000030h]6_2_018B0100
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C4120 mov eax, dword ptr fs:[00000030h]6_2_018C4120
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C4120 mov eax, dword ptr fs:[00000030h]6_2_018C4120
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C4120 mov eax, dword ptr fs:[00000030h]6_2_018C4120
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C4120 mov eax, dword ptr fs:[00000030h]6_2_018C4120
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C4120 mov ecx, dword ptr fs:[00000030h]6_2_018C4120
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A3138 mov ecx, dword ptr fs:[00000030h]6_2_018A3138
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D513A mov eax, dword ptr fs:[00000030h]6_2_018D513A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D513A mov eax, dword ptr fs:[00000030h]6_2_018D513A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01961951 mov eax, dword ptr fs:[00000030h]6_2_01961951
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB944 mov eax, dword ptr fs:[00000030h]6_2_018CB944
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB944 mov eax, dword ptr fs:[00000030h]6_2_018CB944
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A395E mov eax, dword ptr fs:[00000030h]6_2_018A395E
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A395E mov eax, dword ptr fs:[00000030h]6_2_018A395E
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AC962 mov eax, dword ptr fs:[00000030h]6_2_018AC962
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01978966 mov eax, dword ptr fs:[00000030h]6_2_01978966
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196E962 mov eax, dword ptr fs:[00000030h]6_2_0196E962
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AB171 mov eax, dword ptr fs:[00000030h]6_2_018AB171
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AB171 mov eax, dword ptr fs:[00000030h]6_2_018AB171
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A9080 mov eax, dword ptr fs:[00000030h]6_2_018A9080
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A3880 mov eax, dword ptr fs:[00000030h]6_2_018A3880
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A3880 mov eax, dword ptr fs:[00000030h]6_2_018A3880
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01923884 mov eax, dword ptr fs:[00000030h]6_2_01923884
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01923884 mov eax, dword ptr fs:[00000030h]6_2_01923884
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E90AF mov eax, dword ptr fs:[00000030h]6_2_018E90AF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28AE mov eax, dword ptr fs:[00000030h]6_2_018B28AE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28AE mov eax, dword ptr fs:[00000030h]6_2_018B28AE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28AE mov eax, dword ptr fs:[00000030h]6_2_018B28AE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28AE mov ecx, dword ptr fs:[00000030h]6_2_018B28AE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28AE mov eax, dword ptr fs:[00000030h]6_2_018B28AE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28AE mov eax, dword ptr fs:[00000030h]6_2_018B28AE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D20A0 mov eax, dword ptr fs:[00000030h]6_2_018D20A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D20A0 mov eax, dword ptr fs:[00000030h]6_2_018D20A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D20A0 mov eax, dword ptr fs:[00000030h]6_2_018D20A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D20A0 mov eax, dword ptr fs:[00000030h]6_2_018D20A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D20A0 mov eax, dword ptr fs:[00000030h]6_2_018D20A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D20A0 mov eax, dword ptr fs:[00000030h]6_2_018D20A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D78A0 mov eax, dword ptr fs:[00000030h]6_2_018D78A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DF0BF mov ecx, dword ptr fs:[00000030h]6_2_018DF0BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DF0BF mov eax, dword ptr fs:[00000030h]6_2_018DF0BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DF0BF mov eax, dword ptr fs:[00000030h]6_2_018DF0BF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0193B8D0 mov eax, dword ptr fs:[00000030h]6_2_0193B8D0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0193B8D0 mov ecx, dword ptr fs:[00000030h]6_2_0193B8D0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0193B8D0 mov eax, dword ptr fs:[00000030h]6_2_0193B8D0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0193B8D0 mov eax, dword ptr fs:[00000030h]6_2_0193B8D0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0193B8D0 mov eax, dword ptr fs:[00000030h]6_2_0193B8D0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0193B8D0 mov eax, dword ptr fs:[00000030h]6_2_0193B8D0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A70C0 mov eax, dword ptr fs:[00000030h]6_2_018A70C0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A70C0 mov eax, dword ptr fs:[00000030h]6_2_018A70C0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019618CA mov eax, dword ptr fs:[00000030h]6_2_019618CA
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A58EC mov eax, dword ptr fs:[00000030h]6_2_018A58EC
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB8E4 mov eax, dword ptr fs:[00000030h]6_2_018CB8E4
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB8E4 mov eax, dword ptr fs:[00000030h]6_2_018CB8E4
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A40E1 mov eax, dword ptr fs:[00000030h]6_2_018A40E1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A40E1 mov eax, dword ptr fs:[00000030h]6_2_018A40E1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A40E1 mov eax, dword ptr fs:[00000030h]6_2_018A40E1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28FD mov eax, dword ptr fs:[00000030h]6_2_018B28FD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28FD mov eax, dword ptr fs:[00000030h]6_2_018B28FD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B28FD mov eax, dword ptr fs:[00000030h]6_2_018B28FD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01974015 mov eax, dword ptr fs:[00000030h]6_2_01974015
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01974015 mov eax, dword ptr fs:[00000030h]6_2_01974015
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01927016 mov eax, dword ptr fs:[00000030h]6_2_01927016
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01927016 mov eax, dword ptr fs:[00000030h]6_2_01927016
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01927016 mov eax, dword ptr fs:[00000030h]6_2_01927016
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A6800 mov eax, dword ptr fs:[00000030h]6_2_018A6800
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A6800 mov eax, dword ptr fs:[00000030h]6_2_018A6800
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A6800 mov eax, dword ptr fs:[00000030h]6_2_018A6800
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D002D mov eax, dword ptr fs:[00000030h]6_2_018D002D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D002D mov eax, dword ptr fs:[00000030h]6_2_018D002D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D002D mov eax, dword ptr fs:[00000030h]6_2_018D002D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D002D mov eax, dword ptr fs:[00000030h]6_2_018D002D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D002D mov eax, dword ptr fs:[00000030h]6_2_018D002D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BB02A mov eax, dword ptr fs:[00000030h]6_2_018BB02A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BB02A mov eax, dword ptr fs:[00000030h]6_2_018BB02A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BB02A mov eax, dword ptr fs:[00000030h]6_2_018BB02A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BB02A mov eax, dword ptr fs:[00000030h]6_2_018BB02A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D4020 mov edi, dword ptr fs:[00000030h]6_2_018D4020
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA830 mov eax, dword ptr fs:[00000030h]6_2_018CA830
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA830 mov eax, dword ptr fs:[00000030h]6_2_018CA830
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA830 mov eax, dword ptr fs:[00000030h]6_2_018CA830
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA830 mov eax, dword ptr fs:[00000030h]6_2_018CA830
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01961843 mov eax, dword ptr fs:[00000030h]6_2_01961843
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5050 mov eax, dword ptr fs:[00000030h]6_2_018A5050
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5050 mov eax, dword ptr fs:[00000030h]6_2_018A5050
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5050 mov eax, dword ptr fs:[00000030h]6_2_018A5050
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C0050 mov eax, dword ptr fs:[00000030h]6_2_018C0050
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C0050 mov eax, dword ptr fs:[00000030h]6_2_018C0050
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A7057 mov eax, dword ptr fs:[00000030h]6_2_018A7057
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CF86D mov eax, dword ptr fs:[00000030h]6_2_018CF86D
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01971074 mov eax, dword ptr fs:[00000030h]6_2_01971074
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962073 mov eax, dword ptr fs:[00000030h]6_2_01962073
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B1B8F mov eax, dword ptr fs:[00000030h]6_2_018B1B8F
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B1B8F mov eax, dword ptr fs:[00000030h]6_2_018B1B8F
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D138B mov eax, dword ptr fs:[00000030h]6_2_018D138B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D138B mov eax, dword ptr fs:[00000030h]6_2_018D138B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D138B mov eax, dword ptr fs:[00000030h]6_2_018D138B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0195D380 mov ecx, dword ptr fs:[00000030h]6_2_0195D380
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CEB9A mov eax, dword ptr fs:[00000030h]6_2_018CEB9A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CEB9A mov eax, dword ptr fs:[00000030h]6_2_018CEB9A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D2397 mov eax, dword ptr fs:[00000030h]6_2_018D2397
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196138A mov eax, dword ptr fs:[00000030h]6_2_0196138A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DB390 mov eax, dword ptr fs:[00000030h]6_2_018DB390
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0194EB8A mov ecx, dword ptr fs:[00000030h]6_2_0194EB8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0194EB8A mov eax, dword ptr fs:[00000030h]6_2_0194EB8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0194EB8A mov eax, dword ptr fs:[00000030h]6_2_0194EB8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0194EB8A mov eax, dword ptr fs:[00000030h]6_2_0194EB8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A4B94 mov edi, dword ptr fs:[00000030h]6_2_018A4B94
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D4BAD mov eax, dword ptr fs:[00000030h]6_2_018D4BAD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D4BAD mov eax, dword ptr fs:[00000030h]6_2_018D4BAD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D4BAD mov eax, dword ptr fs:[00000030h]6_2_018D4BAD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01978BB6 mov eax, dword ptr fs:[00000030h]6_2_01978BB6
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01979BBE mov eax, dword ptr fs:[00000030h]6_2_01979BBE
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01975BA5 mov eax, dword ptr fs:[00000030h]6_2_01975BA5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01961BA8 mov eax, dword ptr fs:[00000030h]6_2_01961BA8
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D53C5 mov eax, dword ptr fs:[00000030h]6_2_018D53C5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019253CA mov eax, dword ptr fs:[00000030h]6_2_019253CA
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019253CA mov eax, dword ptr fs:[00000030h]6_2_019253CA
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A1BE9 mov eax, dword ptr fs:[00000030h]6_2_018A1BE9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CDBE9 mov eax, dword ptr fs:[00000030h]6_2_018CDBE9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D03E2 mov eax, dword ptr fs:[00000030h]6_2_018D03E2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D03E2 mov eax, dword ptr fs:[00000030h]6_2_018D03E2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D03E2 mov eax, dword ptr fs:[00000030h]6_2_018D03E2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D03E2 mov eax, dword ptr fs:[00000030h]6_2_018D03E2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D03E2 mov eax, dword ptr fs:[00000030h]6_2_018D03E2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D03E2 mov eax, dword ptr fs:[00000030h]6_2_018D03E2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019523E3 mov ecx, dword ptr fs:[00000030h]6_2_019523E3
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019523E3 mov ecx, dword ptr fs:[00000030h]6_2_019523E3
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019523E3 mov eax, dword ptr fs:[00000030h]6_2_019523E3
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA309 mov eax, dword ptr fs:[00000030h]6_2_018CA309
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196131B mov eax, dword ptr fs:[00000030h]6_2_0196131B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018ADB40 mov eax, dword ptr fs:[00000030h]6_2_018ADB40
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01978B58 mov eax, dword ptr fs:[00000030h]6_2_01978B58
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AF358 mov eax, dword ptr fs:[00000030h]6_2_018AF358
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D3B5A mov eax, dword ptr fs:[00000030h]6_2_018D3B5A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D3B5A mov eax, dword ptr fs:[00000030h]6_2_018D3B5A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D3B5A mov eax, dword ptr fs:[00000030h]6_2_018D3B5A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D3B5A mov eax, dword ptr fs:[00000030h]6_2_018D3B5A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018ADB60 mov ecx, dword ptr fs:[00000030h]6_2_018ADB60
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01936365 mov eax, dword ptr fs:[00000030h]6_2_01936365
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01936365 mov eax, dword ptr fs:[00000030h]6_2_01936365
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01936365 mov eax, dword ptr fs:[00000030h]6_2_01936365
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D3B7A mov eax, dword ptr fs:[00000030h]6_2_018D3B7A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D3B7A mov eax, dword ptr fs:[00000030h]6_2_018D3B7A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BF370 mov eax, dword ptr fs:[00000030h]6_2_018BF370
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BF370 mov eax, dword ptr fs:[00000030h]6_2_018BF370
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BF370 mov eax, dword ptr fs:[00000030h]6_2_018BF370
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DDA88 mov eax, dword ptr fs:[00000030h]6_2_018DDA88
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DDA88 mov eax, dword ptr fs:[00000030h]6_2_018DDA88
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196129A mov eax, dword ptr fs:[00000030h]6_2_0196129A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DD294 mov eax, dword ptr fs:[00000030h]6_2_018DD294
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DD294 mov eax, dword ptr fs:[00000030h]6_2_018DD294
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A1AA0 mov eax, dword ptr fs:[00000030h]6_2_018A1AA0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D5AA0 mov eax, dword ptr fs:[00000030h]6_2_018D5AA0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D5AA0 mov eax, dword ptr fs:[00000030h]6_2_018D5AA0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A52A5 mov eax, dword ptr fs:[00000030h]6_2_018A52A5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A52A5 mov eax, dword ptr fs:[00000030h]6_2_018A52A5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A52A5 mov eax, dword ptr fs:[00000030h]6_2_018A52A5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A52A5 mov eax, dword ptr fs:[00000030h]6_2_018A52A5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A52A5 mov eax, dword ptr fs:[00000030h]6_2_018A52A5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D12BD mov esi, dword ptr fs:[00000030h]6_2_018D12BD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D12BD mov eax, dword ptr fs:[00000030h]6_2_018D12BD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D12BD mov eax, dword ptr fs:[00000030h]6_2_018D12BD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BAAB0 mov eax, dword ptr fs:[00000030h]6_2_018BAAB0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BAAB0 mov eax, dword ptr fs:[00000030h]6_2_018BAAB0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DFAB0 mov eax, dword ptr fs:[00000030h]6_2_018DFAB0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A3ACA mov eax, dword ptr fs:[00000030h]6_2_018A3ACA
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D2ACB mov eax, dword ptr fs:[00000030h]6_2_018D2ACB
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5AC0 mov eax, dword ptr fs:[00000030h]6_2_018A5AC0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5AC0 mov eax, dword ptr fs:[00000030h]6_2_018A5AC0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5AC0 mov eax, dword ptr fs:[00000030h]6_2_018A5AC0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01978ADD mov eax, dword ptr fs:[00000030h]6_2_01978ADD
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A12D4 mov eax, dword ptr fs:[00000030h]6_2_018A12D4
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D2AE4 mov eax, dword ptr fs:[00000030h]6_2_018D2AE4
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01964AEF mov eax, dword ptr fs:[00000030h]6_2_01964AEF
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196AA16 mov eax, dword ptr fs:[00000030h]6_2_0196AA16
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196AA16 mov eax, dword ptr fs:[00000030h]6_2_0196AA16
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018B8A0A mov eax, dword ptr fs:[00000030h]6_2_018B8A0A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018C3A1C mov eax, dword ptr fs:[00000030h]6_2_018C3A1C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5210 mov eax, dword ptr fs:[00000030h]6_2_018A5210
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5210 mov ecx, dword ptr fs:[00000030h]6_2_018A5210
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5210 mov eax, dword ptr fs:[00000030h]6_2_018A5210
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A5210 mov eax, dword ptr fs:[00000030h]6_2_018A5210
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AAA16 mov eax, dword ptr fs:[00000030h]6_2_018AAA16
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018AAA16 mov eax, dword ptr fs:[00000030h]6_2_018AAA16
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E4A2C mov eax, dword ptr fs:[00000030h]6_2_018E4A2C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E4A2C mov eax, dword ptr fs:[00000030h]6_2_018E4A2C
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CA229 mov eax, dword ptr fs:[00000030h]6_2_018CA229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A4A20 mov eax, dword ptr fs:[00000030h]6_2_018A4A20
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A4A20 mov eax, dword ptr fs:[00000030h]6_2_018A4A20
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A8239 mov eax, dword ptr fs:[00000030h]6_2_018A8239
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A8239 mov eax, dword ptr fs:[00000030h]6_2_018A8239
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A8239 mov eax, dword ptr fs:[00000030h]6_2_018A8239
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB236 mov eax, dword ptr fs:[00000030h]6_2_018CB236
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB236 mov eax, dword ptr fs:[00000030h]6_2_018CB236
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB236 mov eax, dword ptr fs:[00000030h]6_2_018CB236
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB236 mov eax, dword ptr fs:[00000030h]6_2_018CB236
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB236 mov eax, dword ptr fs:[00000030h]6_2_018CB236
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018CB236 mov eax, dword ptr fs:[00000030h]6_2_018CB236
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01961229 mov eax, dword ptr fs:[00000030h]6_2_01961229
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196EA55 mov eax, dword ptr fs:[00000030h]6_2_0196EA55
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01934257 mov eax, dword ptr fs:[00000030h]6_2_01934257
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01961A5F mov eax, dword ptr fs:[00000030h]6_2_01961A5F
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A9240 mov eax, dword ptr fs:[00000030h]6_2_018A9240
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A9240 mov eax, dword ptr fs:[00000030h]6_2_018A9240
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A9240 mov eax, dword ptr fs:[00000030h]6_2_018A9240
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A9240 mov eax, dword ptr fs:[00000030h]6_2_018A9240
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E5A69 mov eax, dword ptr fs:[00000030h]6_2_018E5A69
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E5A69 mov eax, dword ptr fs:[00000030h]6_2_018E5A69
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E5A69 mov eax, dword ptr fs:[00000030h]6_2_018E5A69
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018E927A mov eax, dword ptr fs:[00000030h]6_2_018E927A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0195B260 mov eax, dword ptr fs:[00000030h]6_2_0195B260
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0195B260 mov eax, dword ptr fs:[00000030h]6_2_0195B260
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01978A62 mov eax, dword ptr fs:[00000030h]6_2_01978A62
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A2D8A mov eax, dword ptr fs:[00000030h]6_2_018A2D8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A2D8A mov eax, dword ptr fs:[00000030h]6_2_018A2D8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A2D8A mov eax, dword ptr fs:[00000030h]6_2_018A2D8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A2D8A mov eax, dword ptr fs:[00000030h]6_2_018A2D8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A2D8A mov eax, dword ptr fs:[00000030h]6_2_018A2D8A
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D2581 mov eax, dword ptr fs:[00000030h]6_2_018D2581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D2581 mov eax, dword ptr fs:[00000030h]6_2_018D2581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D2581 mov eax, dword ptr fs:[00000030h]6_2_018D2581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D2581 mov eax, dword ptr fs:[00000030h]6_2_018D2581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962D82 mov eax, dword ptr fs:[00000030h]6_2_01962D82
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962D82 mov eax, dword ptr fs:[00000030h]6_2_01962D82
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962D82 mov eax, dword ptr fs:[00000030h]6_2_01962D82
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962D82 mov eax, dword ptr fs:[00000030h]6_2_01962D82
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962D82 mov eax, dword ptr fs:[00000030h]6_2_01962D82
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962D82 mov eax, dword ptr fs:[00000030h]6_2_01962D82
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01962D82 mov eax, dword ptr fs:[00000030h]6_2_01962D82
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DFD9B mov eax, dword ptr fs:[00000030h]6_2_018DFD9B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018DFD9B mov eax, dword ptr fs:[00000030h]6_2_018DFD9B
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196B581 mov eax, dword ptr fs:[00000030h]6_2_0196B581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196B581 mov eax, dword ptr fs:[00000030h]6_2_0196B581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196B581 mov eax, dword ptr fs:[00000030h]6_2_0196B581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196B581 mov eax, dword ptr fs:[00000030h]6_2_0196B581
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A3591 mov eax, dword ptr fs:[00000030h]6_2_018A3591
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D35A1 mov eax, dword ptr fs:[00000030h]6_2_018D35A1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D65A0 mov eax, dword ptr fs:[00000030h]6_2_018D65A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D65A0 mov eax, dword ptr fs:[00000030h]6_2_018D65A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D65A0 mov eax, dword ptr fs:[00000030h]6_2_018D65A0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D1DB5 mov eax, dword ptr fs:[00000030h]6_2_018D1DB5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D1DB5 mov eax, dword ptr fs:[00000030h]6_2_018D1DB5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D1DB5 mov eax, dword ptr fs:[00000030h]6_2_018D1DB5
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019705AC mov eax, dword ptr fs:[00000030h]6_2_019705AC
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_019705AC mov eax, dword ptr fs:[00000030h]6_2_019705AC
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0195FDD3 mov eax, dword ptr fs:[00000030h]6_2_0195FDD3
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A15C1 mov eax, dword ptr fs:[00000030h]6_2_018A15C1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01926DC9 mov eax, dword ptr fs:[00000030h]6_2_01926DC9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01926DC9 mov eax, dword ptr fs:[00000030h]6_2_01926DC9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01926DC9 mov eax, dword ptr fs:[00000030h]6_2_01926DC9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01926DC9 mov ecx, dword ptr fs:[00000030h]6_2_01926DC9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01926DC9 mov eax, dword ptr fs:[00000030h]6_2_01926DC9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01926DC9 mov eax, dword ptr fs:[00000030h]6_2_01926DC9
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018D95EC mov eax, dword ptr fs:[00000030h]6_2_018D95EC
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01958DF1 mov eax, dword ptr fs:[00000030h]6_2_01958DF1
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BD5E0 mov eax, dword ptr fs:[00000030h]6_2_018BD5E0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018BD5E0 mov eax, dword ptr fs:[00000030h]6_2_018BD5E0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196FDE2 mov eax, dword ptr fs:[00000030h]6_2_0196FDE2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196FDE2 mov eax, dword ptr fs:[00000030h]6_2_0196FDE2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196FDE2 mov eax, dword ptr fs:[00000030h]6_2_0196FDE2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_0196FDE2 mov eax, dword ptr fs:[00000030h]6_2_0196FDE2
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A95F0 mov eax, dword ptr fs:[00000030h]6_2_018A95F0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_018A95F0 mov ecx, dword ptr fs:[00000030h]6_2_018A95F0
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01963518 mov eax, dword ptr fs:[00000030h]6_2_01963518
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01963518 mov eax, dword ptr fs:[00000030h]6_2_01963518
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeCode function: 6_2_01963518 mov eax, dword ptr fs:[00000030h]6_2_01963518
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Injects a PE file into a foreign processesShow sources
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeMemory written: C:\Users\user\Desktop\DHL_document11022020680908006.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exeJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exeJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeProcess created: C:\Users\user\Desktop\DHL_document11022020680908006.exe C:\Users\user\Desktop\DHL_document11022020680908006.exeJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Users\user\Desktop\DHL_document11022020680908006.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL_document11022020680908006.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 6.2.DHL_document11022020680908006.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.DHL_document11022020680908006.exe.400000.0.raw.unpack, type: UNPACKEDPE

            Remote Access Functionality:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 6.2.DHL_document11022020680908006.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.DHL_document11022020680908006.exe.400000.0.raw.unpack, type: UNPACKEDPE

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection111Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection111NTDSSystem Information Discovery112Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            DHL_document11022020680908006.exe25%ReversingLabsByteCode-MSIL.Spyware.Noon

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            6.2.DHL_document11022020680908006.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.sajatypeworks.com50%Avira URL Cloudsafe
            http://en.wQ0%Avira URL Cloudsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
            http://www.fontbureau.coma0%URL Reputationsafe
            http://www.fontbureau.coma0%URL Reputationsafe
            http://www.fontbureau.coma0%URL Reputationsafe
            http://www.fontbureau.coma0%URL Reputationsafe
            http://www.tiro.comnh0%Avira URL Cloudsafe
            http://www.founder.com.cn/cnl-g&0%Avira URL Cloudsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/jp/_0%Avira URL Cloudsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://www.carterandcone.com?0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.founder.com.cn/cn-0%Avira URL Cloudsafe
            www.bendhighswimming.com/crdi/0%Avira URL Cloudsafe
            http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
            http://www.tiro.comU0%Avira URL Cloudsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.sandoll.co.krntact0%Avira URL Cloudsafe
            http://www.jiyu-kobo.co.jp/ana0%Avira URL Cloudsafe
            http://www.jiyu-kobo.co.jp/iva0%Avira URL Cloudsafe
            http://www.fonts.comn0%URL Reputationsafe
            http://www.fonts.comn0%URL Reputationsafe
            http://www.fonts.comn0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.tiro.coml0%Avira URL Cloudsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.tiro.comh0%Avira URL Cloudsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            www.bendhighswimming.com/crdi/true
            • Avira URL Cloud: safe
            low

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.apache.org/licenses/LICENSE-2.0DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
              high
              http://www.fontbureau.comDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                high
                http://www.fontbureau.com/designersGDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                  high
                  http://www.fontbureau.com/designers/?DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                    high
                    http://www.founder.com.cn/cn/bTheDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    http://www.sajatypeworks.com5DHL_document11022020680908006.exe, 00000000.00000003.234241493.0000000005B7B000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://www.fontbureau.com/designers?DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                      high
                      http://en.wQDHL_document11022020680908006.exe, 00000000.00000003.233610834.000000000120D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.fontbureau.com/designersYDHL_document11022020680908006.exe, 00000000.00000003.240581343.0000000005B6D000.00000004.00000001.sdmpfalse
                        high
                        http://www.tiro.comDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        http://www.fontbureau.com/designersDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                          high
                          http://www.goodfont.co.krDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.jiyu-kobo.co.jp/jp/DHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.fontbureau.comaDHL_document11022020680908006.exe, 00000000.00000002.270290969.0000000005B60000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.tiro.comnhDHL_document11022020680908006.exe, 00000000.00000003.234631685.0000000005B7B000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.founder.com.cn/cnl-g&DHL_document11022020680908006.exe, 00000000.00000003.236076294.0000000005B9D000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssDHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpfalse
                            high
                            http://www.carterandcone.comlDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.sajatypeworks.comDHL_document11022020680908006.exe, 00000000.00000003.234241493.0000000005B7B000.00000004.00000001.sdmp, DHL_document11022020680908006.exe, 00000000.00000003.233917646.0000000005B81000.00000004.00000001.sdmp, DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.typography.netDDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                              high
                              http://www.founder.com.cn/cn/cTheDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              unknown
                              http://www.jiyu-kobo.co.jp/jp/_DHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.galapagosdesign.com/staff/dennis.htmDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              unknown
                              http://fontfabrik.comDHL_document11022020680908006.exe, 00000000.00000003.234631685.0000000005B7B000.00000004.00000001.sdmp, DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              unknown
                              http://www.carterandcone.com?DHL_document11022020680908006.exe, 00000000.00000003.236661880.0000000005B70000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.founder.com.cn/cnDHL_document11022020680908006.exe, 00000000.00000003.236076294.0000000005B9D000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              unknown
                              http://www.fontbureau.com/designers-DHL_document11022020680908006.exe, 00000000.00000003.240077453.0000000005B69000.00000004.00000001.sdmpfalse
                                high
                                http://www.fontbureau.com/designers/frere-jones.htmlDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                                  high
                                  http://www.founder.com.cn/cn-DHL_document11022020680908006.exe, 00000000.00000003.236076294.0000000005B9D000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.jiyu-kobo.co.jp//DHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.tiro.comUDHL_document11022020680908006.exe, 00000000.00000003.234631685.0000000005B7B000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.jiyu-kobo.co.jp/DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.sandoll.co.krntactDHL_document11022020680908006.exe, 00000000.00000003.235507174.0000000005B69000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.jiyu-kobo.co.jp/anaDHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.jiyu-kobo.co.jp/ivaDHL_document11022020680908006.exe, 00000000.00000003.237443454.0000000005B64000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.fonts.comnDHL_document11022020680908006.exe, 00000000.00000003.234336459.0000000005B7B000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.galapagosdesign.com/DPleaseDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.fontbureau.com/designers8DHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                                    high
                                    http://www.tiro.comlDHL_document11022020680908006.exe, 00000000.00000003.234663283.0000000005B7B000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.fonts.comDHL_document11022020680908006.exe, 00000000.00000003.234241493.0000000005B7B000.00000004.00000001.sdmpfalse
                                      high
                                      http://www.sandoll.co.krDHL_document11022020680908006.exe, 00000000.00000003.235507174.0000000005B69000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://www.urwpp.deDPleaseDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://www.tiro.comhDHL_document11022020680908006.exe, 00000000.00000003.234707922.0000000005B7B000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.zhongyicts.com.cnDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDHL_document11022020680908006.exe, 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmpfalse
                                        high
                                        http://www.sakkal.comDHL_document11022020680908006.exe, 00000000.00000002.270383669.0000000005C50000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown

                                        Contacted IPs

                                        No contacted IP infos

                                        General Information

                                        Joe Sandbox Version:31.0.0 Emerald
                                        Analysis ID:385270
                                        Start date:12.04.2021
                                        Start time:09:22:23
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 10m 28s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:DHL_document11022020680908006.exe
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:27
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal100.troj.evad.winEXE@7/1@0/0
                                        EGA Information:Failed
                                        HDC Information:
                                        • Successful, ratio: 4.4% (good quality ratio 4.3%)
                                        • Quality average: 78.8%
                                        • Quality standard deviation: 26%
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 61
                                        • Number of non-executed functions: 174
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        • Found application associated with file extension: .exe
                                        Warnings:
                                        Show All
                                        • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        09:23:25API Interceptor1x Sleep call for process: DHL_document11022020680908006.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        No context

                                        Domains

                                        No context

                                        ASN

                                        No context

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL_document11022020680908006.exe.log
                                        Process:C:\Users\user\Desktop\DHL_document11022020680908006.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1314
                                        Entropy (8bit):5.350128552078965
                                        Encrypted:false
                                        SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                        MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                        SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                        SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                        SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                        Malicious:true
                                        Reputation:high, very likely benign file
                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.93482342995501
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        File name:DHL_document11022020680908006.exe
                                        File size:744448
                                        MD5:68d63479e5a11048e6bc1eaa242f8c7b
                                        SHA1:8637b7ec04a9ff11b8fc6d99a51f911aaad5a889
                                        SHA256:0bc287a98874b2ba0b818013c4026180a2e210a65d0800a169dde7ad7725277b
                                        SHA512:424d57f5c6277e9422625d1b866678f31de6e378bde989e6c1b8de7a08f97946183e6116901402c51a923b1fa34f0ac792d78170cc89dbc75e0275651aa685a9
                                        SSDEEP:12288:sU4W5j63HmMBIV/v5v5apvsNnAFNIRLJVdJX3cWOkJkPrr2Hx1mM8UV3EkrohWW0:N4UV/ap0RaNIRLJVdJXyix1msV0kU4Em
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|.s`.....................L.......-... ...@....@.. ....................................@................................

                                        File Icon

                                        Icon Hash:ec8633512db2d0f1

                                        Static PE Info

                                        General

                                        Entrypoint:0x4b2dbe
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                        Time Stamp:0x6073947C [Mon Apr 12 00:29:48 2021 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:v4.0.30319
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xb2d640x57.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x48b0.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xb40000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xb0dc40xb0e00False0.957162378534data7.95739583157IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                        .reloc0xb40000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                        .rsrc0xb60000x48b00x4a00False0.367609797297data5.84280610658IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_ICON0xb61300x4228dBase III DBT, version number 0, next free block index 40
                                        RT_GROUP_ICON0xba3580x14data
                                        RT_VERSION0xba36c0x38edata
                                        RT_MANIFEST0xba6fc0x1b4XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Version Infos

                                        DescriptionData
                                        Translation0x0000 0x04b0
                                        LegalCopyrightCopyright 2012
                                        Assembly Version8.1.1.15
                                        InternalNameResolveEventHandler.exe
                                        FileVersion8.1.1.14
                                        CompanyNameLandskip Yard Care
                                        LegalTrademarksA++
                                        Comments
                                        ProductNameLevelActivator
                                        ProductVersion8.1.1.14
                                        FileDescriptionLevelActivator
                                        OriginalFilenameResolveEventHandler.exe

                                        Network Behavior

                                        No network behavior found

                                        Code Manipulations

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Start time:09:23:16
                                        Start date:12/04/2021
                                        Path:C:\Users\user\Desktop\DHL_document11022020680908006.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\Desktop\DHL_document11022020680908006.exe'
                                        Imagebase:0x710000
                                        File size:744448 bytes
                                        MD5 hash:68D63479E5A11048E6BC1EAA242F8C7B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.260561462.0000000003C98000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.259818471.0000000002AF1000.00000004.00000001.sdmp, Author: Joe Security
                                        Reputation:low

                                        General

                                        Start time:09:23:27
                                        Start date:12/04/2021
                                        Path:C:\Users\user\Desktop\DHL_document11022020680908006.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Users\user\Desktop\DHL_document11022020680908006.exe
                                        Imagebase:0x2f0000
                                        File size:744448 bytes
                                        MD5 hash:68D63479E5A11048E6BC1EAA242F8C7B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        General

                                        Start time:09:23:28
                                        Start date:12/04/2021
                                        Path:C:\Users\user\Desktop\DHL_document11022020680908006.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Users\user\Desktop\DHL_document11022020680908006.exe
                                        Imagebase:0x250000
                                        File size:744448 bytes
                                        MD5 hash:68D63479E5A11048E6BC1EAA242F8C7B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        General

                                        Start time:09:23:28
                                        Start date:12/04/2021
                                        Path:C:\Users\user\Desktop\DHL_document11022020680908006.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\DHL_document11022020680908006.exe
                                        Imagebase:0xde0000
                                        File size:744448 bytes
                                        MD5 hash:68D63479E5A11048E6BC1EAA242F8C7B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:low

                                        Disassembly

                                        Code Analysis

                                        Reset < >

                                          Executed Functions

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 1dc3d9433aed926417af4c71a21936e237d594ff44fa2de65ef4490d471e7ba0
                                          • Instruction ID: 93045b371980a2d871603fab0cf3598f5c3f75f9b24c2948737e73407e29a1f6
                                          • Opcode Fuzzy Hash: 1dc3d9433aed926417af4c71a21936e237d594ff44fa2de65ef4490d471e7ba0
                                          • Instruction Fuzzy Hash: FB418B71E142199BDB18CFAAD8812EEFBF6EFC8300F14C42AD508A7214DB34594ACB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: E1h
                                          • API String ID: 0-541828658
                                          • Opcode ID: b14c42d4dafab3946403d9ae57969ee5cc6ccf278baca7047ef695943c793646
                                          • Instruction ID: dae4b2427c88fbda790b40c802b8915764d2ff61c49d3e551e758d70b447ac37
                                          • Opcode Fuzzy Hash: b14c42d4dafab3946403d9ae57969ee5cc6ccf278baca7047ef695943c793646
                                          • Instruction Fuzzy Hash: B7B13770E09209DBCB08CFA5D5D46DEFBB2EF9A310F65942AD006B7254D7349982CF16
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: Yx
                                          • API String ID: 0-1394613342
                                          • Opcode ID: 8911cdf3b0f5021570ce93f256d7460484214e5fcd89e4a2cce34088132a3e96
                                          • Instruction ID: 333f751823f6ac37930dc81755dd7f06d5a076d8494ac4733a0f32629e144161
                                          • Opcode Fuzzy Hash: 8911cdf3b0f5021570ce93f256d7460484214e5fcd89e4a2cce34088132a3e96
                                          • Instruction Fuzzy Hash: 1EB13774E052099BCB08CFAAE5905DEFBF2BF89310F25D126D404AB259D7389A41CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: E1h
                                          • API String ID: 0-541828658
                                          • Opcode ID: 89bd3e666a2ad43a3be81a291fea96f84d4417b06a4ac4704b0dc2ac34b53bd3
                                          • Instruction ID: 9036ff0b18a6a8c003e905a868727053f2140bf098daa02198c827a6954b0881
                                          • Opcode Fuzzy Hash: 89bd3e666a2ad43a3be81a291fea96f84d4417b06a4ac4704b0dc2ac34b53bd3
                                          • Instruction Fuzzy Hash: E6B12470E05209DBCB08CFA9D5C46EEFBB2EF9A310F64952AD006A7254D7349986CF16
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID: 3
                                          • API String ID: 0-1842515611
                                          • Opcode ID: 95d097e0ecf6b28f7290675c018994da25fc8cb1243a47447ac9105d702dbc76
                                          • Instruction ID: dc804ee6d2cd9d42579597e81e9c892b29774a803cb21673efd39c667cb4c473
                                          • Opcode Fuzzy Hash: 95d097e0ecf6b28f7290675c018994da25fc8cb1243a47447ac9105d702dbc76
                                          • Instruction Fuzzy Hash: 51319E70C0A3989FDB1A8BB4D4887EDBFF0AF4A210F1844AAD481B72D2D7784949CB15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5683ffc32849bec7ad1f0b902f1e642ebdf20c389e458d11c434b7780f96dab7
                                          • Instruction ID: c21dce6716bc2ea88d3be6a64908a0536fca2d2f861df5cdb70e8283e316fa30
                                          • Opcode Fuzzy Hash: 5683ffc32849bec7ad1f0b902f1e642ebdf20c389e458d11c434b7780f96dab7
                                          • Instruction Fuzzy Hash: 0A328A30B012459FEB19DB69C590BEEBBFAAF89704F1440ADE6069B3A1CB35DD01CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1ebe7136ed9455d632385975cc620776f33b502c54f5fe5e875a3a43ed6551d
                                          • Instruction ID: 517a0d4a4a85a20bdbb6bfa898e102de98744b473bc001b64e46d850caa9397b
                                          • Opcode Fuzzy Hash: e1ebe7136ed9455d632385975cc620776f33b502c54f5fe5e875a3a43ed6551d
                                          • Instruction Fuzzy Hash: E0B15C74D05218CFDB28DFA8D9896DEBBB1FF4D304F108569E009A7255DB349941CF25
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6d54cde0c8ca248efb4cf60db63e15827229b0eb35493b8e64305bdc3692e81
                                          • Instruction ID: 5c83776da82e6c69e94ea42d0f537768f85614d205794c43908abcabe7ed694b
                                          • Opcode Fuzzy Hash: c6d54cde0c8ca248efb4cf60db63e15827229b0eb35493b8e64305bdc3692e81
                                          • Instruction Fuzzy Hash: C5B128B4D05218CFDB68DFA8D9896DEBBB2FB8D304F108569E00ABB245DB345981CF15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a30014f20ee44ec02aebc6d05a55114f6e22250252c796417f6b34c01aa7e48a
                                          • Instruction ID: df21ba83309c3bb441b646f17cd032962025fd6ca47272594af66294fe44f992
                                          • Opcode Fuzzy Hash: a30014f20ee44ec02aebc6d05a55114f6e22250252c796417f6b34c01aa7e48a
                                          • Instruction Fuzzy Hash: 55615B70E0420AAFCB08CFAAE5955EEFBF2EF89310F16D425D514A7258D7349941CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b2adc9cc343af9f2d70b1b4d2935852d390e417272fd3044065b32b10391dd9
                                          • Instruction ID: 716f18dab5cd49c0ed4b5fadf244b5125aa47889973d73452e3925b5dce69f72
                                          • Opcode Fuzzy Hash: 3b2adc9cc343af9f2d70b1b4d2935852d390e417272fd3044065b32b10391dd9
                                          • Instruction Fuzzy Hash: DF512774A0162ACFDB68CF65C884BDDB7B2BB99300F1496E6C00AA7204E7349AC5CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95e7a02a390a0de00458633a6b9d0d78e38eb58abb237a46edc6e8996dab19ac
                                          • Instruction ID: d6cfe7f88f3daf93bb924adda5fffed3ffb1adee851194f84c187b9f166150e7
                                          • Opcode Fuzzy Hash: 95e7a02a390a0de00458633a6b9d0d78e38eb58abb237a46edc6e8996dab19ac
                                          • Instruction Fuzzy Hash: 92414570E05209DFCB1CCFA4D2D15DEFFB2EF9A210F64A42AD406A7248D7349982CB16
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e24bbee81d60a959e9aea4e4476125580fe763853535e168762bd050f077910
                                          • Instruction ID: 3b986c9752e9faafbfd947ef14eaea3309b73cb5b7f375e312319349f6124ba1
                                          • Opcode Fuzzy Hash: 7e24bbee81d60a959e9aea4e4476125580fe763853535e168762bd050f077910
                                          • Instruction Fuzzy Hash: 7831AD70E19229DFCB08CFA9E4855DDFBF2EBCA200F14D42AD406B3655DB3958018B65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd7799b29812b7567c986d81601b8f39e5fec309c9688915405a2e84c6ada9d0
                                          • Instruction ID: bfd917b251c4a9cc303c27f6b54a37afc73c213e5183dc4de3e5fd603af053ba
                                          • Opcode Fuzzy Hash: fd7799b29812b7567c986d81601b8f39e5fec309c9688915405a2e84c6ada9d0
                                          • Instruction Fuzzy Hash: 6F314670D05218DFEB18DFA9D8887EDBBF1BB8A311F14942AE005B32D0E7748945CB15
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 011B3EAE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID: &7$&7
                                          • API String ID: 963392458-3562174420
                                          • Opcode ID: ad8e3b65fe9efcb408a9ba073657886bc110d736fd1ca08ca9376e27c4feb6df
                                          • Instruction ID: 096ef0a49f45aa0b803c2ab6e8fbf0bf11e638c69ac49f44bccf017d44c46b1c
                                          • Opcode Fuzzy Hash: ad8e3b65fe9efcb408a9ba073657886bc110d736fd1ca08ca9376e27c4feb6df
                                          • Instruction Fuzzy Hash: 8C918A71D14219DFDF14CFA8C8807EEBBB2BF48314F048569E858A7280DB749995CF92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 011B3EAE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID: &7$&7
                                          • API String ID: 963392458-3562174420
                                          • Opcode ID: dd9d37fb135dcb347f8e6d69e02ebeb5ca0137d148ed8eca67d8caaad5fa0e67
                                          • Instruction ID: d6987419e4a160b7452d271a7c2091f9288e631303d6a7aa30e2dec4f734c2cd
                                          • Opcode Fuzzy Hash: dd9d37fb135dcb347f8e6d69e02ebeb5ca0137d148ed8eca67d8caaad5fa0e67
                                          • Instruction Fuzzy Hash: 26918971D14229DFDF14CFA8C8807EEBBB2BF48314F048569E859A7280DB749995CF92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02ABDCAA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID: &7$&7
                                          • API String ID: 716092398-3562174420
                                          • Opcode ID: b64c7d0964fc0301c626e11c868213ca24c8c9a5e9ee7677fb13bf2e236627ca
                                          • Instruction ID: eb33ffec783ea30baaeb28d55053410ccfaac6b5f501a384a77a82570d529c93
                                          • Opcode Fuzzy Hash: b64c7d0964fc0301c626e11c868213ca24c8c9a5e9ee7677fb13bf2e236627ca
                                          • Instruction Fuzzy Hash: 6451E1B4D00709DFDB15CFA9C980ADEBBB5BF49314F24852AE819AB211DB749885CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02ABDCAA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID: &7$&7
                                          • API String ID: 716092398-3562174420
                                          • Opcode ID: 73fd5b87a540f5ceea893cef6c483edc6789a77b65e54eccb575f6d203325712
                                          • Instruction ID: ba248944d7a7b5e55ed10c79c6e621ab96f98ef738486fbaec5e537acfd8be8f
                                          • Opcode Fuzzy Hash: 73fd5b87a540f5ceea893cef6c483edc6789a77b65e54eccb575f6d203325712
                                          • Instruction Fuzzy Hash: 9051E2B4D00709DFDF15CFA9C980ADEBBB5BF49314F24812AE819AB211DB749885CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02ABDCAA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID: &7$&7
                                          • API String ID: 716092398-3562174420
                                          • Opcode ID: 6542d23d9709c0300da5fabbde7b9dd5be359890d7f4f377cff05d51d79008de
                                          • Instruction ID: 83e243f79ed5801ef4959b43a73efe4d0d026cc03c65deccb2dd2caee644e801
                                          • Opcode Fuzzy Hash: 6542d23d9709c0300da5fabbde7b9dd5be359890d7f4f377cff05d51d79008de
                                          • Instruction Fuzzy Hash: E35100B5D00308DFDF15CFA9C980ADEBBB5BF48314F24852AE818AB210DB749885CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 02ABBD2E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID: &7
                                          • API String ID: 4139908857-4117696792
                                          • Opcode ID: f6bf83c2cc264fb49ca42079f0e7698ee63f21d744b27adf910b81bcb6075e56
                                          • Instruction ID: 4faaecdc982f26b4077a75501ce2b0124d475095ffe6dd0fb2ef00d63b8ab0de
                                          • Opcode Fuzzy Hash: f6bf83c2cc264fb49ca42079f0e7698ee63f21d744b27adf910b81bcb6075e56
                                          • Instruction Fuzzy Hash: 48714570A00B058FD725DF29D59479ABBF5FF88208F00892ED586DBA41DB34E946CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 011B3A80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID: &7
                                          • API String ID: 3559483778-4117696792
                                          • Opcode ID: ea6363e972ec6f0395c2f4f71acc5036695857a628ce138be9f6cf9fd7159ae5
                                          • Instruction ID: d5bb177f2d9768c25da9e69fd7c3d04dcc5a60dd5a78c0b63b32f172c5ef1c7e
                                          • Opcode Fuzzy Hash: ea6363e972ec6f0395c2f4f71acc5036695857a628ce138be9f6cf9fd7159ae5
                                          • Instruction Fuzzy Hash: FD2126B59043499FCB10CFA9C984BEEBBF5FF48314F10842AE959A7240D7789954CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 011B3A80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID: &7
                                          • API String ID: 3559483778-4117696792
                                          • Opcode ID: 589b43b4ce87ebdfe64fb8e9603eaeebcf0ccb913a0a28fe7bf323cc1053d3eb
                                          • Instruction ID: 32f8d09c8960770fc0e82d3069ab7367b84e6d8dd119a42d52d398063e062197
                                          • Opcode Fuzzy Hash: 589b43b4ce87ebdfe64fb8e9603eaeebcf0ccb913a0a28fe7bf323cc1053d3eb
                                          • Instruction Fuzzy Hash: 772126B59043499FCB10CFA9C984BEEBBF5FF48314F10842AE959A7240D7789954CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 011B3B60
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID: &7
                                          • API String ID: 1726664587-4117696792
                                          • Opcode ID: 7fcd2e9f01afc180c50285154ff257b507e1917f75c450c6e5d3e71207fcd9dd
                                          • Instruction ID: 39fbb480f3bf6b4230b5f66f5b989693fb39ca5dffb679bd1d5e2f2d5b5ce815
                                          • Opcode Fuzzy Hash: 7fcd2e9f01afc180c50285154ff257b507e1917f75c450c6e5d3e71207fcd9dd
                                          • Instruction Fuzzy Hash: 762166B19043499FCB00CFA9C980AEEFBF5FF48324F10842EE958A7240C7389954CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02AB6D67
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID: &7
                                          • API String ID: 3793708945-4117696792
                                          • Opcode ID: 344a7c8e883a775cafe7f23006226affa33ace2a94e2c0d3c846c1e903193a76
                                          • Instruction ID: e098f977f56c8ae90356ea630eac2a3d367a97cad7a5ebb35d901e822af086fd
                                          • Opcode Fuzzy Hash: 344a7c8e883a775cafe7f23006226affa33ace2a94e2c0d3c846c1e903193a76
                                          • Instruction Fuzzy Hash: E42103B5901208AFCB10CFAAD584ADEBBF8FB48324F14841AE954A7310C378A945CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • OutputDebugStringW.KERNELBASE(00000000), ref: 011B18B8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: DebugOutputString
                                          • String ID: &7
                                          • API String ID: 1166629820-4117696792
                                          • Opcode ID: 19cd409d38139fb9c4c06403132b2b6f8b5cadbfd3b06d6e69a39c67bdaf25bb
                                          • Instruction ID: 7807f78f7b6d0d284a57212784e8722e0a45beb869d60227b7827c04db009471
                                          • Opcode Fuzzy Hash: 19cd409d38139fb9c4c06403132b2b6f8b5cadbfd3b06d6e69a39c67bdaf25bb
                                          • Instruction Fuzzy Hash: EF2116B5D006199FCB04CF99E584AEEFBF4FB48324F11815AE918A3700D734A950CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • SetThreadContext.KERNELBASE(?,00000000), ref: 011B34D6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: ContextThread
                                          • String ID: &7
                                          • API String ID: 1591575202-4117696792
                                          • Opcode ID: 0a55e96758ba730232f7bd694f6a8dade957747af20772ca7d9b4aebc846884f
                                          • Instruction ID: 279276982556a19c3c72170a31e4e155557dcef799cbf04e3b7bfe34a85830cc
                                          • Opcode Fuzzy Hash: 0a55e96758ba730232f7bd694f6a8dade957747af20772ca7d9b4aebc846884f
                                          • Instruction Fuzzy Hash: 4F2168759043089FDB14CFAAC5847EEBBF4BF48324F10842AD519A7240DB78A984CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 011B3B60
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID: &7
                                          • API String ID: 1726664587-4117696792
                                          • Opcode ID: bc50f8622bd9cb58ee08bb9454e9239b62c17069cfc4d30e89a84dc8b979ce5e
                                          • Instruction ID: 5f9b48a851b2685c18a3ed8d53b233a0c4baf8182c6a18a97b56ee17828db12d
                                          • Opcode Fuzzy Hash: bc50f8622bd9cb58ee08bb9454e9239b62c17069cfc4d30e89a84dc8b979ce5e
                                          • Instruction Fuzzy Hash: CA2128B19043499FCB10CFA9C984AEEFBF5FF48314F10842EE959A7240D7789954DBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • SetThreadContext.KERNELBASE(?,00000000), ref: 011B34D6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: ContextThread
                                          • String ID: &7
                                          • API String ID: 1591575202-4117696792
                                          • Opcode ID: e28c49d3f892a2e9583de25af00cae163d7c28ab96ebcf8d793d5acc095cdc08
                                          • Instruction ID: 914feff16d3c61a469135013055f0b9f47451ecde2246cd0409d42f215aa7562
                                          • Opcode Fuzzy Hash: e28c49d3f892a2e9583de25af00cae163d7c28ab96ebcf8d793d5acc095cdc08
                                          • Instruction Fuzzy Hash: F22168759043089FDB14CFAAC5847EEBBF4BF48324F10842AD519A7240DB78A944CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02AB6D67
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID: &7
                                          • API String ID: 3793708945-4117696792
                                          • Opcode ID: 5a712f47c646b1dc12b43041570a9158d209775c9366debefeeab81d65dd4694
                                          • Instruction ID: 7d8ca8d0cb2c7b1b20326f8a1977da867b2d78cb7930f0eae1d5ab914b80bc53
                                          • Opcode Fuzzy Hash: 5a712f47c646b1dc12b43041570a9158d209775c9366debefeeab81d65dd4694
                                          • Instruction Fuzzy Hash: 1021E4B5900309AFDB10CFAAD584ADEFBF8FB48324F14841AE954A7310D778A954CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02ABBDA9,00000800,00000000,00000000), ref: 02ABBFBA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID: &7
                                          • API String ID: 1029625771-4117696792
                                          • Opcode ID: 80b2f2bba37e977855b61c7d38e48fff112f37ba4581d66e5a826387c0a1fbeb
                                          • Instruction ID: fff45d421a84a165a10a53770b93cfed949d9b173c7981ffacdf15f48ec7417b
                                          • Opcode Fuzzy Hash: 80b2f2bba37e977855b61c7d38e48fff112f37ba4581d66e5a826387c0a1fbeb
                                          • Instruction Fuzzy Hash: AC1106B59042099FCB10CFAAD548BDEFBF8AB48314F14841EE955A7600C774A545CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 011B359E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID: &7
                                          • API String ID: 4275171209-4117696792
                                          • Opcode ID: 00ed0ac1cc1d6234a8c68020bb5a52fccccf51e7ae170eaba51c5b54a0295829
                                          • Instruction ID: 171f953d86a2384b34af8e78c78f39938ba87fd4bb50a6cb3861d8ba191c22bf
                                          • Opcode Fuzzy Hash: 00ed0ac1cc1d6234a8c68020bb5a52fccccf51e7ae170eaba51c5b54a0295829
                                          • Instruction Fuzzy Hash: C71156759042089FCB10CFA9C8446EFBBF5AB88324F10881AE915A7200CB75A954CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 011B359E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID: &7
                                          • API String ID: 4275171209-4117696792
                                          • Opcode ID: 040e5c7b280e5576fb323c390dd8f848502cd2dd1e4d5b4182134c634f798e6a
                                          • Instruction ID: 95e87b757703503f243a6cc5a43214a7610b0d9782796fad4fb7e97572edd54f
                                          • Opcode Fuzzy Hash: 040e5c7b280e5576fb323c390dd8f848502cd2dd1e4d5b4182134c634f798e6a
                                          • Instruction Fuzzy Hash: F31156719042089FCB10CFA9C8446DFBBF5AB88324F108819E915A7200C775A954CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID: &7
                                          • API String ID: 947044025-4117696792
                                          • Opcode ID: a5037e6384225663772db09c369f42101eabb07fa68516503ea2a5dcaab1e553
                                          • Instruction ID: 60f99d6e0174390a470e2792c0e293d6e84beeaf7e4b145adbbc18ce004aadb3
                                          • Opcode Fuzzy Hash: a5037e6384225663772db09c369f42101eabb07fa68516503ea2a5dcaab1e553
                                          • Instruction Fuzzy Hash: 8D1149B19043098FDB10DFAAC8447EEFBF4EB48224F108819D555A7200DB74A945CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • OutputDebugStringW.KERNELBASE(00000000), ref: 011B18B8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: DebugOutputString
                                          • String ID: &7
                                          • API String ID: 1166629820-4117696792
                                          • Opcode ID: 0b49310315af39398c0893e275b7d70846a86e243f2d8f40d41bc989f87b544d
                                          • Instruction ID: 859cde271122189b04011dd3bce0a9366e719983b5321cfb2206668ef9d623e7
                                          • Opcode Fuzzy Hash: 0b49310315af39398c0893e275b7d70846a86e243f2d8f40d41bc989f87b544d
                                          • Instruction Fuzzy Hash: F91123B5D046199BCB14CF9AD584BDEFBB4FB48324F10812AD918B3200C774A544CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID: &7
                                          • API String ID: 947044025-4117696792
                                          • Opcode ID: 6db2aa304c81e044a86c86c88fda995ecdf9ef6f78a28345610c903702f5a9e0
                                          • Instruction ID: 4097fc0cd0eb207a71008ddb55b3015e83eeb3b9f68b599da5f2003f506e0d2f
                                          • Opcode Fuzzy Hash: 6db2aa304c81e044a86c86c88fda995ecdf9ef6f78a28345610c903702f5a9e0
                                          • Instruction Fuzzy Hash: 00113AB19043498FDB14DFAAC9447DFFBF4AB88324F148819D515B7240CB78A944CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 011B74A5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID: &7
                                          • API String ID: 410705778-4117696792
                                          • Opcode ID: 1ced1d329c48943f91127dfa3752265e65a0896b7839a351fb6d43e36cd4b2e0
                                          • Instruction ID: 75170d15bfccb4b904da8d9a244bab54eea022f4583478c81f022764c2430916
                                          • Opcode Fuzzy Hash: 1ced1d329c48943f91127dfa3752265e65a0896b7839a351fb6d43e36cd4b2e0
                                          • Instruction Fuzzy Hash: 8711F5B59047499FDB10DF99C584BDEBFF8EB48324F108419E955A7240C378A944CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 02ABBD2E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID: &7
                                          • API String ID: 4139908857-4117696792
                                          • Opcode ID: a0ee0bd801b359649a3042987220a2feb660aa26c78267090a38e31f185643d8
                                          • Instruction ID: 864ebb351c3cae1398bc130614fc0c47836c750e29ac3c2e64a3390b6fe93ef8
                                          • Opcode Fuzzy Hash: a0ee0bd801b359649a3042987220a2feb660aa26c78267090a38e31f185643d8
                                          • Instruction Fuzzy Hash: 4211E0B5D007498FCB10CF9AD584BDEFBF8EF88228F14881AD859A7601D778A545CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 011B74A5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID: &7
                                          • API String ID: 410705778-4117696792
                                          • Opcode ID: 54996c98a0103795159296e20e17138986db1ad4c81ddbdc1e84fb815e6088ce
                                          • Instruction ID: 7ca39c4797c5cd038a284623f86b1e84807fdf94026d7e921a58bd7581772323
                                          • Opcode Fuzzy Hash: 54996c98a0103795159296e20e17138986db1ad4c81ddbdc1e84fb815e6088ce
                                          • Instruction Fuzzy Hash: 9D1113B59003498FCB10CFA9C584BDEBFF4EB49324F10845EE954A7240C3786944CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • SetWindowLongW.USER32(?,?,?), ref: 02ABDE3D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID: LongWindow
                                          • String ID: &7
                                          • API String ID: 1378638983-4117696792
                                          • Opcode ID: 8e41ef6e76df7c26ab6aade6e4c5accefde71a4e488c13a05be7d77e6d5d15fb
                                          • Instruction ID: bc03fde59d0f86afbc596275a452128294ed1b770fdb37e713b9959fdf047460
                                          • Opcode Fuzzy Hash: 8e41ef6e76df7c26ab6aade6e4c5accefde71a4e488c13a05be7d77e6d5d15fb
                                          • Instruction Fuzzy Hash: 6C11CEB99006099FDB10CF99D584BDEBBF8EB48324F14845AE955A7201C778A944CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259231597.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 984ff4c3ec6bd82c691da667827becedd547f57cd540ab6815f4f5f484bdc8b1
                                          • Instruction ID: 6766589d644c2c0b95333ddb95eb802faf5019398a5e41c54d40f1f33dbe643f
                                          • Opcode Fuzzy Hash: 984ff4c3ec6bd82c691da667827becedd547f57cd540ab6815f4f5f484bdc8b1
                                          • Instruction Fuzzy Hash: BE21F8B2504244EFDB05DF10D9C0B26BB75FF98324F64C56AE90D4B246C336E856E7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259263408.0000000000F8D000.00000040.00000001.sdmp, Offset: 00F8D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 555fdc1ea0124ff2e5ab0848bd2e60a7a35d58944117a0334d95130f7c2ee856
                                          • Instruction ID: 0b4c5a2794f97f2cdfb3cc393a3e76b703fdb5a07050e780422072befe1d1625
                                          • Opcode Fuzzy Hash: 555fdc1ea0124ff2e5ab0848bd2e60a7a35d58944117a0334d95130f7c2ee856
                                          • Instruction Fuzzy Hash: 7E2125B1908244DFCB14EF10D9C0B66BB61FF84328F24C569E9094B28AC737D846EB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259263408.0000000000F8D000.00000040.00000001.sdmp, Offset: 00F8D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48b89feed86eeb0a7c96bb19638d6803baeedb1206674b3f906613671ad1a1df
                                          • Instruction ID: 364541cba670f0bd28276b1ba84beebddb94a581cbc517dd049ecfaffe330990
                                          • Opcode Fuzzy Hash: 48b89feed86eeb0a7c96bb19638d6803baeedb1206674b3f906613671ad1a1df
                                          • Instruction Fuzzy Hash: 5D2107B1A04244EFDB05EF50D9C0B66BB65FF84328F24C56DE9094B286C736D846EB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259263408.0000000000F8D000.00000040.00000001.sdmp, Offset: 00F8D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 730d683f81143bb25a8589ff549e8db08a682b5df1ce5ff5f1a1e6e4de509f9c
                                          • Instruction ID: 29f060eab3c1c59ea0e3ffb800895196de48b028afbac8d580463badb60ad3eb
                                          • Opcode Fuzzy Hash: 730d683f81143bb25a8589ff549e8db08a682b5df1ce5ff5f1a1e6e4de509f9c
                                          • Instruction Fuzzy Hash: 392192755093C48FCB02CF20D990755BF71EF46324F28C5EAD8898B697C33A980ADB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259231597.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e6dc6bea322ac229bb9891d9adb3e808fc29097d9a63836f4574df099d61674
                                          • Instruction ID: 2fc151b3493628e89f23504249e3dc23cfc800788ceca3e5886edaea48a50d54
                                          • Opcode Fuzzy Hash: 0e6dc6bea322ac229bb9891d9adb3e808fc29097d9a63836f4574df099d61674
                                          • Instruction Fuzzy Hash: 8611D376904284DFCB05CF10D5C4B16BF72FF94324F24C6AAD8480B656C33AE85ADBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259263408.0000000000F8D000.00000040.00000001.sdmp, Offset: 00F8D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7cac04d20d57e68ec8c54170f596d09b5c829b2fe472d02dbf1630bf68f133f8
                                          • Instruction ID: 91d3c80f4b4d71412a5a066aa09d142bac140cf96ccd41fa130fbb7af08a6c1e
                                          • Opcode Fuzzy Hash: 7cac04d20d57e68ec8c54170f596d09b5c829b2fe472d02dbf1630bf68f133f8
                                          • Instruction Fuzzy Hash: 3A11BB75904284DFCB05DF10C9C0B55BBB1FF84324F28C6ADD8494B696C33AD84ADB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259231597.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19883138461029a38f5231677fe03b378b4a4e3e9e9dc472792c2d4f1124d0f8
                                          • Instruction ID: d13976716bb9cefcfa5cfc120cf20d80bcf9d1625fb7e05d7c4ee2c3b15a9349
                                          • Opcode Fuzzy Hash: 19883138461029a38f5231677fe03b378b4a4e3e9e9dc472792c2d4f1124d0f8
                                          • Instruction Fuzzy Hash: A601F27250C3809EE7188A15C8C0B66FBE8EF45778F58C45BEE0C5A286C7789845E6B3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259231597.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf9a32573fb09e10bcb865ba0614be1a8b853cddd5498b9460422003582d62fe
                                          • Instruction ID: bd959a51b377d8c8b8e0032c4271fd66254d8900dca2380579de93c0dc437da9
                                          • Opcode Fuzzy Hash: cf9a32573fb09e10bcb865ba0614be1a8b853cddd5498b9460422003582d62fe
                                          • Instruction Fuzzy Hash: 82F0C2714083849EE7148A05CCC4B66FFA8EF41774F18C45AED081B286C3789844CAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          C-Code - Quality: 67%
                                          			E0071869D(intOrPtr* __eax, intOrPtr* __ebx, signed int __ecx, intOrPtr* __edx, void* __edi, intOrPtr* __esi) {
                                          				intOrPtr* _t333;
                                          				intOrPtr* _t335;
                                          				intOrPtr* _t336;
                                          				void* _t338;
                                          				intOrPtr* _t339;
                                          				signed char _t341;
                                          				intOrPtr* _t342;
                                          				signed char _t344;
                                          				intOrPtr* _t345;
                                          				intOrPtr* _t347;
                                          				intOrPtr* _t582;
                                          				intOrPtr* _t584;
                                          				intOrPtr* _t585;
                                          				void* _t588;
                                          				intOrPtr* _t590;
                                          				intOrPtr* _t592;
                                          				intOrPtr* _t593;
                                          				void* _t594;
                                          				intOrPtr* _t596;
                                          				void* _t597;
                                          				signed char _t652;
                                          				signed int* _t721;
                                          				void* _t753;
                                          				intOrPtr* _t763;
                                          				void* _t776;
                                          
                                          				_t763 = __esi;
                                          				_t753 = __edi;
                                          				_push(es);
                                          				asm("outsd");
                                          				 *__edx =  *__edx + __ecx;
                                          				_t721 = __edx +  *__esi;
                                          				 *__ebx =  *__ebx - __ecx;
                                          				 *_t721 =  *_t721 + __ecx;
                                          				_t333 = __eax -  *__eax;
                                          				_t592 = __ebx +  *((intOrPtr*)(__ebx + 0x62));
                                          				 *_t333 =  *_t333 + _t333;
                                          				asm("adc esi, [eax]");
                                          				_t335 = _t333 + 0x2a +  *((intOrPtr*)(_t333 + 0x2a));
                                          				asm("aaa");
                                          				 *_t335 =  *_t335 + _t335;
                                          				 *_t592 =  *_t592 + _t721;
                                          				 *_t335 =  *_t335 + _t335;
                                          				asm("adc [edx], eax");
                                          				 *((char*)(__esi)) =  *((char*)(__esi)) + 1;
                                          				_t336 = _t335 - 0x73060001;
                                          				asm("outsb");
                                          				 *_t336 =  *_t336 + _t336;
                                          				_t652 = __ecx |  *_t721;
                                          				_t593 = _t592 +  *((intOrPtr*)(_t592 + 0x62));
                                          				 *_t336 =  *_t336 + _t336;
                                          				es = ds;
                                          				_t338 = _t336 + 0xb - 7;
                                          				es = 0;
                                          				_push(es);
                                          				asm("outsd");
                                          				if (_t338 >= 0) goto L1;
                                          				 *_t721 =  *_t721 + _t652;
                                          				_t339 = _t338 +  *_t593;
                                          				if(_t339 >= 0) {
                                          					L10:
                                          					_push(ds);
                                          					_t593 = _t593 +  *((intOrPtr*)(_t593 + 0x64));
                                          					 *_t339 =  *_t339 + _t339;
                                          					goto L11;
                                          				} else {
                                          					 *_t339 =  *_t339 + _t339;
                                          					_t339 = _t339 + 2;
                                          					if(_t339 != 0) {
                                          						L11:
                                          						_t341 = _t339 + 0x0000002a &  *_t721;
                                          						 *_t341 =  *_t341 + _t341;
                                          						_t342 = _t341 + 0x2a;
                                          						 *_t342 =  *_t342 + _t342;
                                          						 *_t763 =  *_t763 + _t593;
                                          						_t594 = _t593 +  *((intOrPtr*)(_t593 + 0x65));
                                          						 *_t342 =  *_t342 + _t342;
                                          						_t344 = _t342 + 0x0000002a &  *_t721;
                                          						_t753 = _t753 +  *((intOrPtr*)(_t776 + 0x64)) +  *((intOrPtr*)(_t776 + 0x65));
                                          						 *_t344 =  *_t344 + _t344;
                                          						_t345 = _t344 + 0x2a;
                                          						 *_t345 =  *_t345 + _t345;
                                          						 *_t763 =  *_t763 + _t594;
                                          						 *_t345 =  *_t345 + _t345;
                                          						asm("adc esi, [eax]");
                                          						_t347 = _t345 + 0x2a +  *((intOrPtr*)(_t345 + 0x2a));
                                          						asm("aaa");
                                          						 *_t347 =  *_t347 + _t347;
                                          						 *_t721 =  *_t721 + _t347;
                                          						 *_t652 =  *_t652 + _t721;
                                          						_t596 = _t594 +  *((intOrPtr*)(_t594 + 0x66)) + _t721;
                                          						_push(es);
                                          						goto L12;
                                          					} else {
                                          						 *_t339 =  *_t339 + _t339;
                                          						_pop(es);
                                          						_t584 = _t339 + 0xb - 7;
                                          						_pop(es);
                                          						_push(es);
                                          						asm("outsd");
                                          						if (_t584 == 0) goto L4;
                                          						 *_t721 =  *_t721 + _t652;
                                          						_t585 = _t584 -  *_t584;
                                          						_push(ds);
                                          						_t596 = _t593 +  *((intOrPtr*)(_t593 + 0x63));
                                          						 *_t585 =  *_t585 + _t585;
                                          						asm("adc esi, [eax]");
                                          						_t347 = _t585 + 0x2a +  *((intOrPtr*)(_t585 + 0x2a));
                                          						asm("aaa");
                                          						 *_t347 =  *_t347 + _t347;
                                          						 *_t596 =  *_t596 + _t721;
                                          						 *_t347 =  *_t347 + _t347;
                                          						asm("adc [edx], eax");
                                          						 *((char*)(__esi)) =  *((char*)(__esi)) + 1;
                                          						 *[cs:eax] =  *[cs:eax] + _t347;
                                          						_push(es);
                                          						if( *[cs:eax] >= 0) {
                                          							L12:
                                          							asm("das");
                                          							 *_t347 =  *_t347 + _t347;
                                          							_push(es);
                                          							if( *_t347 < 0) {
                                          								 *_t347 =  *_t347 + _t347;
                                          								_t652 = _t652 |  *_t721;
                                          								_t596 = _t596 +  *((intOrPtr*)(_t596 + 0x66));
                                          								 *_t347 =  *_t347 + _t347;
                                          								goto L14;
                                          							}
                                          						} else {
                                          							 *_t347 =  *_t347 + _t347;
                                          							_t652 = _t652 |  *_t721;
                                          							_t596 = _t596 +  *((intOrPtr*)(_t596 + 0x63));
                                          							 *_t347 =  *_t347 + _t347;
                                          							_pop(es);
                                          							_t588 = _t347 + 0xb - 7;
                                          							_pop(es);
                                          							_push(es);
                                          							asm("outsd");
                                          							if (_t588 >= 0) goto L6;
                                          							 *_t721 =  *_t721 + _t652;
                                          							_t347 = _t588 +  *_t596;
                                          							if(_t347 >= 0) {
                                          								L14:
                                          								 *((intOrPtr*)(_t596 + _t652)) =  *((intOrPtr*)(_t596 + _t652)) + _t347;
                                          								_pop(es);
                                          								_t582 = _t347 - 7;
                                          								goto L15;
                                          							} else {
                                          								 *_t347 =  *_t347 + _t347;
                                          								_t582 = _t347 + 2;
                                          								if(_t582 != 0) {
                                          									L15:
                                          									_pop(es);
                                          									_push(es);
                                          									asm("outsd");
                                          									asm("sbb eax, 0x20a0001");
                                          									_t753 = _t753 +  *((intOrPtr*)(_t776 + 0x66));
                                          									 *_t582 =  *_t582 + _t582;
                                          									_t347 = _t582 + 2;
                                          								} else {
                                          									 *_t582 =  *_t582 + _t582;
                                          									_pop(es);
                                          									_t590 = _t582 + 0xb - 7;
                                          									_pop(es);
                                          									_push(es);
                                          									asm("outsd");
                                          									if (_t590 == 0) goto L9;
                                          									 *_t721 =  *_t721 + _t652;
                                          									_t339 = _t590 -  *_t590;
                                          									goto L10;
                                          								}
                                          							}
                                          						}
                                          					}
                                          				}
                                          				_t597 = _t596 +  *((intOrPtr*)(_t596 + 0x66));
                                          			}




























                                          0x0071869d
                                          0x0071869d
                                          0x0071869d
                                          0x0071869e
                                          0x007186a1
                                          0x007186a3
                                          0x007186a5
                                          0x007186a8
                                          0x007186aa
                                          0x007186ad
                                          0x007186b0
                                          0x007186b4
                                          0x007186b6
                                          0x007186b8
                                          0x007186b9
                                          0x007186bb
                                          0x007186bd
                                          0x007186bf
                                          0x007186c1
                                          0x007186c3
                                          0x007186c8
                                          0x007186c9
                                          0x007186cb
                                          0x007186cd
                                          0x007186d0
                                          0x007186d4
                                          0x007186d5
                                          0x007186d7
                                          0x007186d8
                                          0x007186d9
                                          0x007186da
                                          0x007186dc
                                          0x007186de
                                          0x007186e0
                                          0x00718744
                                          0x00718744
                                          0x00718745
                                          0x00718748
                                          0x00000000
                                          0x007186e2
                                          0x007186e2
                                          0x007186e4
                                          0x007186e6
                                          0x0071874a
                                          0x0071874c
                                          0x00718751
                                          0x00718753
                                          0x00718755
                                          0x00718757
                                          0x00718759
                                          0x0071875c
                                          0x00718760
                                          0x00718762
                                          0x00718765
                                          0x00718767
                                          0x00718769
                                          0x0071876b
                                          0x00718770
                                          0x00718774
                                          0x00718776
                                          0x00718778
                                          0x00718779
                                          0x0071877b
                                          0x0071877e
                                          0x00718780
                                          0x00718782
                                          0x00000000
                                          0x007186e8
                                          0x007186e8
                                          0x007186ec
                                          0x007186ed
                                          0x007186ef
                                          0x007186f0
                                          0x007186f1
                                          0x007186f2
                                          0x007186f4
                                          0x007186f6
                                          0x007186f8
                                          0x007186f9
                                          0x007186fc
                                          0x00718700
                                          0x00718702
                                          0x00718704
                                          0x00718705
                                          0x00718707
                                          0x00718709
                                          0x0071870b
                                          0x0071870d
                                          0x0071870f
                                          0x00718712
                                          0x00718713
                                          0x00718783
                                          0x00718783
                                          0x00718784
                                          0x00718786
                                          0x00718787
                                          0x00718789
                                          0x0071878b
                                          0x0071878d
                                          0x00718790
                                          0x00000000
                                          0x00718790
                                          0x00718715
                                          0x00718715
                                          0x00718717
                                          0x00718719
                                          0x0071871c
                                          0x00718720
                                          0x00718721
                                          0x00718723
                                          0x00718724
                                          0x00718725
                                          0x00718726
                                          0x00718728
                                          0x0071872a
                                          0x0071872c
                                          0x00718791
                                          0x00718791
                                          0x00718794
                                          0x00718795
                                          0x00000000
                                          0x0071872e
                                          0x0071872e
                                          0x00718730
                                          0x00718732
                                          0x00718797
                                          0x00718797
                                          0x00718798
                                          0x00718799
                                          0x0071879a
                                          0x0071879f
                                          0x007187a2
                                          0x007187a4
                                          0x00718734
                                          0x00718734
                                          0x00718738
                                          0x00718739
                                          0x0071873b
                                          0x0071873c
                                          0x0071873d
                                          0x0071873e
                                          0x00718740
                                          0x00718742
                                          0x00000000
                                          0x00718742
                                          0x00718732
                                          0x0071872c
                                          0x00718713
                                          0x007186e6
                                          0x007187a5

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.258062961.0000000000712000.00000002.00020000.sdmp, Offset: 00710000, based on PE: true
                                          • Associated: 00000000.00000002.258049373.0000000000710000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.258192192.00000000007C6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a08d3ca98d8e71a4bc27b5e1e5896756340d2290a598ac4a271e6c0915bf4ed
                                          • Instruction ID: 8f394dd939d9384ddcaada3a55a081cafa046ff4d18e1305214935fb1993ee71
                                          • Opcode Fuzzy Hash: 8a08d3ca98d8e71a4bc27b5e1e5896756340d2290a598ac4a271e6c0915bf4ed
                                          • Instruction Fuzzy Hash: BE524B7244E7C29FCB535F7899B11E1BFB1AE1321471E09D7C4C0CE4A3E229199ACB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.258062961.0000000000712000.00000002.00020000.sdmp, Offset: 00710000, based on PE: true
                                          • Associated: 00000000.00000002.258049373.0000000000710000.00000002.00020000.sdmp Download File
                                          • Associated: 00000000.00000002.258192192.00000000007C6000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8a601bcadbfd2786012f278c69416407bbc0a6f6427cedf8f1d3eddd66f6e1a
                                          • Instruction ID: c0e0c0abff920afeab8ef18942a0cca44270b04fd70298928201db8efa287a2c
                                          • Opcode Fuzzy Hash: b8a601bcadbfd2786012f278c69416407bbc0a6f6427cedf8f1d3eddd66f6e1a
                                          • Instruction Fuzzy Hash: 3942682104F3C25FC7138B7098B66D27FB0AE47224B5E45DBC8C1CF5A3E269195AD762
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 42f6a652925a420d7824772c137ac78ce1105a9676f3f1edee4f3292cec3834a
                                          • Instruction ID: febe360de4c9a32698c92dceb428bdac13b658dd912519be5c9755d73d2463ef
                                          • Opcode Fuzzy Hash: 42f6a652925a420d7824772c137ac78ce1105a9676f3f1edee4f3292cec3834a
                                          • Instruction Fuzzy Hash: 0BA19032E006198FCF06DFA5C9845DDBBB6FF85304B15856AE906AB222EF31E915CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8558c1595b704a5e4ef9e670e31696df2113c89aaf395388e002ce79b09a8c1b
                                          • Instruction ID: 15bf6e887732a0d0cb372a6a6201fbba150027d733a1df5bc5efe5950d9b66fa
                                          • Opcode Fuzzy Hash: 8558c1595b704a5e4ef9e670e31696df2113c89aaf395388e002ce79b09a8c1b
                                          • Instruction Fuzzy Hash: FFA1E7B4E1520ADFCB48CFEAD5815EEBBF2EF89300F24942AD415AB314D73499428F95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259718366.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a59b3a4a4d4efdb38ed05862e3d939e08d9fbbd2ca0306ba40ebb7e517318052
                                          • Instruction ID: 6d0a3e927b6fc4277b5fa7dfd7da7c4bdba6a6ab318c58a00bfb794d2f7a59eb
                                          • Opcode Fuzzy Hash: a59b3a4a4d4efdb38ed05862e3d939e08d9fbbd2ca0306ba40ebb7e517318052
                                          • Instruction Fuzzy Hash: 1FC11EB1C927568AD710CF65E8881893BB1FB55328FD14A09D263AF6E0DFB4906BCF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 679a87c7ab269cefd842f061503c1313a7d4c7a7f7e64d9c79b879162e345a5a
                                          • Instruction ID: 65bba5a226980f76f481c1db9d7831cf10911662bb44fe465701b0d30bf4d0ca
                                          • Opcode Fuzzy Hash: 679a87c7ab269cefd842f061503c1313a7d4c7a7f7e64d9c79b879162e345a5a
                                          • Instruction Fuzzy Hash: E2613971E0566ACBDB68CF66C8847E9B7B2BF99300F14D1EAC409A6214EB345A85CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ce1717337b8012c2b39cd42f17916390e6b69e0f569f7c1bcb997dce30e3815
                                          • Instruction ID: 94a28f7343075b183536c188deb8ce1d9ba979f99a863a999d3b43e1d39b4e0a
                                          • Opcode Fuzzy Hash: 8ce1717337b8012c2b39cd42f17916390e6b69e0f569f7c1bcb997dce30e3815
                                          • Instruction Fuzzy Hash: 89512874E0566ACFDB68CF65D884BDDB7B2BB99300F1096E6C00AA3204EB745AD5CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0207be382dbfb8a299096d8b736a6bf2a3cf777ea9285367b5ecdcb98d57c7a
                                          • Instruction ID: 84f15015f44b2c5e5c6e845a9056521d246acd79cca59da5f080612713fb2467
                                          • Opcode Fuzzy Hash: b0207be382dbfb8a299096d8b736a6bf2a3cf777ea9285367b5ecdcb98d57c7a
                                          • Instruction Fuzzy Hash: 69412974E1166ACFDB68CF65C884BEDB7B2FB99300F1496E6C00AA2604E7345AD5CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259576099.00000000011B0000.00000040.00000001.sdmp, Offset: 011B0000, based on PE: false
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7bb6accdf5c4275458af96c0ae55da0c0f633f8df26e1bcda6f7ab46f1459c6d
                                          • Instruction ID: 5fdfeb046288e8422794700bbd8e7e46b69215602353efd9edf5b531f939ed14
                                          • Opcode Fuzzy Hash: 7bb6accdf5c4275458af96c0ae55da0c0f633f8df26e1bcda6f7ab46f1459c6d
                                          • Instruction Fuzzy Hash: 49413874E1566ACFDB68CF65C884BEDB7B2FB99300F1096E6C00AA2204E7345AD5CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Executed Functions

                                          APIs
                                          • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 0041A025
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID: BMA$BMA
                                          • API String ID: 2738559852-2163208940
                                          • Opcode ID: fcee81c6abc641ec57ed9d85a898fdd440e54a4cc3a1b0c1ed2a7bfbc9adf5c8
                                          • Instruction ID: c95eff38b3c6e88772bed2dfcfc9600c8d28d1adabf0b3c09ec0d3af0623fe86
                                          • Opcode Fuzzy Hash: fcee81c6abc641ec57ed9d85a898fdd440e54a4cc3a1b0c1ed2a7bfbc9adf5c8
                                          • Instruction Fuzzy Hash: 99F0F9B2210108AFCB08DF89DC81EEB77ADAF8C714F15824DFA0D97241D630E851CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 37%
                                          			E00419FE0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                          				void* _t18;
                                          				void* _t27;
                                          				intOrPtr* _t28;
                                          
                                          				_t13 = _a4;
                                          				_t28 = _a4 + 0xc48;
                                          				E0041AB30(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                          				_t6 =  &_a32; // 0x414d42
                                          				_t12 =  &_a8; // 0x414d42
                                          				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                                          				return _t18;
                                          			}






                                          0x00419fe3
                                          0x00419fef
                                          0x00419ff7
                                          0x0041a002
                                          0x0041a01d
                                          0x0041a025
                                          0x0041a029

                                          APIs
                                          • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 0041A025
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID: BMA$BMA
                                          • API String ID: 2738559852-2163208940
                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                          • Instruction ID: 370e936de0c6b30a0e9c68c176e8d16dab5dfb862c4be705976860dd555c5517
                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                          • Instruction Fuzzy Hash: DCF0A4B2210208ABCB14DF89DC91EEB77ADAF8C754F158249BA1D97241D630E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 100%
                                          			E00419F30(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                          				long _t21;
                                          				void* _t31;
                                          
                                          				_t3 = _a4 + 0xc40; // 0xc40
                                          				E0041AB30(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                          				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                          				return _t21;
                                          			}





                                          0x00419f3f
                                          0x00419f47
                                          0x00419f7d
                                          0x00419f81

                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419F7D
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                          • Instruction ID: 961861021b5599f6e321fa2eb4d652485a26ebd9b99d875dc12ce75f1520402c
                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                          • Instruction Fuzzy Hash: 3DF0BDB2215208ABCB08CF89DC95EEB77ADAF8C754F158248BA0D97241C630F8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 100%
                                          			E0041A10C(void* __ebx, void* __edx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                          				void* _v117;
                                          				long _t15;
                                          				void* _t25;
                                          
                                          				_t11 = _a4;
                                          				_t4 = _t11 + 0xc60; // 0xca0
                                          				E0041AB30(_t25, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                          				_t15 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                          				return _t15;
                                          			}






                                          0x0041a113
                                          0x0041a11f
                                          0x0041a127
                                          0x0041a149
                                          0x0041a14d

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AD04,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 0041A149
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: ccacbf5eb89478a1b22f2d04d34551735973cf754df6cbc3769a9e892c112df6
                                          • Instruction ID: 8ef76428dd1d12ef39cacd126539cd3e55e809a8a2e251e733c194f7ddc05417
                                          • Opcode Fuzzy Hash: ccacbf5eb89478a1b22f2d04d34551735973cf754df6cbc3769a9e892c112df6
                                          • Instruction Fuzzy Hash: 89F012712001086FCB14DF99DC91EEB776DAF8C354F154249FE5997281C631E811CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 100%
                                          			E0041A110(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                          				long _t14;
                                          				void* _t21;
                                          
                                          				_t3 = _a4 + 0xc60; // 0xca0
                                          				E0041AB30(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                          				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                          				return _t14;
                                          			}





                                          0x0041a11f
                                          0x0041a127
                                          0x0041a149
                                          0x0041a14d

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AD04,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 0041A149
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                          • Instruction ID: 37a8c631670896842b218247a062c4f669cdd6b33082669530ec9f00ac69b820
                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                          • Instruction Fuzzy Hash: 2BF015B2210208ABCB14DF89CC81EEB77ADAF88754F118249BE0897241C630F811CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 68%
                                          			E0041A05A(intOrPtr _a12, void* _a16, void* _a112) {
                                          				long _t10;
                                          				void* _t14;
                                          
                                          				_pop(es);
                                          				asm("adc edx, [ebp-0x75]");
                                          				_t7 = _a12;
                                          				_t3 = _t7 + 0x10; // 0x300
                                          				_t4 = _t7 + 0xc50; // 0x40a923
                                          				E0041AB30(_t14, _a12, _t4,  *_t3, 0, 0x2c);
                                          				_t10 = NtClose(_a16); // executed
                                          				return _t10;
                                          			}





                                          0x0041a05a
                                          0x0041a05f
                                          0x0041a063
                                          0x0041a066
                                          0x0041a06f
                                          0x0041a077
                                          0x0041a085
                                          0x0041a089

                                          APIs
                                          • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 0041A085
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: b6c28b558763837c4347149753b39fcc1f4c557454048dbd55a30b7c3515dcc6
                                          • Instruction ID: acac1487e956714144bcc85c1c6f816035780bb105c7aa0acb26d56decd414dc
                                          • Opcode Fuzzy Hash: b6c28b558763837c4347149753b39fcc1f4c557454048dbd55a30b7c3515dcc6
                                          • Instruction Fuzzy Hash: 26E04F36600114ABD720DFA4CC85EDB7765EF48360F144159F91897242C630E5018A90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 100%
                                          			E0041A060(intOrPtr _a4, void* _a8) {
                                          				long _t8;
                                          				void* _t11;
                                          
                                          				_t5 = _a4;
                                          				_t2 = _t5 + 0x10; // 0x300
                                          				_t3 = _t5 + 0xc50; // 0x40a923
                                          				E0041AB30(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                          				_t8 = NtClose(_a8); // executed
                                          				return _t8;
                                          			}





                                          0x0041a063
                                          0x0041a066
                                          0x0041a06f
                                          0x0041a077
                                          0x0041a085
                                          0x0041a089

                                          APIs
                                          • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 0041A085
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                          • Instruction ID: 6cd8388973e83edfd6cfca07806e1d74deb588f8289630df2fc4ecf908b9aac5
                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                          • Instruction Fuzzy Hash: 48D01776200214ABD710EB99CC85FE77BADEF48760F154599BA189B242C530FA1086E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a52ac0f82d3f2e4cd91d13756d828c5c1466f08b868db9aa876f8acb2e7bf264
                                          • Instruction ID: 5d021acf1f031d5b734595c7a1f9d7944b7a68068faee468a1d1b00e0ce528de
                                          • Opcode Fuzzy Hash: a52ac0f82d3f2e4cd91d13756d828c5c1466f08b868db9aa876f8acb2e7bf264
                                          • Instruction Fuzzy Hash: 1C90027120100413D111619945047070009A7D0381F92C516A3418668DD6968A56B161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 53967eeca47b0e0c0ed32caa4fc09726c6dd970ddb8bc10db1c223a2a8173e32
                                          • Instruction ID: faf0f5e4cb38ddb3b397fb35c056a90ef43c3a61abf7017b9597059287bfbfd4
                                          • Opcode Fuzzy Hash: 53967eeca47b0e0c0ed32caa4fc09726c6dd970ddb8bc10db1c223a2a8173e32
                                          • Instruction Fuzzy Hash: 1E90027120108802D1106199840474A0005A7D0341F56C515A7418768DC6D589957161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c9188c9eb8e709d34693aba32700171b69b52aff3e4cf35d6c3a89a748dee3d3
                                          • Instruction ID: d037a494ab1f56a0019ff6c62b15f6cea390347293ed1c902dda607eff95f3f4
                                          • Opcode Fuzzy Hash: c9188c9eb8e709d34693aba32700171b69b52aff3e4cf35d6c3a89a748dee3d3
                                          • Instruction Fuzzy Hash: E790027120100802D1807199440474A0005A7D1341F92C119A3019764DCA558B5D77E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88c5ef8e944cab25d8eb143591a8e1e58eaf9dd172324d68f82961ead0c2a810
                                          • Instruction ID: 432e1ce9d525f57aefaca7daa4fe6280bf22d9d084bd04ba996dfdd8e8b53d12
                                          • Opcode Fuzzy Hash: 88c5ef8e944cab25d8eb143591a8e1e58eaf9dd172324d68f82961ead0c2a810
                                          • Instruction Fuzzy Hash: 4F210CB2D4020857CB25D665AD42BEF737CAB54318F04017FE949A3182F638BE49CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 76%
                                          			E0041A232(void* __eax, void* _a4, long _a8, void* _a12, long _a16, long _a20) {
                                          				char _v0;
                                          				void* __esi;
                                          				void* __ebp;
                                          				void* _t14;
                                          				void* _t15;
                                          				void* _t19;
                                          
                                          				_push(ss);
                                          				asm("adc [edi+0x71637609], bl");
                                          				if(__eax > 0x6814) {
                                          					E0041AB30(_t19, __eax, __eax + 0xc70, _t15, 0, 0x34);
                                          					_t14 = RtlAllocateHeap(_a12, _a16, _a20); // executed
                                          					return _t14;
                                          				} else {
                                          					asm("rcl dword [ebp-0x75], 1");
                                          					__ebp = __esp;
                                          					__eax = _v0;
                                          					_t7 = __eax + 0xc74; // 0xc74
                                          					__esi = _t7;
                                          					E0041AB30(__edi, _v0, _t7,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35) = _a8;
                                          					__eax = RtlFreeHeap(_a4, _a8, _a12); // executed
                                          					__esi = __esi;
                                          					__ebp = __ebp;
                                          					return __eax;
                                          				}
                                          			}









                                          0x0041a232
                                          0x0041a237
                                          0x0041a23d
                                          0x0041a217
                                          0x0041a22d
                                          0x0041a231
                                          0x0041a23f
                                          0x0041a23f
                                          0x0041a241
                                          0x0041a243
                                          0x0041a24f
                                          0x0041a24f
                                          0x0041a25f
                                          0x0041a26d
                                          0x0041a26f
                                          0x0041a270
                                          0x0041a271
                                          0x0041a271

                                          APIs
                                          • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A22D
                                          • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A26D
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Heap$AllocateFree
                                          • String ID:
                                          • API String ID: 2488874121-0
                                          • Opcode ID: 41c6d77b21372e6e760249ee94811cb53990d6a1dd09807ed84398ee990e095a
                                          • Instruction ID: 32c471b64de4a5dca659fafa16a7fdfa3d80d52b89d3e60c64f134843537d621
                                          • Opcode Fuzzy Hash: 41c6d77b21372e6e760249ee94811cb53990d6a1dd09807ed84398ee990e095a
                                          • Instruction Fuzzy Hash: C9018FB12012047BD714EF59CC44EEB776EEF84354F158659FE09A7241D631E821CBB4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 100%
                                          			E0041A240(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                          				char _t10;
                                          				void* _t15;
                                          
                                          				_t3 = _a4 + 0xc74; // 0xc74
                                          				E0041AB30(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                          				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                          				return _t10;
                                          			}





                                          0x0041a24f
                                          0x0041a257
                                          0x0041a26d
                                          0x0041a271

                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A26D
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                          • Instruction ID: 8b4701b4f03220052e2b3b5ed4c672ef58e2eb60ff823c8fb6afa074398e137c
                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                          • Instruction Fuzzy Hash: DCE04FB12102046BD714DF59CC45EE777ADEF88750F014559FE0857241C630F910CAF0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 100%
                                          			E0041A200(intOrPtr _a4, void* _a8, long _a12, long _a16) {
                                          				void* _t10;
                                          				intOrPtr _t11;
                                          				void* _t15;
                                          
                                          				_t7 = _a4;
                                          				_t11 =  *((intOrPtr*)(_a4 + 0x10));
                                          				E0041AB30(_t15, _t7, _t7 + 0xc70, _t11, 0, 0x34);
                                          				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
                                          				return _t10;
                                          			}






                                          0x0041a203
                                          0x0041a206
                                          0x0041a217
                                          0x0041a22d
                                          0x0041a231

                                          APIs
                                          • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A22D
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259139360.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                          • Instruction ID: 4224f920e4464a65d08b1d76aaa125f94db740d8927d38e6c7d6b62f4195d12c
                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                          • Instruction Fuzzy Hash: 58E012B1210208ABDB14EF99CC41EA777ADAF88664F118559BA085B242C630F9118AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 64afe882825211e786227babe75827398bafb4c50634dd9dc2ab5ddd17d48d49
                                          • Instruction ID: 35456ae393728103a7c1f5287dad9e25c431b0d5a05cc793e5439a94e99a3812
                                          • Opcode Fuzzy Hash: 64afe882825211e786227babe75827398bafb4c50634dd9dc2ab5ddd17d48d49
                                          • Instruction Fuzzy Hash: 26B09B71D014C5C5D611D7A4460C717794077D1745F17C156D3024751B8778C1D5F5B5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Strings
                                          • read from, xrefs: 0195B4AD, 0195B4B2
                                          • a NULL pointer, xrefs: 0195B4E0
                                          • This failed because of error %Ix., xrefs: 0195B446
                                          • <unknown>, xrefs: 0195B27E, 0195B2D1, 0195B350, 0195B399, 0195B417, 0195B48E
                                          • The resource is owned exclusively by thread %p, xrefs: 0195B374
                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0195B38F
                                          • *** enter .exr %p for the exception record, xrefs: 0195B4F1
                                          • The instruction at %p tried to %s , xrefs: 0195B4B6
                                          • *** An Access Violation occurred in %ws:%s, xrefs: 0195B48F
                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0195B305
                                          • *** then kb to get the faulting stack, xrefs: 0195B51C
                                          • *** Inpage error in %ws:%s, xrefs: 0195B418
                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0195B3D6
                                          • The instruction at %p referenced memory at %p., xrefs: 0195B432
                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 0195B352
                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0195B323
                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0195B476
                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0195B53F
                                          • Go determine why that thread has not released the critical section., xrefs: 0195B3C5
                                          • The critical section is owned by thread %p., xrefs: 0195B3B9
                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0195B314
                                          • The resource is owned shared by %d threads, xrefs: 0195B37E
                                          • *** enter .cxr %p for the context, xrefs: 0195B50D
                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0195B39B
                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0195B2F3
                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0195B484
                                          • an invalid address, %p, xrefs: 0195B4CF
                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0195B47D
                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0195B2DC
                                          • write to, xrefs: 0195B4A6
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                          • API String ID: 0-108210295
                                          • Opcode ID: 7fd4cd8f9d6cd41ca6b050bfa9aacd34175a815b3cfcf26d8a9c953c1b3837d9
                                          • Instruction ID: 9b53a8f442d6cbc44b8fc912a34db568cf2f8d1f2f8b96672699b5d2769bd0b4
                                          • Opcode Fuzzy Hash: 7fd4cd8f9d6cd41ca6b050bfa9aacd34175a815b3cfcf26d8a9c953c1b3837d9
                                          • Instruction Fuzzy Hash: 3E810971601200FFEF26DE4A8C85D6B3F2AAF9AB52F454048F90E7B212D2758611C772
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 77%
                                          			E018DC9BF(signed int __ecx, signed int __edx, signed int _a4, intOrPtr _a12) {
                                          				signed int _v12;
                                          				char _v552;
                                          				char _v1072;
                                          				char _v1073;
                                          				signed int _v1080;
                                          				signed int _v1084;
                                          				signed short _v1088;
                                          				signed int _v1092;
                                          				signed short _v1094;
                                          				char _v1096;
                                          				char _v1100;
                                          				intOrPtr _v1104;
                                          				signed int _v1108;
                                          				char _v1112;
                                          				char _v1116;
                                          				signed short _v1120;
                                          				char _v1124;
                                          				char* _v1128;
                                          				char _v1132;
                                          				char _v1135;
                                          				char _v1136;
                                          				signed int _v1140;
                                          				char _v1144;
                                          				intOrPtr _v1148;
                                          				short _v1150;
                                          				char _v1152;
                                          				signed int _v1156;
                                          				char* _v1160;
                                          				char _v1164;
                                          				signed int _v1168;
                                          				signed int _v1172;
                                          				intOrPtr _v1176;
                                          				intOrPtr _v1180;
                                          				char _v1184;
                                          				signed int _v1188;
                                          				signed int _v1192;
                                          				intOrPtr _v1196;
                                          				char* _v1200;
                                          				intOrPtr _v1204;
                                          				char _v1208;
                                          				char _v1216;
                                          				void* __ebx;
                                          				void* __edi;
                                          				void* __esi;
                                          				signed int _t166;
                                          				void* _t184;
                                          				signed short _t188;
                                          				char _t199;
                                          				intOrPtr _t200;
                                          				signed int _t205;
                                          				signed int _t207;
                                          				intOrPtr _t218;
                                          				short _t219;
                                          				char _t236;
                                          				char _t242;
                                          				signed int _t253;
                                          				intOrPtr _t258;
                                          				void* _t260;
                                          				signed int _t272;
                                          				void* _t276;
                                          				unsigned int _t277;
                                          				signed short _t279;
                                          				signed int _t280;
                                          				void* _t281;
                                          				void* _t305;
                                          
                                          				_t271 = __edx;
                                          				_v12 =  *0x199d360 ^ _t280;
                                          				_t253 = _a4;
                                          				_v1104 = _a12;
                                          				_t272 = __ecx;
                                          				_v1160 =  &_v1072;
                                          				_v1168 = __ecx;
                                          				_t166 = 0;
                                          				_v1073 = 0;
                                          				_v1084 = 0;
                                          				_t274 = 0;
                                          				_v1156 = 0;
                                          				_v1164 = 0x2080000;
                                          				_v1096 = 0;
                                          				_v1092 = 0;
                                          				_v1112 = 0;
                                          				_v1108 = 0;
                                          				_v1100 = 0;
                                          				if(__ecx == 0) {
                                          					L67:
                                          					_push(_t166);
                                          					_push(_t253);
                                          					_push(_t271);
                                          					_push(_t272);
                                          					L01935720(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
                                          					_t274 = 0xc000000d;
                                          					L21:
                                          					if(_v1073 == 0) {
                                          						L23:
                                          						if(_v1092 != 0) {
                                          							L018AAD30(_v1092);
                                          						}
                                          						L24:
                                          						if(_v1084 != 0) {
                                          							_push(_v1084);
                                          							E018E95D0();
                                          						}
                                          						_t170 = _v1156;
                                          						if(_v1156 != 0) {
                                          							L018C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t170);
                                          						}
                                          						L26:
                                          						return L018EB640(_t274, _t253, _v12 ^ _t280, _t271, _t272, _t274);
                                          					}
                                          					L22:
                                          					_v1144 = _v1100;
                                          					L018DCCC0(4,  &_v1144, _v1104);
                                          					goto L23;
                                          				}
                                          				if(__edx == 0 || _t253 < 1 || _t253 >  *((intOrPtr*)(__ecx + 4))) {
                                          					_t166 =  *((intOrPtr*)(_t272 + 4));
                                          					goto L67;
                                          				} else {
                                          					if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t253 * 4)) != 0) {
                                          						goto L26;
                                          					}
                                          					asm("lfence");
                                          					_t258 =  *((intOrPtr*)(__edx + 0x18));
                                          					_t260 =  *((intOrPtr*)(_t258 + __edx + 0x10)) + __edx;
                                          					_t276 =  *((intOrPtr*)(_t253 * 0x18 +  *((intOrPtr*)(_t258 + __edx + 0xc)) + __edx + 0x10)) + __edx;
                                          					_t181 =  *((intOrPtr*)(_t276 + 0x50));
                                          					if( *((intOrPtr*)(_t276 + 0x50)) > 0xfffe) {
                                          						_push(__edx);
                                          						L01935720(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t181);
                                          						_t274 = 0xc0000106;
                                          						goto L23;
                                          					}
                                          					if(( *(_t276 + 4) & 0x00000010) != 0) {
                                          						_v1080 =  &_v1164;
                                          						_t272 =  *((intOrPtr*)(_t276 + 0x18)) + _t260;
                                          						if(_t272 != 0) {
                                          							_t184 = L018F13D0(_t272, 0x5c);
                                          							if(_t184 != 0) {
                                          								_t188 = 0x00000004 + (_t184 - _t272 >> 0x00000001) * 0x00000002 & 0x0000ffff;
                                          								_v1088 = _t188;
                                          								_t277 = _t188 & 0x0000ffff;
                                          								if(_t188 <= 0x208) {
                                          									_t264 = _v1080;
                                          									L39:
                                          									E018EF3E0( *((intOrPtr*)(_t264 + 4)), _t272, _t277 - 2);
                                          									_t281 = _t281 + 0xc;
                                          									 *((short*)( *((intOrPtr*)(_v1080 + 4)) + (_t277 >> 1) * 2 - 2)) = 0;
                                          									 *_v1080 = _v1088 + 0xfffffffe;
                                          									L18:
                                          									if(_v1084 == 0) {
                                          										if(E018B6A00( *((intOrPtr*)(_v1080 + 4)),  &_v1112, 0,  &_v1184) != 0) {
                                          											_v1156 = _v1108;
                                          											_t199 = _v1184;
                                          											if(_t199 == 0) {
                                          												_t200 = 0;
                                          											} else {
                                          												_v1112 = _t199;
                                          												_v1108 = _v1180;
                                          												_t200 = _v1176;
                                          											}
                                          											_v1192 = _v1192 & 0x00000000;
                                          											_v1188 = _v1188 & 0x00000000;
                                          											_v1204 = _t200;
                                          											_push(0x21);
                                          											_v1200 =  &_v1112;
                                          											_push(3);
                                          											_push( &_v1216);
                                          											_v1208 = 0x18;
                                          											_push( &_v1208);
                                          											_push(0x100020);
                                          											_v1196 = 0x40;
                                          											_push( &_v1084);
                                          											_t205 = E018E9830();
                                          											_t272 = _v1172;
                                          											_t274 = _t205;
                                          											if(_t272 != 0) {
                                          												asm("lock xadd [edi], eax");
                                          												if((_t205 | 0xffffffff) == 0) {
                                          													_push( *((intOrPtr*)(_t272 + 4)));
                                          													E018E95D0();
                                          													L018C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t272);
                                          												}
                                          											}
                                          											if(_t274 >= 0) {
                                          												goto L19;
                                          											} else {
                                          												_push(_t274);
                                          												L01935720(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n",  *((intOrPtr*)(_v1080 + 4)));
                                          												goto L21;
                                          											}
                                          										}
                                          										L01935720(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n",  *((intOrPtr*)(_v1080 + 4)));
                                          										_t274 = 0xc000003a;
                                          										goto L21;
                                          									}
                                          									L19:
                                          									_t271 = _t253;
                                          									_t207 = L018DCE6C(_v1168, _t253, _v1080,  &_v1084);
                                          									_t274 = _t207;
                                          									if(_t207 < 0) {
                                          										L01935720(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t274);
                                          									} else {
                                          										_t274 = 0;
                                          									}
                                          									goto L21;
                                          								}
                                          								_v1094 = _t188;
                                          								_t218 = E018C3A1C(_t277);
                                          								_v1092 = _t218;
                                          								if(_t218 != 0) {
                                          									_t264 =  &_v1096;
                                          									_v1080 =  &_v1096;
                                          									goto L39;
                                          								}
                                          								_t274 = 0xc0000017;
                                          								goto L24;
                                          							}
                                          							_t274 = 0xc00000e5;
                                          							goto L23;
                                          						}
                                          						_t274 = 0xc00000e5;
                                          						goto L26;
                                          					}
                                          					_v1080 = _v1080 & 0x00000000;
                                          					_t219 =  *((intOrPtr*)(_t276 + 0x50));
                                          					_v1152 = _t219;
                                          					_v1150 = _t219;
                                          					_v1144 = __edx;
                                          					_v1148 =  *((intOrPtr*)(_t276 + 0x54)) + _t260;
                                          					_v1140 = _t253;
                                          					_v1128 =  &_v552;
                                          					_v1136 = 0;
                                          					_v1132 = 0x2160000;
                                          					_v1124 = 0;
                                          					_v1116 = 0;
                                          					_v1120 = 0;
                                          					L018DCCC0(1,  &_v1144, _v1104);
                                          					if(_v1116 != 0) {
                                          						_t274 = 0xc0000120;
                                          						goto L23;
                                          					}
                                          					if(_v1124 != 0) {
                                          						_t271 =  &_v1132;
                                          						_t274 = L018DCF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
                                          						if(_t274 >= 0) {
                                          							_t271 = _t253;
                                          							_t274 = L018DCE6C(_t272, _t253,  &_v1132,  &_v1084);
                                          							if(_t274 < 0) {
                                          								_push(_t274);
                                          								_push(_t253);
                                          								_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
                                          								L44:
                                          								_push(0);
                                          								_push(0x33);
                                          								L01935720();
                                          								goto L23;
                                          							}
                                          							_t274 = 0;
                                          							goto L23;
                                          						}
                                          						_push(_t274);
                                          						_push( &_v1132);
                                          						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
                                          						goto L44;
                                          					}
                                          					_t279 = _v1120;
                                          					_t272 = 0;
                                          					_t236 = _v1136;
                                          					_v1100 = _t236;
                                          					_v1088 = _t279;
                                          					_v1073 = 1;
                                          					if(_t279 == 0) {
                                          						L16:
                                          						_t305 = _t272 - _t279;
                                          						L17:
                                          						if(_t305 == 0) {
                                          							L54:
                                          							_push(_t272);
                                          							L01935720(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
                                          							_t274 = 0xc0150004;
                                          							goto L22;
                                          						}
                                          						goto L18;
                                          					} else {
                                          						goto L10;
                                          					}
                                          					while(1) {
                                          						L10:
                                          						_v1144 = _t236;
                                          						_v1128 =  &_v552;
                                          						_v1140 = _t272;
                                          						_v1132 = 0x2160000;
                                          						_v1136 = 0;
                                          						L018DCCC0(2,  &_v1144, _v1104);
                                          						if(_v1136 != 0) {
                                          							break;
                                          						}
                                          						_t242 = _v1132;
                                          						if(_v1135 != 0) {
                                          							if(_t242 == 0) {
                                          								goto L54;
                                          							}
                                          							_t119 = _t272 + 1; // 0x1
                                          							_t279 = _t119;
                                          							_v1088 = _t279;
                                          						}
                                          						if(_t242 == 0) {
                                          							L27:
                                          							_t272 = _t272 + 1;
                                          							if(_t272 >= _t279) {
                                          								goto L17;
                                          							} else {
                                          								_t236 = _v1100;
                                          								continue;
                                          							}
                                          						}
                                          						if(_v1084 != 0) {
                                          							_push(_v1084);
                                          							E018E95D0();
                                          							_v1084 = _v1084 & 0x00000000;
                                          						}
                                          						_t271 =  &_v1132;
                                          						_t274 = L018DCF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
                                          						if(_t274 < 0) {
                                          							if(_t274 != 0xc0150004) {
                                          								_push(_t274);
                                          								_push( &_v1152);
                                          								L01935720(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1132);
                                          								goto L22;
                                          							}
                                          							_t279 = _v1088;
                                          							goto L27;
                                          						} else {
                                          							_t279 = _v1088;
                                          							goto L16;
                                          						}
                                          					}
                                          					_t274 = 0xc0000120;
                                          					goto L22;
                                          				}
                                          			}




































































                                          0x018dc9bf
                                          0x018dc9d1
                                          0x018dc9d8
                                          0x018dc9dc
                                          0x018dc9e9
                                          0x018dc9eb
                                          0x018dc9f3
                                          0x018dc9f9
                                          0x018dc9fb
                                          0x018dca01
                                          0x018dca07
                                          0x018dca09
                                          0x018dca0f
                                          0x018dca19
                                          0x018dca1f
                                          0x018dca25
                                          0x018dca2b
                                          0x018dca31
                                          0x018dca39
                                          0x0191ac23
                                          0x0191ac23
                                          0x0191ac24
                                          0x0191ac25
                                          0x0191ac26
                                          0x0191ac34
                                          0x0191ac3c
                                          0x018dcc3c
                                          0x018dcc43
                                          0x018dcc65
                                          0x018dcc6c
                                          0x0191ac4c
                                          0x0191ac4c
                                          0x018dcc72
                                          0x018dcc79
                                          0x0191ac56
                                          0x0191ac5c
                                          0x0191ac5c
                                          0x018dcc7f
                                          0x018dcc87
                                          0x0191ac72
                                          0x0191ac72
                                          0x018dcc8d
                                          0x018dcc9f
                                          0x018dcc9f
                                          0x018dcc45
                                          0x018dcc51
                                          0x018dcc60
                                          0x00000000
                                          0x018dcc60
                                          0x018dca41
                                          0x0191ac20
                                          0x00000000
                                          0x018dca59
                                          0x018dca5f
                                          0x00000000
                                          0x00000000
                                          0x018dca65
                                          0x018dca68
                                          0x018dca76
                                          0x018dca7c
                                          0x018dca7e
                                          0x018dca86
                                          0x0191a8ea
                                          0x0191a8f5
                                          0x0191a8fd
                                          0x00000000
                                          0x0191a8fd
                                          0x018dca90
                                          0x0191a90d
                                          0x0191a916
                                          0x0191a918
                                          0x0191a927
                                          0x0191a930
                                          0x0191a94c
                                          0x0191a94f
                                          0x0191a955
                                          0x0191a95b
                                          0x0191a98c
                                          0x0191a992
                                          0x0191a99a
                                          0x0191a9a9
                                          0x0191a9af
                                          0x0191a9c3
                                          0x018dcc09
                                          0x018dcc10
                                          0x0191ab03
                                          0x0191ab2f
                                          0x0191ab35
                                          0x0191ab3e
                                          0x0191ab5a
                                          0x0191ab40
                                          0x0191ab40
                                          0x0191ab4c
                                          0x0191ab52
                                          0x0191ab52
                                          0x0191ab5c
                                          0x0191ab63
                                          0x0191ab6a
                                          0x0191ab76
                                          0x0191ab78
                                          0x0191ab84
                                          0x0191ab86
                                          0x0191ab8d
                                          0x0191ab97
                                          0x0191ab98
                                          0x0191aba3
                                          0x0191abad
                                          0x0191abae
                                          0x0191abb3
                                          0x0191abb9
                                          0x0191abbd
                                          0x0191abc2
                                          0x0191abc6
                                          0x0191abc8
                                          0x0191abcb
                                          0x0191abdc
                                          0x0191abdc
                                          0x0191abc6
                                          0x0191abe3
                                          0x00000000
                                          0x0191abe9
                                          0x0191abef
                                          0x0191abfc
                                          0x00000000
                                          0x0191ac01
                                          0x0191abe3
                                          0x0191ab17
                                          0x0191ab1f
                                          0x00000000
                                          0x0191ab1f
                                          0x018dcc16
                                          0x018dcc29
                                          0x018dcc2b
                                          0x018dcc30
                                          0x018dcc34
                                          0x0191ac13
                                          0x018dcc3a
                                          0x018dcc3a
                                          0x018dcc3a
                                          0x00000000
                                          0x018dcc34
                                          0x0191a95e
                                          0x0191a965
                                          0x0191a96a
                                          0x0191a972
                                          0x0191a97e
                                          0x0191a984
                                          0x00000000
                                          0x0191a984
                                          0x0191a974
                                          0x00000000
                                          0x0191a974
                                          0x0191a932
                                          0x00000000
                                          0x0191a932
                                          0x0191a91a
                                          0x00000000
                                          0x0191a91a
                                          0x018dca96
                                          0x018dca9d
                                          0x018dcaa7
                                          0x018dcaae
                                          0x018dcaba
                                          0x018dcac0
                                          0x018dcace
                                          0x018dcad4
                                          0x018dcae3
                                          0x018dcae9
                                          0x018dcaf3
                                          0x018dcaf9
                                          0x018dcaff
                                          0x018dcb05
                                          0x018dcb11
                                          0x0191a9cb
                                          0x00000000
                                          0x0191a9cb
                                          0x018dcb1e
                                          0x0191a9f8
                                          0x0191aa03
                                          0x0191aa07
                                          0x0191aa36
                                          0x0191aa47
                                          0x0191aa4b
                                          0x0191aa18
                                          0x0191aa19
                                          0x0191aa1a
                                          0x0191aa1f
                                          0x0191aa1f
                                          0x0191aa21
                                          0x0191aa23
                                          0x00000000
                                          0x0191aa28
                                          0x0191aa4d
                                          0x00000000
                                          0x0191aa4d
                                          0x0191aa09
                                          0x0191aa10
                                          0x0191aa11
                                          0x00000000
                                          0x0191aa11
                                          0x018dcb24
                                          0x018dcb2a
                                          0x018dcb2c
                                          0x018dcb32
                                          0x018dcb38
                                          0x018dcb3e
                                          0x018dcb47
                                          0x018dcc01
                                          0x018dcc01
                                          0x018dcc03
                                          0x018dcc03
                                          0x0191aac0
                                          0x0191aac0
                                          0x0191aad1
                                          0x0191aad9
                                          0x00000000
                                          0x0191aad9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x018dcb4d
                                          0x018dcb4d
                                          0x018dcb53
                                          0x018dcb5f
                                          0x018dcb6e
                                          0x018dcb74
                                          0x018dcb7e
                                          0x018dcb87
                                          0x018dcb93
                                          0x00000000
                                          0x00000000
                                          0x018dcba0
                                          0x018dcba7
                                          0x0191aa57
                                          0x00000000
                                          0x00000000
                                          0x0191aa59
                                          0x0191aa59
                                          0x0191aa5c
                                          0x0191aa5c
                                          0x018dcbb0
                                          0x018dcca2
                                          0x018dcca2
                                          0x018dcca5
                                          0x00000000
                                          0x018dccab
                                          0x018dccab
                                          0x00000000
                                          0x018dccab
                                          0x018dcca5
                                          0x018dcbbd
                                          0x0191aa67
                                          0x0191aa6d
                                          0x0191aa72
                                          0x0191aa72
                                          0x018dcbe6
                                          0x018dcbf1
                                          0x018dcbf5
                                          0x0191aa84
                                          0x0191aa91
                                          0x0191aa98
                                          0x0191aaa9
                                          0x00000000
                                          0x0191aaae
                                          0x0191aa86
                                          0x00000000
                                          0x018dcbfb
                                          0x018dcbfb
                                          0x00000000
                                          0x018dcbfb
                                          0x018dcbf5
                                          0x0191aab6
                                          0x00000000
                                          0x0191aab6

                                          Strings
                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 0191AA1A
                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 0191AAA0
                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 0191AAC8
                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 0191ABF3
                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 0191A8EC
                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 0191AA11
                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0191AC27
                                          • @, xrefs: 0191ABA3
                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 0191AC0A
                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 0191AB0E
                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 0191AC2C
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                          • API String ID: 0-4009184096
                                          • Opcode ID: 87ca4fde804c277f6209c5c864784dac85815c146e4a975b4d6930d66b485db9
                                          • Instruction ID: b07527a49448bcb7ef1d9fe506e99db0b1aa2d688505e912397af014f42cff9f
                                          • Opcode Fuzzy Hash: 87ca4fde804c277f6209c5c864784dac85815c146e4a975b4d6930d66b485db9
                                          • Instruction Fuzzy Hash: FD027DB2D0126D9BDB21DB18CD80BAAB7B8AB54714F4041DAE70DA7241DB309FC4CF59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 59%
                                          			E01964AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
                                          				signed int _v6;
                                          				signed int _v8;
                                          				signed int _v12;
                                          				signed int _v16;
                                          				signed int _v20;
                                          				signed int _v24;
                                          				signed int _v28;
                                          				void* __ebx;
                                          				void* __edi;
                                          				void* __esi;
                                          				void* __ebp;
                                          				signed int _t189;
                                          				intOrPtr _t191;
                                          				intOrPtr _t210;
                                          				signed int _t225;
                                          				signed char _t231;
                                          				intOrPtr _t232;
                                          				unsigned int _t245;
                                          				intOrPtr _t249;
                                          				intOrPtr _t259;
                                          				signed int _t281;
                                          				signed int _t283;
                                          				intOrPtr _t284;
                                          				signed int _t288;
                                          				signed int* _t294;
                                          				signed int* _t298;
                                          				intOrPtr* _t299;
                                          				intOrPtr* _t300;
                                          				signed int _t307;
                                          				signed int _t309;
                                          				signed short _t312;
                                          				signed short _t315;
                                          				signed int _t317;
                                          				signed int _t320;
                                          				signed int _t322;
                                          				signed int _t326;
                                          				signed int _t327;
                                          				void* _t328;
                                          				signed int _t332;
                                          				signed int _t340;
                                          				signed int _t342;
                                          				signed char _t344;
                                          				signed int* _t345;
                                          				void* _t346;
                                          				signed char _t352;
                                          				signed char _t367;
                                          				signed int _t374;
                                          				intOrPtr* _t378;
                                          				signed int _t380;
                                          				signed int _t385;
                                          				signed char _t390;
                                          				unsigned int _t392;
                                          				signed char _t395;
                                          				unsigned int _t397;
                                          				intOrPtr* _t400;
                                          				signed int _t402;
                                          				signed int _t405;
                                          				intOrPtr* _t406;
                                          				signed int _t407;
                                          				intOrPtr _t412;
                                          				void* _t414;
                                          				signed int _t415;
                                          				signed int _t416;
                                          				signed int _t429;
                                          
                                          				_v16 = _v16 & 0x00000000;
                                          				_t189 = 0;
                                          				_v8 = _v8 & 0;
                                          				_t332 = __edx;
                                          				_v12 = 0;
                                          				_t414 = __ecx;
                                          				_t415 = __edx;
                                          				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
                                          					L88:
                                          					_t416 = _v16;
                                          					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
                                          						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
                                          						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
                                          							L107:
                                          							return 1;
                                          						}
                                          						_t191 =  *[fs:0x30];
                                          						__eflags =  *(_t191 + 0xc);
                                          						if( *(_t191 + 0xc) == 0) {
                                          							_push("HEAP: ");
                                          							E018AB150();
                                          						} else {
                                          							E018AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                          						}
                                          						_push(_v12);
                                          						_push( *((intOrPtr*)(_t332 + 0x30)));
                                          						_push(_t332);
                                          						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
                                          						L122:
                                          						E018AB150();
                                          						L119:
                                          						return 0;
                                          					}
                                          					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                          						_push("HEAP: ");
                                          						E018AB150();
                                          					} else {
                                          						E018AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                          					}
                                          					_push(_t416);
                                          					_push( *((intOrPtr*)(_t332 + 0x2c)));
                                          					_push(_t332);
                                          					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
                                          					goto L122;
                                          				} else {
                                          					goto L1;
                                          				}
                                          				do {
                                          					L1:
                                          					 *_a16 = _t415;
                                          					if( *(_t414 + 0x4c) != 0) {
                                          						_t392 =  *(_t414 + 0x50) ^  *_t415;
                                          						 *_t415 = _t392;
                                          						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
                                          						_t424 = _t392 >> 0x18 - _t352;
                                          						if(_t392 >> 0x18 != _t352) {
                                          							_push(_t352);
                                          							E0195FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
                                          						}
                                          					}
                                          					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
                                          						_t210 =  *[fs:0x30];
                                          						__eflags =  *(_t210 + 0xc);
                                          						if( *(_t210 + 0xc) == 0) {
                                          							_push("HEAP: ");
                                          							E018AB150();
                                          						} else {
                                          							E018AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                          						}
                                          						_push(_v8 & 0x0000ffff);
                                          						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
                                          						__eflags = _t340;
                                          						_push(_t340);
                                          						E018AB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
                                          						L117:
                                          						__eflags =  *(_t414 + 0x4c);
                                          						if( *(_t414 + 0x4c) != 0) {
                                          							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
                                          							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                          							__eflags =  *_t415;
                                          						}
                                          						goto L119;
                                          					}
                                          					_t225 =  *_t415 & 0x0000ffff;
                                          					_t390 =  *(_t415 + 2);
                                          					_t342 = _t225;
                                          					_v8 = _t342;
                                          					_v20 = _t342;
                                          					_v28 = _t225 << 3;
                                          					if((_t390 & 0x00000001) == 0) {
                                          						__eflags =  *(_t414 + 0x40) & 0x00000040;
                                          						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
                                          						__eflags = _t344 & 0x00000001;
                                          						if((_t344 & 0x00000001) == 0) {
                                          							L66:
                                          							_t345 = _a12;
                                          							 *_a8 =  *_a8 + 1;
                                          							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
                                          							__eflags =  *_t345;
                                          							L67:
                                          							_t231 =  *(_t415 + 6);
                                          							if(_t231 == 0) {
                                          								_t346 = _t414;
                                          							} else {
                                          								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
                                          							}
                                          							if(_t346 != _t332) {
                                          								_t232 =  *[fs:0x30];
                                          								__eflags =  *(_t232 + 0xc);
                                          								if( *(_t232 + 0xc) == 0) {
                                          									_push("HEAP: ");
                                          									E018AB150();
                                          								} else {
                                          									E018AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                          								}
                                          								_push( *(_t415 + 6) & 0x000000ff);
                                          								_push(_t415);
                                          								_push("Heap block at %p has incorrect segment offset (%x)\n");
                                          								goto L95;
                                          							} else {
                                          								if( *((char*)(_t415 + 7)) != 3) {
                                          									__eflags =  *(_t414 + 0x4c);
                                          									if( *(_t414 + 0x4c) != 0) {
                                          										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                                          										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                          										__eflags =  *_t415;
                                          									}
                                          									_t415 = _t415 + _v28;
                                          									__eflags = _t415;
                                          									goto L86;
                                          								}
                                          								_t245 =  *(_t415 + 0x1c);
                                          								if(_t245 == 0) {
                                          									_t395 =  *_t415 & 0x0000ffff;
                                          									_v6 = _t395 >> 8;
                                          									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
                                          									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
                                          										__eflags =  *(_t414 + 0x4c);
                                          										if( *(_t414 + 0x4c) != 0) {
                                          											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
                                          											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                          											__eflags =  *_t415;
                                          										}
                                          										goto L107;
                                          									}
                                          									_t249 =  *[fs:0x30];
                                          									__eflags =  *(_t249 + 0xc);
                                          									if( *(_t249 + 0xc) == 0) {
                                          										_push("HEAP: ");
                                          										E018AB150();
                                          									} else {
                                          										E018AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                          									}
                                          									_push( *((intOrPtr*)(_t332 + 0x28)));
                                          									_push(_t415);
                                          									_push("Heap block at %p is not last block in segment (%p)\n");
                                          									L95:
                                          									E018AB150();
                                          									goto L117;
                                          								}
                                          								_v12 = _v12 + 1;
                                          								_v16 = _v16 + (_t245 >> 0xc);
                                          								if( *(_t414 + 0x4c) != 0) {
                                          									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                                          									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                          								}
                                          								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
                                          								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
                                          									L82:
                                          									_v8 = _v8 & 0x00000000;
                                          									goto L86;
                                          								} else {
                                          									if( *(_t414 + 0x4c) != 0) {
                                          										_t397 =  *(_t414 + 0x50) ^  *_t415;
                                          										 *_t415 = _t397;
                                          										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
                                          										_t442 = _t397 >> 0x18 - _t367;
                                          										if(_t397 >> 0x18 != _t367) {
                                          											_push(_t367);
                                          											E0195FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
                                          										}
                                          									}
                                          									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
                                          										_t259 =  *[fs:0x30];
                                          										__eflags =  *(_t259 + 0xc);
                                          										if( *(_t259 + 0xc) == 0) {
                                          											_push("HEAP: ");
                                          											E018AB150();
                                          										} else {
                                          											E018AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                          										}
                                          										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
                                          										_push(_t415);
                                          										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
                                          										goto L95;
                                          									} else {
                                          										if( *(_t414 + 0x4c) != 0) {
                                          											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
                                          											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                          										}
                                          										goto L82;
                                          									}
                                          								}
                                          							}
                                          						}
                                          						_t281 = _v28 + 0xfffffff0;
                                          						_v24 = _t281;
                                          						__eflags = _t390 & 0x00000002;
                                          						if((_t390 & 0x00000002) != 0) {
                                          							__eflags = _t281 - 4;
                                          							if(_t281 > 4) {
                                          								_t281 = _t281 - 4;
                                          								__eflags = _t281;
                                          								_v24 = _t281;
                                          							}
                                          						}
                                          						__eflags = _t390 & 0x00000008;
                                          						if((_t390 & 0x00000008) == 0) {
                                          							_t102 = _t415 + 0x10; // -8
                                          							_t283 = L018FD540(_t102, _t281, 0xfeeefeee);
                                          							_v20 = _t283;
                                          							__eflags = _t283 - _v24;
                                          							if(_t283 != _v24) {
                                          								_t284 =  *[fs:0x30];
                                          								__eflags =  *(_t284 + 0xc);
                                          								if( *(_t284 + 0xc) == 0) {
                                          									_push("HEAP: ");
                                          									E018AB150();
                                          								} else {
                                          									E018AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                          								}
                                          								_t288 = _v20 + 8 + _t415;
                                          								__eflags = _t288;
                                          								_push(_t288);
                                          								_push(_t415);
                                          								_push("Free Heap block %p modified at %p after it was freed\n");
                                          								goto L95;
                                          							}
                                          							goto L66;
                                          						} else {
                                          							_t374 =  *(_t415 + 8);
                                          							_t400 =  *((intOrPtr*)(_t415 + 0xc));
                                          							_v24 = _t374;
                                          							_v28 = _t400;
                                          							_t294 =  *(_t374 + 4);
                                          							__eflags =  *_t400 - _t294;
                                          							if( *_t400 != _t294) {
                                          								L64:
                                          								_push(_t374);
                                          								_push( *_t400);
                                          								_t101 = _t415 + 8; // -16
                                          								E0196A80D(_t414, 0xd, _t101, _t294);
                                          								goto L86;
                                          							}
                                          							_t56 = _t415 + 8; // -16
                                          							__eflags =  *_t400 - _t56;
                                          							_t374 = _v24;
                                          							if( *_t400 != _t56) {
                                          								goto L64;
                                          							}
                                          							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
                                          							_t402 =  *(_t414 + 0xb4);
                                          							__eflags = _t402;
                                          							if(_t402 == 0) {
                                          								L35:
                                          								_t298 = _v28;
                                          								 *_t298 = _t374;
                                          								 *(_t374 + 4) = _t298;
                                          								__eflags =  *(_t415 + 2) & 0x00000008;
                                          								if(( *(_t415 + 2) & 0x00000008) == 0) {
                                          									L39:
                                          									_t377 =  *_t415 & 0x0000ffff;
                                          									_t299 = _t414 + 0xc0;
                                          									_v28 =  *_t415 & 0x0000ffff;
                                          									 *(_t415 + 2) = 0;
                                          									 *((char*)(_t415 + 7)) = 0;
                                          									__eflags =  *(_t414 + 0xb4);
                                          									if( *(_t414 + 0xb4) == 0) {
                                          										_t378 =  *_t299;
                                          									} else {
                                          										_t378 = E018CE12C(_t414, _t377);
                                          										_t299 = _t414 + 0xc0;
                                          									}
                                          									__eflags = _t299 - _t378;
                                          									if(_t299 == _t378) {
                                          										L51:
                                          										_t300 =  *((intOrPtr*)(_t378 + 4));
                                          										__eflags =  *_t300 - _t378;
                                          										if( *_t300 != _t378) {
                                          											_push(_t378);
                                          											_push( *_t300);
                                          											__eflags = 0;
                                          											E0196A80D(0, 0xd, _t378, 0);
                                          										} else {
                                          											_t87 = _t415 + 8; // -16
                                          											_t406 = _t87;
                                          											 *_t406 = _t378;
                                          											 *((intOrPtr*)(_t406 + 4)) = _t300;
                                          											 *_t300 = _t406;
                                          											 *((intOrPtr*)(_t378 + 4)) = _t406;
                                          										}
                                          										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
                                          										_t405 =  *(_t414 + 0xb4);
                                          										__eflags = _t405;
                                          										if(_t405 == 0) {
                                          											L61:
                                          											__eflags =  *(_t414 + 0x4c);
                                          											if(__eflags != 0) {
                                          												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                                          												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                          											}
                                          											goto L86;
                                          										} else {
                                          											_t380 =  *_t415 & 0x0000ffff;
                                          											while(1) {
                                          												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
                                          												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
                                          													break;
                                          												}
                                          												_t307 =  *_t405;
                                          												__eflags = _t307;
                                          												if(_t307 == 0) {
                                          													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
                                          													L60:
                                          													_t94 = _t415 + 8; // -16
                                          													L018CE4A0(_t414, _t405, 1, _t94, _t309, _t380);
                                          													goto L61;
                                          												}
                                          												_t405 = _t307;
                                          											}
                                          											_t309 = _t380;
                                          											goto L60;
                                          										}
                                          									} else {
                                          										_t407 =  *(_t414 + 0x4c);
                                          										while(1) {
                                          											__eflags = _t407;
                                          											if(_t407 == 0) {
                                          												_t312 =  *(_t378 - 8) & 0x0000ffff;
                                          											} else {
                                          												_t315 =  *(_t378 - 8);
                                          												_t407 =  *(_t414 + 0x4c);
                                          												__eflags = _t315 & _t407;
                                          												if((_t315 & _t407) != 0) {
                                          													_t315 = _t315 ^  *(_t414 + 0x50);
                                          													__eflags = _t315;
                                          												}
                                          												_t312 = _t315 & 0x0000ffff;
                                          											}
                                          											__eflags = _v28 - (_t312 & 0x0000ffff);
                                          											if(_v28 <= (_t312 & 0x0000ffff)) {
                                          												goto L51;
                                          											}
                                          											_t378 =  *_t378;
                                          											__eflags = _t414 + 0xc0 - _t378;
                                          											if(_t414 + 0xc0 != _t378) {
                                          												continue;
                                          											}
                                          											goto L51;
                                          										}
                                          										goto L51;
                                          									}
                                          								}
                                          								_t317 = E018CA229(_t414, _t415);
                                          								__eflags = _t317;
                                          								if(_t317 != 0) {
                                          									goto L39;
                                          								}
                                          								E018CA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
                                          								goto L86;
                                          							}
                                          							_t385 =  *_t415 & 0x0000ffff;
                                          							while(1) {
                                          								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
                                          								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
                                          									break;
                                          								}
                                          								_t320 =  *_t402;
                                          								__eflags = _t320;
                                          								if(_t320 == 0) {
                                          									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
                                          									L34:
                                          									_t63 = _t415 + 8; // -16
                                          									L018CBC04(_t414, _t402, 1, _t63, _t322, _t385);
                                          									_t374 = _v24;
                                          									goto L35;
                                          								}
                                          								_t402 = _t320;
                                          							}
                                          							_t322 = _t385;
                                          							goto L34;
                                          						}
                                          					}
                                          					if(_a20 == 0) {
                                          						L18:
                                          						if(( *(_t415 + 2) & 0x00000004) == 0) {
                                          							goto L67;
                                          						}
                                          						if(E019523E3(_t414, _t415) == 0) {
                                          							goto L117;
                                          						}
                                          						goto L67;
                                          					} else {
                                          						if((_t390 & 0x00000002) == 0) {
                                          							_t326 =  *(_t415 + 3) & 0x000000ff;
                                          						} else {
                                          							_t328 = L018A1F5B(_t415);
                                          							_t342 = _v20;
                                          							_t326 =  *(_t328 + 2) & 0x0000ffff;
                                          						}
                                          						_t429 = _t326;
                                          						if(_t429 == 0) {
                                          							goto L18;
                                          						}
                                          						if(_t429 >= 0) {
                                          							__eflags = _t326 & 0x00000800;
                                          							if(__eflags != 0) {
                                          								goto L18;
                                          							}
                                          							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
                                          							if(__eflags >= 0) {
                                          								goto L18;
                                          							}
                                          							_t412 = _a20;
                                          							_t327 = _t326 & 0x0000ffff;
                                          							L17:
                                          							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
                                          							goto L18;
                                          						}
                                          						_t327 = _t326 & 0x00007fff;
                                          						if(_t327 >= 0x81) {
                                          							goto L18;
                                          						}
                                          						_t412 = _a24;
                                          						goto L17;
                                          					}
                                          					L86:
                                          				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
                                          				_t189 = _v12;
                                          				goto L88;
                                          			}



































































                                          0x01964af7
                                          0x01964afb
                                          0x01964afd
                                          0x01964b01
                                          0x01964b03
                                          0x01964b08
                                          0x01964b0a
                                          0x01964b0f
                                          0x01964eb5
                                          0x01964eb5
                                          0x01964ebb
                                          0x019650d5
                                          0x019650d8
                                          0x01964ff6
                                          0x00000000
                                          0x01964ff6
                                          0x019650de
                                          0x019650e4
                                          0x019650e8
                                          0x01965107
                                          0x0196510c
                                          0x019650ea
                                          0x019650ff
                                          0x01965104
                                          0x01965112
                                          0x01965115
                                          0x01965118
                                          0x01965119
                                          0x019650cb
                                          0x019650cb
                                          0x019650af
                                          0x00000000
                                          0x019650af
                                          0x01964ecb
                                          0x019650b6
                                          0x019650bb
                                          0x01964ed1
                                          0x01964ee6
                                          0x01964eeb
                                          0x019650c1
                                          0x019650c2
                                          0x019650c5
                                          0x019650c6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01964b15
                                          0x01964b15
                                          0x01964b1c
                                          0x01964b1e
                                          0x01964b23
                                          0x01964b27
                                          0x01964b33
                                          0x01964b38
                                          0x01964b3a
                                          0x01964b3c
                                          0x01964b41
                                          0x01964b41
                                          0x01964b3a
                                          0x01964b52
                                          0x01965045
                                          0x0196504b
                                          0x0196504f
                                          0x0196506e
                                          0x01965073
                                          0x01965051
                                          0x01965066
                                          0x0196506b
                                          0x01965083
                                          0x01965088
                                          0x01965088
                                          0x0196508a
                                          0x01965091
                                          0x01965099
                                          0x01965099
                                          0x0196509d
                                          0x019650a7
                                          0x019650ad
                                          0x019650ad
                                          0x019650ad
                                          0x00000000
                                          0x0196509d
                                          0x01964b58
                                          0x01964b5b
                                          0x01964b5e
                                          0x01964b63
                                          0x01964b66
                                          0x01964b69
                                          0x01964b6f
                                          0x01964be4
                                          0x01964bf0
                                          0x01964bf2
                                          0x01964bf5
                                          0x01964dc3
                                          0x01964dc6
                                          0x01964dc9
                                          0x01964dce
                                          0x01964dce
                                          0x01964dd0
                                          0x01964dd0
                                          0x01964dd5
                                          0x01964def
                                          0x01964dd7
                                          0x01964de7
                                          0x01964de7
                                          0x01964df3
                                          0x01965001
                                          0x01965007
                                          0x0196500b
                                          0x0196502a
                                          0x0196502f
                                          0x0196500d
                                          0x01965022
                                          0x01965027
                                          0x01965039
                                          0x0196503a
                                          0x0196503b
                                          0x00000000
                                          0x01964df9
                                          0x01964dfd
                                          0x01964e90
                                          0x01964e94
                                          0x01964e9e
                                          0x01964ea4
                                          0x01964ea4
                                          0x01964ea4
                                          0x01964ea6
                                          0x01964ea6
                                          0x00000000
                                          0x01964ea6
                                          0x01964e03
                                          0x01964e08
                                          0x01964f88
                                          0x01964f92
                                          0x01964f99
                                          0x01964f9c
                                          0x01964fe0
                                          0x01964fe4
                                          0x01964fee
                                          0x01964ff4
                                          0x01964ff4
                                          0x01964ff4
                                          0x00000000
                                          0x01964fe4
                                          0x01964f9e
                                          0x01964fa4
                                          0x01964fa8
                                          0x01964fc7
                                          0x01964fcc
                                          0x01964faa
                                          0x01964fbf
                                          0x01964fc4
                                          0x01964fd2
                                          0x01964fd5
                                          0x01964fd6
                                          0x01964f34
                                          0x01964f34
                                          0x00000000
                                          0x01964f39
                                          0x01964e0e
                                          0x01964e14
                                          0x01964e1b
                                          0x01964e25
                                          0x01964e2b
                                          0x01964e2b
                                          0x01964e33
                                          0x01964e38
                                          0x01964e8a
                                          0x01964e8a
                                          0x00000000
                                          0x01964e3a
                                          0x01964e3e
                                          0x01964e43
                                          0x01964e47
                                          0x01964e53
                                          0x01964e58
                                          0x01964e5a
                                          0x01964e5c
                                          0x01964e61
                                          0x01964e61
                                          0x01964e5a
                                          0x01964e6e
                                          0x01964f41
                                          0x01964f47
                                          0x01964f4b
                                          0x01964f6a
                                          0x01964f6f
                                          0x01964f4d
                                          0x01964f62
                                          0x01964f67
                                          0x01964f7f
                                          0x01964f80
                                          0x01964f81
                                          0x00000000
                                          0x01964e74
                                          0x01964e78
                                          0x01964e82
                                          0x01964e88
                                          0x01964e88
                                          0x00000000
                                          0x01964e78
                                          0x01964e6e
                                          0x01964e38
                                          0x01964df3
                                          0x01964bfe
                                          0x01964c01
                                          0x01964c04
                                          0x01964c07
                                          0x01964c09
                                          0x01964c0c
                                          0x01964c0e
                                          0x01964c0e
                                          0x01964c11
                                          0x01964c11
                                          0x01964c0c
                                          0x01964c14
                                          0x01964c17
                                          0x01964dae
                                          0x01964db2
                                          0x01964db7
                                          0x01964dba
                                          0x01964dbd
                                          0x01964ef1
                                          0x01964ef7
                                          0x01964efb
                                          0x01964f1a
                                          0x01964f1f
                                          0x01964efd
                                          0x01964f12
                                          0x01964f17
                                          0x01964f2b
                                          0x01964f2b
                                          0x01964f2d
                                          0x01964f2e
                                          0x01964f2f
                                          0x00000000
                                          0x01964f2f
                                          0x00000000
                                          0x01964c1d
                                          0x01964c1d
                                          0x01964c20
                                          0x01964c23
                                          0x01964c26
                                          0x01964c29
                                          0x01964c2c
                                          0x01964c2e
                                          0x01964d91
                                          0x01964d91
                                          0x01964d92
                                          0x01964d97
                                          0x01964d9e
                                          0x00000000
                                          0x01964d9e
                                          0x01964c34
                                          0x01964c37
                                          0x01964c39
                                          0x01964c3c
                                          0x00000000
                                          0x00000000
                                          0x01964c45
                                          0x01964c48
                                          0x01964c4e
                                          0x01964c50
                                          0x01964c78
                                          0x01964c78
                                          0x01964c7b
                                          0x01964c7d
                                          0x01964c80
                                          0x01964c84
                                          0x01964cad
                                          0x01964cad
                                          0x01964cb0
                                          0x01964cb8
                                          0x01964cbb
                                          0x01964cbe
                                          0x01964cc1
                                          0x01964cc7
                                          0x01964cdc
                                          0x01964cc9
                                          0x01964cd2
                                          0x01964cd4
                                          0x01964cd4
                                          0x01964cde
                                          0x01964ce0
                                          0x01964d13
                                          0x01964d13
                                          0x01964d16
                                          0x01964d18
                                          0x01964d29
                                          0x01964d2a
                                          0x01964d2c
                                          0x01964d34
                                          0x01964d1a
                                          0x01964d1a
                                          0x01964d1a
                                          0x01964d1d
                                          0x01964d1f
                                          0x01964d22
                                          0x01964d24
                                          0x01964d24
                                          0x01964d3c
                                          0x01964d3f
                                          0x01964d45
                                          0x01964d47
                                          0x01964d6c
                                          0x01964d6c
                                          0x01964d70
                                          0x01964d7e
                                          0x01964d84
                                          0x01964d84
                                          0x00000000
                                          0x01964d49
                                          0x01964d49
                                          0x01964d56
                                          0x01964d56
                                          0x01964d59
                                          0x00000000
                                          0x00000000
                                          0x01964d4e
                                          0x01964d50
                                          0x01964d52
                                          0x01964d8e
                                          0x01964d5d
                                          0x01964d5f
                                          0x01964d67
                                          0x00000000
                                          0x01964d67
                                          0x01964d54
                                          0x01964d54
                                          0x01964d5b
                                          0x00000000
                                          0x01964d5b
                                          0x01964ce2
                                          0x01964ce2
                                          0x01964ce5
                                          0x01964ce5
                                          0x01964ce7
                                          0x01964cfb
                                          0x01964ce9
                                          0x01964ce9
                                          0x01964cec
                                          0x01964cef
                                          0x01964cf1
                                          0x01964cf3
                                          0x01964cf3
                                          0x01964cf3
                                          0x01964cf6
                                          0x01964cf6
                                          0x01964d02
                                          0x01964d05
                                          0x00000000
                                          0x00000000
                                          0x01964d07
                                          0x01964d0f
                                          0x01964d11
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01964d11
                                          0x00000000
                                          0x01964ce5
                                          0x01964ce0
                                          0x01964c8a
                                          0x01964c8f
                                          0x01964c91
                                          0x00000000
                                          0x00000000
                                          0x01964c9d
                                          0x00000000
                                          0x01964c9d
                                          0x01964c52
                                          0x01964c5f
                                          0x01964c5f
                                          0x01964c62
                                          0x00000000
                                          0x00000000
                                          0x01964c57
                                          0x01964c59
                                          0x01964c5b
                                          0x01964caa
                                          0x01964c66
                                          0x01964c68
                                          0x01964c70
                                          0x01964c75
                                          0x00000000
                                          0x01964c75
                                          0x01964c5d
                                          0x01964c5d
                                          0x01964c64
                                          0x00000000
                                          0x01964c64
                                          0x01964c17
                                          0x01964b75
                                          0x01964bc4
                                          0x01964bc8
                                          0x00000000
                                          0x00000000
                                          0x01964bd9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01964b77
                                          0x01964b7a
                                          0x01964b8c
                                          0x01964b7c
                                          0x01964b7e
                                          0x01964b83
                                          0x01964b86
                                          0x01964b86
                                          0x01964b90
                                          0x01964b93
                                          0x00000000
                                          0x00000000
                                          0x01964b95
                                          0x01964bab
                                          0x01964bb0
                                          0x00000000
                                          0x00000000
                                          0x01964bb2
                                          0x01964bb9
                                          0x00000000
                                          0x00000000
                                          0x01964bbb
                                          0x01964bbe
                                          0x01964bc1
                                          0x01964bc1
                                          0x00000000
                                          0x01964bc1
                                          0x01964b97
                                          0x01964ba4
                                          0x00000000
                                          0x00000000
                                          0x01964ba6
                                          0x00000000
                                          0x01964ba6
                                          0x01964ea9
                                          0x01964ea9
                                          0x01964eb2
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                          • API String ID: 0-3591852110
                                          • Opcode ID: 90db6c36ea8574d93dd2520fa71bc92dda1734382a10408bf32a65c214e8ce66
                                          • Instruction ID: 3a9e551f9c9aa464cb7c3ede09d52689d14c70909426bdceaee7bbf6f31c6c0d
                                          • Opcode Fuzzy Hash: 90db6c36ea8574d93dd2520fa71bc92dda1734382a10408bf32a65c214e8ce66
                                          • Instruction Fuzzy Hash: 9212D130600642DFEB25DFA9C494BBABBF9FF44711F148459E58A8B741D738E980CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$MUI$R$T${
                                          • API String ID: 0-2515562510
                                          • Opcode ID: 95a8528b4c979a639530da2f349f2091d2db35ea0d7685a3b5ccd1061711d388
                                          • Instruction ID: 676627e8a918f6de2afe397bb278370134d30e195e6d32be16912da48b89a352
                                          • Opcode Fuzzy Hash: 95a8528b4c979a639530da2f349f2091d2db35ea0d7685a3b5ccd1061711d388
                                          • Instruction Fuzzy Hash: CD922571E0432DCFEB25CF98C880BAEBBB5BF45308F148299D959EB245D7349A81CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-523794902
                                          • Opcode ID: 637f3abc7ad9a48fc86a5ff428ca963fdc9cdb69db18bf224c793f777b1b056f
                                          • Instruction ID: 68067900ad060fcf4522be20a549a28f74e48269e7a28aaf414f5497fd593c27
                                          • Opcode Fuzzy Hash: 637f3abc7ad9a48fc86a5ff428ca963fdc9cdb69db18bf224c793f777b1b056f
                                          • Instruction Fuzzy Hash: 7A42EE306087899FD719DF38C484A2ABBE5FF88B04F14496DE58ACB351E734DA81CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                          • API String ID: 0-1745908468
                                          • Opcode ID: 7a12bdb242d7528f0f72af0263ce7e29ce574bbb8072dae1b917f0ccee52e919
                                          • Instruction ID: 7fb27c877baed57180af8f05f698d2daa9e7fa96055869419ed5c16c7e05a75a
                                          • Opcode Fuzzy Hash: 7a12bdb242d7528f0f72af0263ce7e29ce574bbb8072dae1b917f0ccee52e919
                                          • Instruction Fuzzy Hash: C19122305106419FDB26DFACC450AADBBFAFF58710F18802DE54E9B392C736AA41CB21
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                          • API String ID: 0-188067316
                                          • Opcode ID: e031a73b0e85896d350bfc6a6a4dd4629c79c862247c825ce0c51727873505f1
                                          • Instruction ID: 812f1f3467ccf39a8376c60a6abdfdc7becf1e790d8a82abfe46545d4d7c800b
                                          • Opcode Fuzzy Hash: e031a73b0e85896d350bfc6a6a4dd4629c79c862247c825ce0c51727873505f1
                                          • Instruction Fuzzy Hash: D0014C321046419FF226A76DE48EF5277A8DB00F71F2E403DF00DC7781EAE8A980C215
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • HEAP: , xrefs: 019122E6, 019123F6
                                          • HEAP[%wZ]: , xrefs: 019122D7, 019123E7
                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 019122F3
                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01912403
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                          • API String ID: 0-1657114761
                                          • Opcode ID: 1a027c35e13166a7b80c9017c264478a18cab1647076243a878d2d10c544aad7
                                          • Instruction ID: a56256f02676db57c39b71b47713654899750b221b90f548eda03f12820ddb94
                                          • Opcode Fuzzy Hash: 1a027c35e13166a7b80c9017c264478a18cab1647076243a878d2d10c544aad7
                                          • Instruction Fuzzy Hash: 3BD1AB34A0060A8FDB19CF6CC490BAABBF1EF48B04F14856DD95ADB346E334EA45CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                          • API String ID: 2994545307-2586055223
                                          • Opcode ID: 7a530ec3f27f2810ed1ec9343070626a5d5c6edd025e249d21066050bb516706
                                          • Instruction ID: 01d0a7a8a69c586f0c63e458b8ebbf9fce0f24015972dfa7416e92e58db8aa2e
                                          • Opcode Fuzzy Hash: 7a530ec3f27f2810ed1ec9343070626a5d5c6edd025e249d21066050bb516706
                                          • Instruction Fuzzy Hash: C7512672205699AFE312EB6CC844F2777E9FF80B54F080568F659CB291E734DA40CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                          • API String ID: 2994545307-336120773
                                          • Opcode ID: 22f0e0b137cc718eb50c0f6589f758b634f43194993444038cc787c79654622c
                                          • Instruction ID: 413b92df0b017f855944a174f603c117cf825864c53dadbbc8fb86441e05ffe3
                                          • Opcode Fuzzy Hash: 22f0e0b137cc718eb50c0f6589f758b634f43194993444038cc787c79654622c
                                          • Instruction Fuzzy Hash: 35312131200501FFE721DBDDC889F6AB7EDEF00B21F244569F609CB241EA70AA40CB69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                          • API String ID: 0-4256168463
                                          • Opcode ID: 9223b0f6a6e55e038b3400dd7f772fa138621bdcc35289554e717e4cf2a8b03b
                                          • Instruction ID: 7cbfb91e5b2ab31aab3d0305c065a8e1107b15268637e6c3326f75a2b1b53d3d
                                          • Opcode Fuzzy Hash: 9223b0f6a6e55e038b3400dd7f772fa138621bdcc35289554e717e4cf2a8b03b
                                          • Instruction Fuzzy Hash: 450149321106009FDB21EBAD8484F9677ECFF41B20F148455E40EDB341DA74EB40C671
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                          • API String ID: 0-3178619729
                                          • Opcode ID: 97b191e59089f84e20f5c83a7d08a969c42546d52b2f3bc19568b628091efb3c
                                          • Instruction ID: 1d18ba62c6c7f109556ad70b40ca6ceb8203a0923c618b22f61bafd34e1343c0
                                          • Opcode Fuzzy Hash: 97b191e59089f84e20f5c83a7d08a969c42546d52b2f3bc19568b628091efb3c
                                          • Instruction Fuzzy Hash: 25220470A0064AAFEB15DF2CC484B7ABBB9EF44704F1485ADE94ACB346E735D980CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: FilterFullPath$UseFilter$\??\
                                          • API String ID: 0-2779062949
                                          • Opcode ID: 7ee62275c515fff993eab0c7a515e2c1f2dee497833676f0f0371d6b8e53ab68
                                          • Instruction ID: 6b2934360c4cd9d0921b60d7e3b73f1b668148e2233b3d39f8b27aafe0dd6b11
                                          • Opcode Fuzzy Hash: 7ee62275c515fff993eab0c7a515e2c1f2dee497833676f0f0371d6b8e53ab68
                                          • Instruction Fuzzy Hash: E6A149719116299FDB32DB68CC88BAAB7B8EB45705F1001EAEA0CE7250D7359F84CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • HEAP: , xrefs: 0195255C
                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0195256F
                                          • HEAP[%wZ]: , xrefs: 0195254F
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                          • API String ID: 0-3815128232
                                          • Opcode ID: c9cb6e9818f81cb8426d938acb480562b390f513a5371478ef09dc801befcc90
                                          • Instruction ID: 298392e03407132921022607341b1632fe87c5b711cc5eca15f9ddb5f7904a5c
                                          • Opcode Fuzzy Hash: c9cb6e9818f81cb8426d938acb480562b390f513a5371478ef09dc801befcc90
                                          • Instruction Fuzzy Hash: E451E135204250CAE3B4CF2EC884B727FF5EB48B46F544C59EDCA9B285D229E847DB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 019142BA
                                          • HEAP: , xrefs: 019142AF
                                          • HEAP[%wZ]: , xrefs: 019142A2
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                          • API String ID: 0-1596344177
                                          • Opcode ID: 19dd83f24e4f0f2f6891d2ca7d6f60ea492e60b4cc724c633971ce126ca6b77f
                                          • Instruction ID: b869884817060d5f1bc41c40edd919087e11f7ae3c5e1609a635f17fb30c4ecf
                                          • Opcode Fuzzy Hash: 19dd83f24e4f0f2f6891d2ca7d6f60ea492e60b4cc724c633971ce126ca6b77f
                                          • Instruction Fuzzy Hash: DB51DE31A10519DFDB18DF58C484A69BBB5FF88714F1581A8E809EB342D730EA82CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-2558761708
                                          • Opcode ID: af50f45457ca0b2a3025e5fe12a66b24631d6793d4195fb2b5bce430ab324284
                                          • Instruction ID: bdc991316ed57102159d9fc3e2a6b4757f5c57207825783ce10d80fe43b3264a
                                          • Opcode Fuzzy Hash: af50f45457ca0b2a3025e5fe12a66b24631d6793d4195fb2b5bce430ab324284
                                          • Instruction Fuzzy Hash: 5D1126313049068FE729EB1DC482B76B7A5EF40FA0F28816DE00ACB341E634DA84C742
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • LdrResFallbackLangList Exit, xrefs: 018B9A04
                                          • LdrResFallbackLangList Enter, xrefs: 018B99F2
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                          • API String ID: 0-1720564570
                                          • Opcode ID: 222835b1ee37e8d25648a23a470ea640d4def53ce6ce6f4d4e900a4ee8c02544
                                          • Instruction ID: a985019b6e030e2d26acfec61c92b8bf18fcb4b66f7a3191f172d554e6ecdf26
                                          • Opcode Fuzzy Hash: 222835b1ee37e8d25648a23a470ea640d4def53ce6ce6f4d4e900a4ee8c02544
                                          • Instruction Fuzzy Hash: D5B1A0B1A0838ACFD715CF18C480BAAB7E5BF85748F044969FA89D7391D734DA44C792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: 05a0ef49e351ec00b14749104c456ab793b287ac930d649e7772d83533a56e01
                                          • Instruction ID: 8e7f72b2eded0d828e376028fa80cd307655aa00d25bf05f63fba69a90a2ae1b
                                          • Opcode Fuzzy Hash: 05a0ef49e351ec00b14749104c456ab793b287ac930d649e7772d83533a56e01
                                          • Instruction Fuzzy Hash: 10516C71A00619DFEB25DFA8C980AEDBBF8FF48700F15442DE649EB295D6719A40CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 018B61CE
                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 018B61DD
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                          • API String ID: 0-2876891731
                                          • Opcode ID: ea26017a88972f720a2e829c4f5c4139fc638c932fa36100a02e213b3647545b
                                          • Instruction ID: 351c694337453c8004ebf0c3bb232dba32b14e5ff9cdf13d831fa81b376a99cb
                                          • Opcode Fuzzy Hash: ea26017a88972f720a2e829c4f5c4139fc638c932fa36100a02e213b3647545b
                                          • Instruction Fuzzy Hash: 0F41D271A00245DFEB12DFA9C884BAA7BB5FF85704F244069EA08DB391F635DA00CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 2f33b3e8ffbb85580ab14b1b4c1202ce3f3b6f8648e44e75061f756f4d09c3e7
                                          • Instruction ID: 4cbba16a09d0756d3accb09bc3220aad25af70e1fface6d01ae53b03af5500c6
                                          • Opcode Fuzzy Hash: 2f33b3e8ffbb85580ab14b1b4c1202ce3f3b6f8648e44e75061f756f4d09c3e7
                                          • Instruction Fuzzy Hash: AA32F6746046529BE729CF2DC090F72BBE5BF45306F08899AD9CE8F286D339E455CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018CB9A5
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID:
                                          • API String ID: 885266447-0
                                          • Opcode ID: 5ba3661f4686acaf8ebfa6062929cdefa43c4a19f5794a39bfbd82aa2404724b
                                          • Instruction ID: 434344718e66b44bbfcc8563a752f95730815ae3528936d1e646ddb21e9776eb
                                          • Opcode Fuzzy Hash: 5ba3661f4686acaf8ebfa6062929cdefa43c4a19f5794a39bfbd82aa2404724b
                                          • Instruction Fuzzy Hash: DB516871A09B45CFC720CF6CC08192ABBE5FB88B84F14896EE685C7345D731EA44CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: PATH
                                          • API String ID: 0-1036084923
                                          • Opcode ID: 5759f8eaa8fea9ed9140f5377a56f2b00a6e29723e5d1767c6a90dda59b555c1
                                          • Instruction ID: 1c3577e5f2eeb7786574d5b17c86dfec1f13e57d5937a92282c527cb21a0c47a
                                          • Opcode Fuzzy Hash: 5759f8eaa8fea9ed9140f5377a56f2b00a6e29723e5d1767c6a90dda59b555c1
                                          • Instruction Fuzzy Hash: A5C1AF71E00319EBDB25DF9DD880BAEBBB6FF89750F054029E505EB250D734AA41CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0191BE0F
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                          • API String ID: 0-865735534
                                          • Opcode ID: 650ae4f6ab9e0b0fa25a26d788f46fffa9bc2079f21b638ce8b9afcbb052f096
                                          • Instruction ID: 33a57fa41b9312798ed2404911e4300a2e5c892a325db18af45379dcd371634e
                                          • Opcode Fuzzy Hash: 650ae4f6ab9e0b0fa25a26d788f46fffa9bc2079f21b638ce8b9afcbb052f096
                                          • Instruction Fuzzy Hash: A2A12671B0071A8BEB25DB6CC4507BAB7B5AF48724F04456DEA0BCB784DB34DA42DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Re-Waiting
                                          • API String ID: 0-316354757
                                          • Opcode ID: 402ae1e9da5fae93d855aecb895cf5e50faeef620606c181558312deca8a9782
                                          • Instruction ID: 25fd3906a587b1823d0c74259b7f114236b37f7607742814b8be935583854350
                                          • Opcode Fuzzy Hash: 402ae1e9da5fae93d855aecb895cf5e50faeef620606c181558312deca8a9782
                                          • Instruction Fuzzy Hash: EF612472A00649AFEB32DB6CC840B7EBBA2EB44718F140269E715D72C2D7749F408791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction ID: 97962ef79a19b39e78efe72465430549c81374c2e8f65c583495ac8cfd021135
                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction Fuzzy Hash: 4A516B725047159BC321DF29C840A67BBF9FF48714F00892DFA96C7650E7B4EA44CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction ID: b93954e813bfdc756735f74314c43ef90a2179d257d82af01890ce23f4cd2bd1
                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction Fuzzy Hash: 1231D3726043466BE710DE28CD45F977BD9BFC5754F184229FA58EB280D670E904CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 018D40E8
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                          • API String ID: 0-996340685
                                          • Opcode ID: 58f8f08856768e1d6986f47127278c8525253e1b376ae3810919fbf72d230b79
                                          • Instruction ID: 67aeadbdb196424bf1486855154a94229829bb06fb74e45a3c32f98023a054f9
                                          • Opcode Fuzzy Hash: 58f8f08856768e1d6986f47127278c8525253e1b376ae3810919fbf72d230b79
                                          • Instruction Fuzzy Hash: C1418675A0074A9BDB25DFB8C4416EBF7F8EF55310F00452ED6AAC3640D334A645CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryName
                                          • API String ID: 0-215506332
                                          • Opcode ID: ac9bab2513535907d6aadf8774e53c19a98c5b335d89d2787024b423633219b2
                                          • Instruction ID: 4abd9df0a91ce6c9350be8ed71dda0632954bdf372e62cd62c326cffce3db3d2
                                          • Opcode Fuzzy Hash: ac9bab2513535907d6aadf8774e53c19a98c5b335d89d2787024b423633219b2
                                          • Instruction Fuzzy Hash: 2F310576E0052AEFEB15DA5CC945E6BBBB8FB49B20F014129E908A7254D7349F04CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 9a76c1cd6a93578df048ddff5cdad1ef8292a1098159e72e594adb8a2767e6fb
                                          • Instruction ID: 8d7bf976c89ad0b7381b1c7383687f68b23535c8cd2e5dfd381ce334aa6ac449
                                          • Opcode Fuzzy Hash: 9a76c1cd6a93578df048ddff5cdad1ef8292a1098159e72e594adb8a2767e6fb
                                          • Instruction Fuzzy Hash: 4231B3B15083059FC315DF6CC98095BBBE8EB85754F000A2EF994C3291EA34DE04CB93
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: WindowsExcludedProcs
                                          • API String ID: 0-3583428290
                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction ID: e477fe43cb87f0c6b728a76cd71a540f583aa433a9d9006ca8301ec3bb070695
                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction Fuzzy Hash: 7F21F836501119AFDB22DA9D98A8F9F7BBDAF41B61F054425FA04CF300D630DE0097E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • Critical error detected %lx, xrefs: 01958E21
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: Critical error detected %lx
                                          • API String ID: 0-802127002
                                          • Opcode ID: c07d7a39b88db51829250b45c4ffd67a4b0dcd273096e065800421d057b73502
                                          • Instruction ID: 30963a91780d9429d028423d897fa389f0874c6091087773d2abe653c20336be
                                          • Opcode Fuzzy Hash: c07d7a39b88db51829250b45c4ffd67a4b0dcd273096e065800421d057b73502
                                          • Instruction Fuzzy Hash: BD118771D00348DADF25EFA98905BACBBB4BB04311F24421EEA2DBB292C3341606DF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27b918d33a37a5310e4ec356e9ac3c4884eb6ae08c887e7a20c2b1e876bba6a1
                                          • Instruction ID: 0d41015e0a0019ed04841b493bbb51a54364cb627ef3ab3220446edb17353a0a
                                          • Opcode Fuzzy Hash: 27b918d33a37a5310e4ec356e9ac3c4884eb6ae08c887e7a20c2b1e876bba6a1
                                          • Instruction Fuzzy Hash: A0427D71D00629CFEB64CF68C880BA9BBB5FF45305F1585AAD94DEB242E7309A85CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3f22b61df0ce006a2a1d89c7e6c3ed06686bd39153643072f68047e581f32de
                                          • Instruction ID: 30eaaf86b54403063be864103b541fad51ef66c97c81214c9e8a13ccac5a36a8
                                          • Opcode Fuzzy Hash: a3f22b61df0ce006a2a1d89c7e6c3ed06686bd39153643072f68047e581f32de
                                          • Instruction Fuzzy Hash: 22F18F706083118FD725CF19C490A7ABBE5FF98B14F14492EF98ACB291E734DA85CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e053218ec98820cbd2a241aafcc6658e0201b6682e358501940f62aea7a4f447
                                          • Instruction ID: c53144a92e53dff3ead4ec7f4bd37c9bc8dccd0aa15956feafd56d8449c2da88
                                          • Opcode Fuzzy Hash: e053218ec98820cbd2a241aafcc6658e0201b6682e358501940f62aea7a4f447
                                          • Instruction Fuzzy Hash: 50F1F4316083459FEB26CF2CC44076ABBE7AFC6324F06851DE999CB295D734D981CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ca22226b591a3ce39dde3f89a1f4d5e04246ccf6f7bf749f4ea50a1b947944b
                                          • Instruction ID: 0751b3449560a639efd16bcf279566feb009e42ac191f4f59786993fb226c497
                                          • Opcode Fuzzy Hash: 3ca22226b591a3ce39dde3f89a1f4d5e04246ccf6f7bf749f4ea50a1b947944b
                                          • Instruction Fuzzy Hash: 38D1D271A0060A9FEB19DF68C890ABA77B4FF04314F58412DE95AD7284F734EA45CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba9dca327a374b3594e4fdac1aa2b5a04e59e4c6111906712e914930c7d33c4a
                                          • Instruction ID: 861f18749e7bbb04429b40797da053d3107de1e474fa93647fcc72bdef29345a
                                          • Opcode Fuzzy Hash: ba9dca327a374b3594e4fdac1aa2b5a04e59e4c6111906712e914930c7d33c4a
                                          • Instruction Fuzzy Hash: 2EE19475A0020ACFDB18CF59C480AADB7F5FF48310F698169E955EB395D734EA81CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b771c19292cf78e86725a31db8fb339d20ff639868460975452ee55faa006f0
                                          • Instruction ID: 39a9863e2caa5580af42e9c3b20753ba5ca9e1b09467c209aa7bda62f7ea1dff
                                          • Opcode Fuzzy Hash: 1b771c19292cf78e86725a31db8fb339d20ff639868460975452ee55faa006f0
                                          • Instruction Fuzzy Hash: 45E1D134A0535A9FEB35CB5CC880BE9B7B6BF45708F0402A9D90ED7391D734AA81CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8b9aaf11300952131b3767fc8d9e57aaec1527ea7ac1ba0b4943c9ed810c922
                                          • Instruction ID: 0184399725199d2c8433cadfb22c50b249daa7bef20caf3ff174bdd69625a398
                                          • Opcode Fuzzy Hash: b8b9aaf11300952131b3767fc8d9e57aaec1527ea7ac1ba0b4943c9ed810c922
                                          • Instruction Fuzzy Hash: F6E10171E00608DFEB26CFA9C984A9DFBF5BF48304F64452AE946E7661D730AA41CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                          • Instruction ID: 8df66d562c3f24f5b68b0dbb4314830b46d6979ba637fbb6c36208acb962d862
                                          • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                          • Instruction Fuzzy Hash: B5B10531B00A0A9FDB15DBA9C881B7EBBFAAF84744F24416DE646D7385D730DA40CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4fc7523d4d56ab012e62ced93c2168887fe15dd614f51d6c0d5ea75010623728
                                          • Instruction ID: 4337adc088010c22c6462f2f8c84e7cedde0b7e1e2aea24b82459771fa9a88a1
                                          • Opcode Fuzzy Hash: 4fc7523d4d56ab012e62ced93c2168887fe15dd614f51d6c0d5ea75010623728
                                          • Instruction Fuzzy Hash: 19C122755083818FD355CF28C580A5AFBF1BF88304F184A6EF9998B352D771E985CB42
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 005d291332a65bc26dce26c3893f548ba6494e97b5dc85c9087dece526c06011
                                          • Instruction ID: 53b0f9df302f9f3c3e8ceca4d50aedb494ad2da3f6b5cf1637a1b3aced9cef90
                                          • Opcode Fuzzy Hash: 005d291332a65bc26dce26c3893f548ba6494e97b5dc85c9087dece526c06011
                                          • Instruction Fuzzy Hash: ED913831E043199FEF319BACC844FAD7BA5AB05728F050265FA15EB2D5D774AE80C781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e70099eb72fdd518538c449a185fd2724ebd627e588bbe6aeff29cea2a7fd444
                                          • Instruction ID: 9f54bfff07467177f178a15c5488554d1d22b8d09f96defc20d8f951af4f375f
                                          • Opcode Fuzzy Hash: e70099eb72fdd518538c449a185fd2724ebd627e588bbe6aeff29cea2a7fd444
                                          • Instruction Fuzzy Hash: 94A19C70A04309CFDB25DFACC880BA9BBB5BF48348F144659D925DB2D6D770DA82CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23099001d1070ad368c9679ef5f25a959dde609d4a9128e39a2b8318746eeb47
                                          • Instruction ID: 52a25f793c65a64b98e70b40cab6847aadf30a980220290ac10fb220767f010e
                                          • Opcode Fuzzy Hash: 23099001d1070ad368c9679ef5f25a959dde609d4a9128e39a2b8318746eeb47
                                          • Instruction Fuzzy Hash: 9381C4B1A0011D9FEB25CA2CCD40BEA77B8AB44315F4445B9AA09E32C1E774DEC28B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                          • Instruction ID: c8e6ed0d0d9d91b766d6541a130d0228b7e3649d2a8ccbfa8d9066b3441d567c
                                          • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                          • Instruction Fuzzy Hash: 9481AD716003499FDB25CF68C484AAABBF6FF49300F118569E55AC7751D330EA81CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a541349d9041e67630fdf9bbc6c3097de902c6bfb9539d19088c48750ea6582c
                                          • Instruction ID: e00bccbb6011297f76bc4505bdabb6b72d64a7314939149524b98f078ebadbde
                                          • Opcode Fuzzy Hash: a541349d9041e67630fdf9bbc6c3097de902c6bfb9539d19088c48750ea6582c
                                          • Instruction Fuzzy Hash: 40711432200B06AFE732CF19C844F66BBF9EF80725F154928E65AC76A0DB70E941CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction ID: 3d5d605d934e988ec14e0d44cb8a36c662c0b9debbad3de72debdbbab32ec949
                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction Fuzzy Hash: 74716071A00219EFDB14DFA9C984EDEBBB9FF58710F104069E509E7254DB34EA45CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f377cb06f04cf2788f560d04a66e1cc0039f09844a517777f8eaf0dc905bd02b
                                          • Instruction ID: 59e7b49fe2174ab93d2995f9686b9b0c6a1c21d80272f58b40d6d78190a097a7
                                          • Opcode Fuzzy Hash: f377cb06f04cf2788f560d04a66e1cc0039f09844a517777f8eaf0dc905bd02b
                                          • Instruction Fuzzy Hash: E9610436A051158FCB16CF5CC8C06AEBBB1EF85710F1480A9EA5ADB385DB38DA46C7D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 457e963a0862c72792ce4b7796a45c3a81714269b2e4ad721c8be95370af2d95
                                          • Instruction ID: 8b9e497c4485615faebdbf21305b2b4ac6c80ebfeb2c83f4432539d0d43835ed
                                          • Opcode Fuzzy Hash: 457e963a0862c72792ce4b7796a45c3a81714269b2e4ad721c8be95370af2d95
                                          • Instruction Fuzzy Hash: C6519C71A00B069FEB21DF9DC894B6AB7B9BF41709F40482DE506C7A51CB74FA44CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 510c4a8d888263ee1d371b6d70ef2a3cb01e43d5b37db7ae31f6be532053c396
                                          • Instruction ID: 51d8bb4768816bdede124ca813f349ca70cae26af357c973d237da07f6298792
                                          • Opcode Fuzzy Hash: 510c4a8d888263ee1d371b6d70ef2a3cb01e43d5b37db7ae31f6be532053c396
                                          • Instruction Fuzzy Hash: C951B371D002598FEB32CF688845BAEBBB5BF05710F1045ADDA6DEB282D7704A45CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66e8aaea9f4e13be07bfb6c34ec2d7187e77b6aebcff02fd78e40fe280448a2a
                                          • Instruction ID: 524d699c12a98d72f6c98abbe23fd1e67c50da6eade794d16bf4027002a1ffae
                                          • Opcode Fuzzy Hash: 66e8aaea9f4e13be07bfb6c34ec2d7187e77b6aebcff02fd78e40fe280448a2a
                                          • Instruction Fuzzy Hash: 7151FC70E0030AEFDB15DF68D858BBEBBB4BF14319F004169E41AD72A0EB749A50CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 20da52e12f390fd10e5a81048bb10dd350fd3fb966c21daf0f78b75bfcb137a6
                                          • Instruction ID: d509fc9ea64a526cb4facd0611a8a08d86313a7378e2620cc78fa983ef8d1f1f
                                          • Opcode Fuzzy Hash: 20da52e12f390fd10e5a81048bb10dd350fd3fb966c21daf0f78b75bfcb137a6
                                          • Instruction Fuzzy Hash: 2751E5317047428BE315DF28C554BAABBECBF90715F18086DE94ACB691FB34D805CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be84b7b117aeb9176bad1db0875e8c7490489da9aea1d08ee748b6dc24f0ecde
                                          • Instruction ID: ba4a74a815fddbf67280d7afb27ec258473a80cc72396c8e4fe784a1a138d560
                                          • Opcode Fuzzy Hash: be84b7b117aeb9176bad1db0875e8c7490489da9aea1d08ee748b6dc24f0ecde
                                          • Instruction Fuzzy Hash: D351A970105346AFE7229F68C884B67BBE8FF94714F14091EF59AC7691E770EA40CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba2096c03e8191df574ce52be0cd017959392aa78af653fe53e8c922f5e6fe9c
                                          • Instruction ID: 38bb4af70bd9625f78d98e2d81d6d5e014d1b317abd400e8b92ba9227f74a644
                                          • Opcode Fuzzy Hash: ba2096c03e8191df574ce52be0cd017959392aa78af653fe53e8c922f5e6fe9c
                                          • Instruction Fuzzy Hash: 19519076A00229CFCB18CF1CC8909BDB7F2FB8870471A845AE856DB355D770AB91DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb103fc1bcddcc049ac036c5de56c40f110905d0d07023ddc26d872e990b4d97
                                          • Instruction ID: 1e849fb99cb80d3393212e5d5a579791be317b88aa10533313c24208fc032aac
                                          • Opcode Fuzzy Hash: bb103fc1bcddcc049ac036c5de56c40f110905d0d07023ddc26d872e990b4d97
                                          • Instruction Fuzzy Hash: A4517C71A0160ADBCB14DFACC4806AEBBF5BB48710F24826DD659E7344EB30EA44CBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e562dcee6e0e6b55f344268df948672fa77d08f91fa466097002fde6d2f21680
                                          • Instruction ID: f41cfa859cbc4295132142ba77845a5d3da7982b50aea7b4e2d49231c9e69f29
                                          • Opcode Fuzzy Hash: e562dcee6e0e6b55f344268df948672fa77d08f91fa466097002fde6d2f21680
                                          • Instruction Fuzzy Hash: CC516971A0020AEFDF25DF99C880ADEBBB6FF58314F118115E915AB220D7319E92CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f7efc1fe5c9413282b6e8b522f5550e896cd1798a9f7388454df826d8d75df50
                                          • Instruction ID: 4c047f7d654ba0b8bbf0ad9b314b7c399d19320bfcc6d0d743f83c55b20150c4
                                          • Opcode Fuzzy Hash: f7efc1fe5c9413282b6e8b522f5550e896cd1798a9f7388454df826d8d75df50
                                          • Instruction Fuzzy Hash: 0541D3366087129FD321EF28C880B6ABBA4AF54750F14092DF999D7291D770EE81C7D6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e6f39c08a604ea28e0f06ca96ee9fb52b4f351cc8e527058e9cc1d756db6588
                                          • Instruction ID: b72c98c879e4d3e20d2d088136cf78324c87f7f9a18839a60681e38319b7cb74
                                          • Opcode Fuzzy Hash: 3e6f39c08a604ea28e0f06ca96ee9fb52b4f351cc8e527058e9cc1d756db6588
                                          • Instruction Fuzzy Hash: 6D416E35A0022D9BDB21DF68C944BEA77B8AF45710F0104A9E908EB645EB74DF84CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fffc97c0201d401cf09a1480ae1a21276cf219834ab3624fbef733f0439e0546
                                          • Instruction ID: 75fa50d4c5fe0cd8f513ebd3f70a3f527f88ce679ba893a4abda3ac569e7e790
                                          • Opcode Fuzzy Hash: fffc97c0201d401cf09a1480ae1a21276cf219834ab3624fbef733f0439e0546
                                          • Instruction Fuzzy Hash: B441BC71A0021AAFFF219FACC840BEEB7B6BF58B14F24011DE644E7251DB74DA448B52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                          • Instruction ID: 33db7136518d7f282ec643075f09f9e732876745269ae1d3e1774fc73709ca05
                                          • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                          • Instruction Fuzzy Hash: 0B41AF36A00105FBDB25DF6CCC54BAF7B7AEF84B11F198068EA0A9B250D675DE01C7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                          • Instruction ID: 043b1f83e98fd52d186d63fc8833005bb9cbf29a041edb3b954689c419811fc2
                                          • Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                          • Instruction Fuzzy Hash: F2414D71A00609EFEB24CF99C984AAABBF8FF08714F50456DE556D7690E330EB45CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee07d4a5f1d059c92e26c3e6e865ade835cb00b05934261f819d03982f4db3df
                                          • Instruction ID: b4f2d8802a4f1f5af6ec05aedf92d4165f6ae5fd09345aec82b8c7fd02b9a59b
                                          • Opcode Fuzzy Hash: ee07d4a5f1d059c92e26c3e6e865ade835cb00b05934261f819d03982f4db3df
                                          • Instruction Fuzzy Hash: BD41AA31948609CFDF66DF6CC8807EA7BB9BF15358F140119E425AB392D3309A90CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                          • Instruction ID: ec3942e6d6ea90ea2b630c4cd0cb87e99fb8c349a70154a85187e60b46f795b0
                                          • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                          • Instruction Fuzzy Hash: 3F31C032F002496BEB158A7ACC45BAFFBAFEF84651F058469E909B7291DA74DD00C660
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60ceef6cfdd6e1485bf95ce05834a43aeeae38d8aed449b3b29e6fe7f7f2241d
                                          • Instruction ID: 9ef6435f5da4ca7a42e180d676c44f3efe7b5399640f6ef629e4cc0f32e39939
                                          • Opcode Fuzzy Hash: 60ceef6cfdd6e1485bf95ce05834a43aeeae38d8aed449b3b29e6fe7f7f2241d
                                          • Instruction Fuzzy Hash: 7E415CB4A0022D9BDB24DF29C8C8AEAB7B8EB55300F1041E9D919D7352E7709F84CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                          • Instruction ID: a9f1d24c4f4672aaa983de40b8d6b8e013be26c05f64f6cb8f0be82a57ff6234
                                          • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                          • Instruction Fuzzy Hash: CD31D2323006416FD3229B6CDC64F6ABFAEEBC5B91F184458E54A8B342DA74EC41C770
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                          • Instruction ID: 53741d3b500c85bbed5a3fbc24fae00397466f54ebf96e8184c3af36b7209317
                                          • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                          • Instruction Fuzzy Hash: 2131B2766047069BC719DF28C880A6BB7AEFFC0710F04492DF55A87785EE34E909CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c8ae3a78aabfddffeb93a633507555afd972f59a9b070784b0a74791f4a85d2
                                          • Instruction ID: 9a7defb05f2717e62f4f49e8015ee93b7f9b31105c82510ab025b22a144d8ffe
                                          • Opcode Fuzzy Hash: 9c8ae3a78aabfddffeb93a633507555afd972f59a9b070784b0a74791f4a85d2
                                          • Instruction Fuzzy Hash: AD418DB1D00219AFDB24DFA9D940BFEBBF8EF48714F14812AE919E3244DB709A05CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69c07d9eb2cb9fe67b4ffb0fbf2ac6581fe6294e4ed33d98a37d27c8eb6263aa
                                          • Instruction ID: 9a0835e50692981ef42da4e82b3a40fe0c0fbd1c7d457b4e8df7a24b52a2556b
                                          • Opcode Fuzzy Hash: 69c07d9eb2cb9fe67b4ffb0fbf2ac6581fe6294e4ed33d98a37d27c8eb6263aa
                                          • Instruction Fuzzy Hash: C0315931651B05EFD7279B1CC880F6A7BA9FF207A1F144A19F41D8B1D0DB70EA40CAA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction ID: a0b256233c188ebbb22ea2075d6bba60bdef7b6ab7ced5f36fc0f0a016bce2c8
                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction Fuzzy Hash: F931F272A0198BAAD705EBB8C880BE9FB59BF52704F14415ED51CC7301DB34AB59CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de5e8a34ace43c703e2e0d687259f5d11248e96caacfee846bb05c8f50dbfbfe
                                          • Instruction ID: cb5bae21e4a9eed6dcad05abc15038aa6591c260863a1dc1f7cc1f3218613497
                                          • Opcode Fuzzy Hash: de5e8a34ace43c703e2e0d687259f5d11248e96caacfee846bb05c8f50dbfbfe
                                          • Instruction Fuzzy Hash: 6031E6726087519BC324DF6CC840A6AB7E9BFD8700F044A2DF99997695E730E904CBA6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0284c59105a26dbdc886ac96e816dfb25a5d1ef2f60f23ae07a3012578208195
                                          • Instruction ID: a04dd3319c18fb6ac519cf1b32f88fc6f32cb87004ada04bfdbd5f3b6006ca02
                                          • Opcode Fuzzy Hash: 0284c59105a26dbdc886ac96e816dfb25a5d1ef2f60f23ae07a3012578208195
                                          • Instruction Fuzzy Hash: A741FF70A0474A8FDB229BBC84407EEBBF2AF11304F14052EC09AE7341DB305A85C7AA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2536564333b03987d54dabdf1ebcbd6a9329fb4f6d8f213a2549498da62c6dd7
                                          • Instruction ID: 03ae908b9d694baceee990111740acb953559ef1ddaf59659aa06d159ff13a36
                                          • Opcode Fuzzy Hash: 2536564333b03987d54dabdf1ebcbd6a9329fb4f6d8f213a2549498da62c6dd7
                                          • Instruction Fuzzy Hash: AA318132E01219AFEB21DFADC840AAEBBF8FB49750F154529EA55E7250D6709F00CBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7554b6bb7f0df8704b0a2b9a3d91bda985061e0e289fbb1b656d8c8023f5a59d
                                          • Instruction ID: 150314d9ec9a38dc4a41b8dc19d5b62603259714445f11e8ffac69744221ec8e
                                          • Opcode Fuzzy Hash: 7554b6bb7f0df8704b0a2b9a3d91bda985061e0e289fbb1b656d8c8023f5a59d
                                          • Instruction Fuzzy Hash: 7E31F431A40616EBDB269B9DC850B6FBBFDEF45750F110069E509EB341DA71DE008BA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 583168bc37dde1d3625fd6d3dc96cf79c2a713b90dcdfdd61bc3cecbb1b08741
                                          • Instruction ID: 0076a7f4d2b6ad5397fcf61f7a63748b007b8036aeac8b1d03dcca3aee9decfc
                                          • Opcode Fuzzy Hash: 583168bc37dde1d3625fd6d3dc96cf79c2a713b90dcdfdd61bc3cecbb1b08741
                                          • Instruction Fuzzy Hash: CA31AE726057068FE724DF5DC800B2ABBE4FB88B40F14496DE998D7355E770D944CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5226c4774bd8237fa02255508ce471d987764cf1f61f86122cdd6e64648144a6
                                          • Instruction ID: b4e5fd6feab4809d8c80a3ac41df40e9db7a3bfb977057d8fb31d9ca925a344b
                                          • Opcode Fuzzy Hash: 5226c4774bd8237fa02255508ce471d987764cf1f61f86122cdd6e64648144a6
                                          • Instruction Fuzzy Hash: ED31B471A0021AABDF15AF69CD81ABFB7F9EF04700B414069FA05D7294E774AA11CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ecb9e474e35dba9b3f36c27b35c95874c35e7213aac7ec989688ce78bb16dbb0
                                          • Instruction ID: ec6561bcc2f4b637cd46168b49f7676cf9651b2eb143f231f0ce23ab032aefc6
                                          • Opcode Fuzzy Hash: ecb9e474e35dba9b3f36c27b35c95874c35e7213aac7ec989688ce78bb16dbb0
                                          • Instruction Fuzzy Hash: 393134322056099BCB219F5DC988B2ABBE5FFC6B24F01041DE51ACB245CB70DA00CBC6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18e3f055d352030d3cf81a29b6972c27aed7ffcdb929c07ebd35eb0265c7e555
                                          • Instruction ID: e244a11d85532d3a1d3e1a24d1ef8165de6fd2a05eb71ddcb1b7ff5b8e5430cd
                                          • Opcode Fuzzy Hash: 18e3f055d352030d3cf81a29b6972c27aed7ffcdb929c07ebd35eb0265c7e555
                                          • Instruction Fuzzy Hash: AC31A471E09A45DFEB22DB6CC0487ADBBF5BB89318F58814DC518E7241C339BA80C752
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction ID: 23dd73d98c8631ef6229564895c0e907310ff561f08b8a77e8c5427bf694bc4f
                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction Fuzzy Hash: 8D214C72640219EFE721CF99CC84EAABBBDEF85B94F154059EA05D7210D634AE41CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf91683557e33e38b05cb43ce2c4c1ce3a8f2efa2b183235100ea4d8d2f1d90c
                                          • Instruction ID: 8f0f2bfd79d2b1ffa154f556f441c3f221bd3098800b809ec8650d5e30e106e3
                                          • Opcode Fuzzy Hash: bf91683557e33e38b05cb43ce2c4c1ce3a8f2efa2b183235100ea4d8d2f1d90c
                                          • Instruction Fuzzy Hash: 2131BA35201B04CFDB22CB2CC840B96B3E5FF89B54F14456DE49AC7A90EB31E901CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed34efd0c249d4a90156a72be1a81a6aec91eb57e47512c45740a7ca8fa80a87
                                          • Instruction ID: 7537ef850e357961ba144012e13d8a2d055b6f06569c7e9470dab98e4a2f6928
                                          • Opcode Fuzzy Hash: ed34efd0c249d4a90156a72be1a81a6aec91eb57e47512c45740a7ca8fa80a87
                                          • Instruction Fuzzy Hash: 7121D03AA00615FBEB218F4DD884F5ABBB8FF46711F014065EA28EB214D730ED00CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0aefc8ad3c15567e0b578f16067a4f0b8e5e4d4d785a01d6d1d87970aedc766
                                          • Instruction ID: 0f9a691b97914b381cf1bb80881a7e0c21205f2058becfcff90b9abbeea14c44
                                          • Opcode Fuzzy Hash: b0aefc8ad3c15567e0b578f16067a4f0b8e5e4d4d785a01d6d1d87970aedc766
                                          • Instruction Fuzzy Hash: 58213731104B05CFDF329A2CD824B2777A9EB51368F58071DE05ACA5E1E671BB81CB86
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction ID: 521840f417e58b0d1e5474f4437606c04bfe04839fc6b46286e5b2332f558598
                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction Fuzzy Hash: 8421A171A00709EFDB21DF58C448A5ABBF8EB54714F15846EE949E7200D274EE008B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26520f21372d847f14a640d273d241f052720ffd5f49f0ee59674c165d972cf8
                                          • Instruction ID: a68f745d2f094e6541d42d48116d1a90d85a1e1f7c842c4a0d4a16581759b827
                                          • Opcode Fuzzy Hash: 26520f21372d847f14a640d273d241f052720ffd5f49f0ee59674c165d972cf8
                                          • Instruction Fuzzy Hash: BD218EB2A00209AFD715DF58CD85B9ABBBDFB45708F150068EA08EB251D772EE41DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                          • Instruction ID: 1e0ee84355b9bafb2fb7335780eb9c2cc3593a197fd4ffb95b9fba97fe72e831
                                          • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                          • Instruction Fuzzy Hash: 6831AC71900625DFEB28CF68C480679F7F4FF84315F588669C86A97661E7B4AA41CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ead2524bb58307f1f4e64a0b86979d52e93e239528d78038b56b3e7cfd9270a
                                          • Instruction ID: d77749e0916560a9ef8e21539e552b24d8ba1961e767a9ae184940dfb986bc69
                                          • Opcode Fuzzy Hash: 3ead2524bb58307f1f4e64a0b86979d52e93e239528d78038b56b3e7cfd9270a
                                          • Instruction Fuzzy Hash: 982107726056C19FF73757AC8C44B743B99AB41B74F180764FA25DB7E2DB6CA9008211
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f549db5e4641c5e2fba789d60ae4d99b3280b8ddacd885b8b0b4534d6ef8152f
                                          • Instruction ID: 87c45e740af37a5c6dd0150be61d5259007f4b4cfe7895f72b885bb388776e40
                                          • Opcode Fuzzy Hash: f549db5e4641c5e2fba789d60ae4d99b3280b8ddacd885b8b0b4534d6ef8152f
                                          • Instruction Fuzzy Hash: 2B115170901715AFDB209B2CC440BBABFE9EB25710F58012AF90AD3280EA31DA81CA51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                          • Instruction ID: 47f21d7b85d92b636417f7e11abf21860ed11dfb4183562a2bc07177de1921d9
                                          • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                          • Instruction Fuzzy Hash: 5E11E272600609FFE722CE58CC48FAABBB8EB84754F104029EA05CF540D671EF44CB65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction ID: bcde3cf4db802a311da954be8b6a2f9a6c4b8eb5d15eb7e16951b188864f6f8a
                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction Fuzzy Hash: F6217C72640745DFD731CF0DC540E66B7E5EB94B10F24816EEA5ACB615DB309E02EB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b51dbf38402fc260e6323df0e20818fa0dd6dbcd8826cbed9a965d895b5aee9e
                                          • Instruction ID: 676376ab80122422620d986e95d4c42b5d67461bf5c6deae98d683215ca38229
                                          • Opcode Fuzzy Hash: b51dbf38402fc260e6323df0e20818fa0dd6dbcd8826cbed9a965d895b5aee9e
                                          • Instruction Fuzzy Hash: AB212771600B049FD738CF6DC884B6AB7E9FF44750F10882DE59EC7651DA35AA40CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39a1a17cce7f895b1892522d343dc996318afc72a5efbf9fc75333b0cc77a1a0
                                          • Instruction ID: 9e02d0d0bfe37ce957b8f71c958cd8ac4cfc876864eaad38b82cdb0045e00f01
                                          • Opcode Fuzzy Hash: 39a1a17cce7f895b1892522d343dc996318afc72a5efbf9fc75333b0cc77a1a0
                                          • Instruction Fuzzy Hash: 331103792826598FD3258B2CD0E877573E8FB02B1DF08045AE98AC7751D369DD84C750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7062e928b0d8104e0f0c0572e465f25cdd0d9bcdc81dfdad0c88e67a676a13c3
                                          • Instruction ID: 4e3db642abbef7384bd032172f4675c60ac542f551b06f8e521f779d2accead5
                                          • Opcode Fuzzy Hash: 7062e928b0d8104e0f0c0572e465f25cdd0d9bcdc81dfdad0c88e67a676a13c3
                                          • Instruction Fuzzy Hash: BD1148337122189BCB199A1D8E81A6BB39BEBC6730B25012DDD1ACB380CD319D02C6D5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66c52ae5b032ba7e6ba97cd576ab389fd33909fb49d189dab21389d8b5912bec
                                          • Instruction ID: 7dd4540a7e3506f4d02a0feb75742442192e90629166d8036d80a45616a1c507
                                          • Opcode Fuzzy Hash: 66c52ae5b032ba7e6ba97cd576ab389fd33909fb49d189dab21389d8b5912bec
                                          • Instruction Fuzzy Hash: A8213672441605DFC722EF6CCA04B5AB7B9BF28B08F14456CE109C66A2CA35EA41CB85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                          • Instruction ID: b647e3c386678d2358a5696627d07861fce3d66b2d789e6c0262c680cc15628c
                                          • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                          • Instruction Fuzzy Hash: EA119371A00704EFEB25DB64C844F66B7B9FB85314F14859DE905DB241EB71AA02CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                          • Instruction ID: 895a62ebb0f97c486afd69396d435e17a6cc3e3c5e36b2ec0a995273bc69e1ac
                                          • Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                          • Instruction Fuzzy Hash: D211C836A00919AFDB19CB58C805AADF7B9EF84310F048269EC4997350DA35AE55CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cabb6f81283f0bbaa8299773284a0b724d79bf25241783bc7e24c46546e0bd2b
                                          • Instruction ID: d1e2cb16c02721e445e6c5cc7e86c54bfd5725ca7bd2495edb324a55f62efd37
                                          • Opcode Fuzzy Hash: cabb6f81283f0bbaa8299773284a0b724d79bf25241783bc7e24c46546e0bd2b
                                          • Instruction Fuzzy Hash: 4021AC70500A06CFC726DF6CD500A18BBF1FBE6315B22826EC21DDB6AAEB31D591CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17f2d156ad5710d561263cd04aa1b28ee6909dcb003b6ff592c1c10db745ca11
                                          • Instruction ID: 59036e86c00cea32efeb898e04e3ba840429a44353653f09b57db8ef19225f14
                                          • Opcode Fuzzy Hash: 17f2d156ad5710d561263cd04aa1b28ee6909dcb003b6ff592c1c10db745ca11
                                          • Instruction Fuzzy Hash: AB110835384684AFF32693BDCD84F667B99DF91BA4F140066B949DB3D1D9A4F900C121
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49233d5bd1c8594b5575f91d930bbb715c3d65c277d024907f263330e03372e1
                                          • Instruction ID: 4de6d9bc863524ac0f810bff3673ccd494db5b1288561894ad6e410ba83071c5
                                          • Opcode Fuzzy Hash: 49233d5bd1c8594b5575f91d930bbb715c3d65c277d024907f263330e03372e1
                                          • Instruction Fuzzy Hash: FB11083264430567E734A62EAC80F19B7DAABA1B60F14411EF706DB190C970DA458795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37e14abd077b594c5272072d6b28c13192af6f58eb917100f2b37ced328bee2d
                                          • Instruction ID: cd882eadec49e552b44bdcfb967c4a05470a3961617689e682391be8e6126bf3
                                          • Opcode Fuzzy Hash: 37e14abd077b594c5272072d6b28c13192af6f58eb917100f2b37ced328bee2d
                                          • Instruction Fuzzy Hash: F011E13171060B9BCB28AFACDC85A6BBBE5FB94615B100528E94A83765DF20ED50CBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction ID: 0328fa9680bf24ee050a2091ffdb8c8f7dab6b7ca20e5762fa26e22669607632
                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction Fuzzy Hash: A411E5726427C59FE723872CC544B393798BB48B55F0900A0EE09CB696D328CD81C651
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cacf3ddb068faad5a5f56eb553e68f04e0a828dc9e8aba9d2bf482199e4caac7
                                          • Instruction ID: cf445fb58bf18d8ca0c9163aa5116522cf4e3ffe2c84f30091ce631e9929446b
                                          • Opcode Fuzzy Hash: cacf3ddb068faad5a5f56eb553e68f04e0a828dc9e8aba9d2bf482199e4caac7
                                          • Instruction Fuzzy Hash: AF01F472909604CFF3268F1CD840B12BBE9EB41368F224066E205CB792D770DD41CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c8bda81fedbb7af7a863c12d98ee63ceaf60eae261829bcbe83b902584bab1b
                                          • Instruction ID: c6ce8bd804353f334ffd04f8b12942fa39f6b92310ce930c7624f1cc53e62b5a
                                          • Opcode Fuzzy Hash: 6c8bda81fedbb7af7a863c12d98ee63ceaf60eae261829bcbe83b902584bab1b
                                          • Instruction Fuzzy Hash: D711F576A415589FCB29DB4CCA44FAA77B9FF08B00F15006CE909E7752C369ED00CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b964841d0b184f15856a784c0060c7ab084b45f752cece08511085c88528b0bb
                                          • Instruction ID: 3f3d6fd945741ea02eaecb8abf839308c8c5d87a59adb5ba3425ce86aa5877c5
                                          • Opcode Fuzzy Hash: b964841d0b184f15856a784c0060c7ab084b45f752cece08511085c88528b0bb
                                          • Instruction Fuzzy Hash: 9E116171A01249ABCB10DFACD845EAEBBF8EF44710F40406AF915EB340D674DA00CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                          • Instruction ID: fa09176a3ffaa1538269d18fdada6065a1f24569bb9369569a5fe305712fe372
                                          • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                          • Instruction Fuzzy Hash: 4401F132240705AFEB239A6AD900AA777E9FFC1B14F44441DAB46CB510DA30EA01CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0becc8464eae0ca7aa31190958e156fdf76c1c2909a102f20a098d8a6f868d70
                                          • Instruction ID: 95339b763f44c98032fa5286380afc921d7c2e8258c1ca8b4819ea42110fc6fb
                                          • Opcode Fuzzy Hash: 0becc8464eae0ca7aa31190958e156fdf76c1c2909a102f20a098d8a6f868d70
                                          • Instruction Fuzzy Hash: 1D018F72201A4A7FD711AB6DCD84E57F7ACFF55B60B000229B608C7A52CB34ED11CAE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4aaec9f0681955dd509ef66a01d76562460c7b1352338645a6a91c2026aa47b2
                                          • Instruction ID: 66f0044f74e613bba4b78430a1e29811b297187d8307c0198b3c834da7f2a3a6
                                          • Opcode Fuzzy Hash: 4aaec9f0681955dd509ef66a01d76562460c7b1352338645a6a91c2026aa47b2
                                          • Instruction Fuzzy Hash: 6F015271A01259ABDB14DFADD846EAEBBF8EF45710F404066F905EB380DA74DA01CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d9c486c9891cb1e65165988200f5f771029b01243e90d3121c8eb8ecb84a4422
                                          • Instruction ID: 9d759ac9e9d641f0b278664c6594ef8b872601281e8e6e62e137aa8b3acee6f7
                                          • Opcode Fuzzy Hash: d9c486c9891cb1e65165988200f5f771029b01243e90d3121c8eb8ecb84a4422
                                          • Instruction Fuzzy Hash: 5B019271A01209ABCB14DFACD846EAFBBF8EF84710F004066F904EB380D674DA40CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                          • Instruction ID: a3914f00fa2febb7162657162549c542c456431b5c06686d09314903a6984a70
                                          • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                          • Instruction Fuzzy Hash: A911A132550B02DFE7329F18C880B22B7E5FF10722F15C86CD5898A552D779E980DB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb018186070444021240083e22f658a1b89d878b6b304f115d6dcd9013961e3d
                                          • Instruction ID: bf037d54077e6cfde1cee218e3e357930c05c31effaa27f1125665342f2608f6
                                          • Opcode Fuzzy Hash: eb018186070444021240083e22f658a1b89d878b6b304f115d6dcd9013961e3d
                                          • Instruction Fuzzy Hash: C7015271A01259ABDB14DFADD846EAEBBF8EF45710F004066F905EB380D674DA41CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1da77ff468eede4b53d2676b9c871dcd45a7e066658c56ca1e4efe8ef77d6dde
                                          • Instruction ID: 5ef963e29bb167059707108d10ce581a5dae726aa35c8d1b6103df644a28d7de
                                          • Opcode Fuzzy Hash: 1da77ff468eede4b53d2676b9c871dcd45a7e066658c56ca1e4efe8ef77d6dde
                                          • Instruction Fuzzy Hash: 6E019671E01249ABCB14DFACD845EAEBBF8EF84710F004066F904DB380D674DA00CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2c8e8282cc0f1201fb2e4746699c7e613b5b0a1cb3214bc70400ffd76c39681
                                          • Instruction ID: 5256cb838f239205268116e3489c111bce417000b98e6c405362584e0d30568e
                                          • Opcode Fuzzy Hash: e2c8e8282cc0f1201fb2e4746699c7e613b5b0a1cb3214bc70400ffd76c39681
                                          • Instruction Fuzzy Hash: 4A019271A00249AFCB14DFACD846EAEBBF8EF45710F404066F905EB280D670DA00CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b5e637eef4b179dc462c60fc605f8f4eb6b110ceab6f2629339b70f6646f268d
                                          • Instruction ID: a5c2c8d0d3540ddcc5c16017bc5e3957392b2d5077fda93e3210b164038317b4
                                          • Opcode Fuzzy Hash: b5e637eef4b179dc462c60fc605f8f4eb6b110ceab6f2629339b70f6646f268d
                                          • Instruction Fuzzy Hash: 9B018431A00119EBE714EA6DE8419AEB7ACEB91370F990069DA09EB244DE20DE45C651
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                          • Instruction ID: 023fa60c48bc6b3700c74ad9e850ec9bfab8475fd3850528432cc5ab10926ef2
                                          • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                          • Instruction Fuzzy Hash: 85014772E09144DFE7129B58CA04F253399AFC1B28F104119EE19CB290DB34EF40C781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19ae14586cc6511e79e7b08b0d5dc3e694701799e6e75c647a1262f27eacceea
                                          • Instruction ID: 34cc80c1f0dd158dec2acf022a3ce08e25f270ca75e39eb3f4a123c9d1aa16ff
                                          • Opcode Fuzzy Hash: 19ae14586cc6511e79e7b08b0d5dc3e694701799e6e75c647a1262f27eacceea
                                          • Instruction Fuzzy Hash: AA0129B1A0021DABCB00DFA9D9459AEBBF8FF58300F10445AE905E7340D7749A00CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction ID: 97c1ceaa940d517d5bb1d6bffb11e4cb27537d20d8a8e6eaf7d8c8e7b8242853
                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction Fuzzy Hash: E9018F72201A849FE327875CC9C8FB67BECEB85B54F0900A1FA19CBB91D638DD41C661
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a682ece460726d27395cb4e955192f9da32541e9b4aacb9050603ac6edc40be
                                          • Instruction ID: 9af0b55c17656dbda15ed04af36c3b2efd738f1429225feb3dd33b15c7161336
                                          • Opcode Fuzzy Hash: 2a682ece460726d27395cb4e955192f9da32541e9b4aacb9050603ac6edc40be
                                          • Instruction Fuzzy Hash: 35014C726047469FC711EF6CC804B1ABBD9BFD4710F048529F98993690EE30D544CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc3429b935069b54b1787ab3ae4cfd4589d5aefaf5bd3ba52208f8860d54e330
                                          • Instruction ID: 6077a78cd59b0d3aafcb39395fabea8338b74bfa1f6263c409f89802db1d6355
                                          • Opcode Fuzzy Hash: dc3429b935069b54b1787ab3ae4cfd4589d5aefaf5bd3ba52208f8860d54e330
                                          • Instruction Fuzzy Hash: E10184B1A01259AFDB14DFADD845EAFBBB8EF95700F00406AF905EB280D674DA00CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8137cf105398819f7832a858abf495e123371bc5553d2f3af94ef95d296f7776
                                          • Instruction ID: 10ad7522a512290db8f032e2bd0ada2bf3cd9f8d96b414bf0257a6d20045ab9b
                                          • Opcode Fuzzy Hash: 8137cf105398819f7832a858abf495e123371bc5553d2f3af94ef95d296f7776
                                          • Instruction Fuzzy Hash: 65017CB1A0020DAFCB04DFACD9859AEBBF8FF48310F10405AF905E7340D634AA01CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e631c6af75da438c00746f24b3f5e5ed861fdf45aae3320c6872adc3e4f32a56
                                          • Instruction ID: cf7b6d7b0318850418d83c25abef664b1f1426e6b96fd7f9178663a18a2f2cfa
                                          • Opcode Fuzzy Hash: e631c6af75da438c00746f24b3f5e5ed861fdf45aae3320c6872adc3e4f32a56
                                          • Instruction Fuzzy Hash: 65011AB1A01219ABDB00DFA9E9459AEBBF8FF59710F10405AF905E7350D634AA01CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da21a5a52f94c87d86ff0326ffe8e7e14738aa026db7d68f461f6d564a6998a2
                                          • Instruction ID: 750231046c2243777d21d81a9f89f5a69897fd5da60301be8e3799dea0d551ce
                                          • Opcode Fuzzy Hash: da21a5a52f94c87d86ff0326ffe8e7e14738aa026db7d68f461f6d564a6998a2
                                          • Instruction Fuzzy Hash: AC012CB1A0121DAFCB04DFADD9459AEBBF8FF59710F10405AFA05E7351E634AA00CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction ID: ee3d6fe55254d928f560e9e9df2ca58ef01ddf18c66b8a4635401e949d4af9d7
                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction Fuzzy Hash: 18F0C233201A279BF7326ADD8884B2BBA958F91B60F560535B205DBA44CA608E0386E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction ID: 49417b4fddc71fcced59d122f1d29ce6d7e79d765a12cbdd3d7f07a56dfa2338
                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction Fuzzy Hash: E001F4322006849FE323976DC904F697B98EF91754F0800A2FB18CB6B2D778CD40C715
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e89db28537c06b460732112beb4a7e9b0c2850fd78520922c7f9ed96bd6ae2f
                                          • Instruction ID: 089b58feb3d659120c2929daa0a88503642047493b849b765a63d87cdaad854d
                                          • Opcode Fuzzy Hash: 0e89db28537c06b460732112beb4a7e9b0c2850fd78520922c7f9ed96bd6ae2f
                                          • Instruction Fuzzy Hash: 4B01AD31200608ABE735DF5CDD06FABBBF9EF44B10F10016DE90683190CBB2AA04CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dd25d984ddc7b3f9c150820f5ebe25cace2a9519285817a9ff5eea0ae193bb21
                                          • Instruction ID: 8eca0c2f50960df523b131db02f3b96f4f053724037f7feff8de5d163942f970
                                          • Opcode Fuzzy Hash: dd25d984ddc7b3f9c150820f5ebe25cace2a9519285817a9ff5eea0ae193bb21
                                          • Instruction Fuzzy Hash: 1C017CB1E00209ABCB00DFACD845AAEBBF8FF58314F14005AF905EB280D734AA00CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67cf76fbd127d9868d7fb47d948ef6ec7a9bd26d48213f2a6725bf0ddb82476e
                                          • Instruction ID: 1bf646cb84f69ac9c8e87eb2148a0bbe0692e5bbc4f0291cf63c95984781c1c0
                                          • Opcode Fuzzy Hash: 67cf76fbd127d9868d7fb47d948ef6ec7a9bd26d48213f2a6725bf0ddb82476e
                                          • Instruction Fuzzy Hash: B001A972A01258ABDB14DBFDC5459AFB7B8EF55710F00806AF511E7290DA74DA008791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                          • Instruction ID: c2f7791e4219c0deca09bbac98ba3fc782b8a79bbb79dce085702cd0ce33fcb5
                                          • Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                          • Instruction Fuzzy Hash: 4901D67158175A9FD7219B1CC888F6937B8AB00720F044142FD14CF291DB74DB408753
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                          • Instruction ID: 26c1fff9095bb7d4005e5f8b339c3598d236c12cd2ddaaf9e491d40a727bfe13
                                          • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                          • Instruction Fuzzy Hash: 52F0F671A01209ABFB14DB6DC851FBABBA8FF94710F688155FE45D7200EA71EB408790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dd9ec0c44b747ad6986ccbcd7b7c2e49a40c189ae0d1585bfca1d7534c1a7df3
                                          • Instruction ID: 47717e88c0f1307df3fec6cd1d25a12c9a5c67625f301bd5d875893489ec30fe
                                          • Opcode Fuzzy Hash: dd9ec0c44b747ad6986ccbcd7b7c2e49a40c189ae0d1585bfca1d7534c1a7df3
                                          • Instruction Fuzzy Hash: A2F0C271B04248ABDB04EBADD906E7EB3F8EF45B00F400069F901EB690EA70ED05C741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                          • Instruction ID: 785ab8c12cf76aa1ea54f3d18560ea5bd8df13b8ffcf7ea2a760665912dfc042
                                          • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                          • Instruction Fuzzy Hash: 27F02431714208ABF718CB29CC08B56B7EDEF98300F14807C9949C7260FAB2EE01D354
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d31a53838466358fb3eb70cec5df5c93efb4f2a3bf2c36b0bf743fd8c483a997
                                          • Instruction ID: 8884c9f7e74f0ea1abf5a5c4fb2558828cd5bfa3b39e890332a47ef9deceeb97
                                          • Opcode Fuzzy Hash: d31a53838466358fb3eb70cec5df5c93efb4f2a3bf2c36b0bf743fd8c483a997
                                          • Instruction Fuzzy Hash: 9E013CB1A01249AFCB04EFADD645AAEB7F8FF58700F404069F905EB391E674DA00CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 033752e7b4f32231817bb24c9f9dca8dbcad2dffb33b172d88fcfd81e0790d4e
                                          • Instruction ID: 078f487efa820d9debbeb1e531cb407a7a2bc5eebb02e2034ce14d19de497627
                                          • Opcode Fuzzy Hash: 033752e7b4f32231817bb24c9f9dca8dbcad2dffb33b172d88fcfd81e0790d4e
                                          • Instruction Fuzzy Hash: 38F0EC2641A2C94ADF33AB3D71113E57FDED79A152F09084AD9581720DC5358893CB30
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction ID: 908c12b536fbbe1a51e116e6b549c8fa66bd64e05b3f79599dabe9c62c23d779
                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction Fuzzy Hash: 73E0E5322405016BEB219E09CC84F0337A99F92724F004078F5009E242C6E5DA0887A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8ae80f143a9b2e16c33b77ccf3dc8d60259b5502f8580db6b8adf0c10429a08
                                          • Instruction ID: d45f847590273fbee2f0da1c3aedb1c98e67a3aa3eeef7acb9cfb2dc3232247f
                                          • Opcode Fuzzy Hash: b8ae80f143a9b2e16c33b77ccf3dc8d60259b5502f8580db6b8adf0c10429a08
                                          • Instruction Fuzzy Hash: 99F082B0A04259AFDB14EFACD90AE7E77F8FF04704F440459BA05DB291EA74DA00C759
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 749613e17ddcd4ddbdedd873482abe1db4f9369a1f6c5e3871d7a54da71dfd15
                                          • Instruction ID: 22416cc85375c11a010a6eaf3f8ff50d9578b860cb3419c91e8ab6962fae6b81
                                          • Opcode Fuzzy Hash: 749613e17ddcd4ddbdedd873482abe1db4f9369a1f6c5e3871d7a54da71dfd15
                                          • Instruction Fuzzy Hash: 66F0E271A05248ABDB04DBFCC44AEAE77F8EF08304F4000A9F605EB284E974DE00C755
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2071991c37a47a2eb4bcddf77fd8e14e34edf38e0baf5756170752262a5331d0
                                          • Instruction ID: 9540651a65de8b25e4cc967ae3610e29372d95d1ed5ba240a1ffacc5dac3e794
                                          • Opcode Fuzzy Hash: 2071991c37a47a2eb4bcddf77fd8e14e34edf38e0baf5756170752262a5331d0
                                          • Instruction Fuzzy Hash: DBF082B0A04259ABDB14EBACD90AE7E77F8EF14704F440459BA05DB390EA74DA00C799
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction ID: 6eb317a47ca454fce505ec9f26e441a0ad4878d041559e6e06e14d3ac944c4f8
                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction Fuzzy Hash: 59E0DF32A40218FBEB31AADD9E05FAABFBCDB58B60F010195BB04D7150D9709F40D2D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                          • Instruction ID: 0aa265aa0a93cb4f02387b1b0d02a3ae99b85fe67e9516377cdbfb0cb0fba677
                                          • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                          • Instruction Fuzzy Hash: C3E02B3121014A97EF31AA4CC449BB6B799AF51704F488175F502CB191E6A0DE41C3D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9ace296b5fc1ed19fc6fc30d94642de6a60b1415f00bde3cea84edb2e7b504a
                                          • Instruction ID: 41e6bd97c7f4cb73576ff9084b8c1d6068daf64247a8e3ad1b3d4cbb7f264254
                                          • Opcode Fuzzy Hash: b9ace296b5fc1ed19fc6fc30d94642de6a60b1415f00bde3cea84edb2e7b504a
                                          • Instruction Fuzzy Hash: A5F01575824709DECBB0EFAD950071C36E4F7A6321F10411E920897AAAC73445A4CF02
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction ID: 3f2266b60c69cc471d8a0af49b679c98b4679731e5dee34cc4b78501391c2d77
                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction Fuzzy Hash: 33E0C231280209BBEB229E88CC00F697B5ADB50BA5F104431FE08AA691C671DD91DBC5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94a1aeb0601336e2c92fdbd63f0dd2862254a7f7d31e2f5fbfc56767f7e3b2da
                                          • Instruction ID: 8abcc25239b24be0f679e633c9eefb2d24d8368aadf03faef8b16a603ddda680
                                          • Opcode Fuzzy Hash: 94a1aeb0601336e2c92fdbd63f0dd2862254a7f7d31e2f5fbfc56767f7e3b2da
                                          • Instruction Fuzzy Hash: A7D02B7112070056CF2E132C8814B253352F790BD0F34040CF20BCB5A0E960C9D0A10A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction ID: 5f9ce8b4c978f9c8cd3c509efcc71514b2de4f6746da1f2d1f33413c6c5eb813
                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction Fuzzy Hash: 10E0EC71944684DFDF12DB5DCA94F9EBBF9FB44B40F150458A509AB661C674ED00CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction ID: 0abd9a36d3cbd96f12a548f334396bcbb9ee61953c37dfb83721244334d0d114
                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction Fuzzy Hash: 34D0E939352A80CFD61BCB1DC994B5577A8BB44B45FC50490E505CB762E62CD944CA10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction ID: c7e7589e8b5c09cdef72b7ccb49d21b1f32cd0b45b622ca7be671a4415ae1431
                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction Fuzzy Hash: 79D0A771401385BDDB01AF18C1547A83B71BB00308FD81055A80685552C3354B09C603
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction ID: 0ceac8940554b571eb7942560e26cc1dbfd53cbaf18a6b950fba52785039be7e
                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction Fuzzy Hash: 4AC08C30280A01ABFB321F24CD01F003AA0BB10F01F8400A06301DA4F0DB78DA02E600
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction ID: 5a430246ff8faea730eec015711cb2b7812186463ac3082ef3651c8ec6ae5e9b
                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction Fuzzy Hash: 8CC08C32080248BBC7226E45DC00F017B29E7A0B60F000020B6040A5608532EDA0D588
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                          • Instruction ID: fcc9a7301b71277e78a3e4508e400a1b0f9f1b9252974e91cae246ef49389301
                                          • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                          • Instruction Fuzzy Hash: 71C04C757515418FCF15CB2DC284F1537E4B744B45F150890E906CB725D664E940CA11
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction ID: 35e1c016dfbcb673e6d8bf95eacc3d7c6e4b7c535d0bd895f86d08a8336d1df4
                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction Fuzzy Hash: 14B01232C10441CFCF02EF44C690B997731FB00750F054490900277A30C228AD01CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73a5469a15a8537d410720c9f4b93887e6e09b8d9e2653ca63d1b0b65bf45adf
                                          • Instruction ID: b1f18fc14939aef09493badb7e0fe078a6f32c72dec36e4067b4d1414d4e7b43
                                          • Opcode Fuzzy Hash: 73a5469a15a8537d410720c9f4b93887e6e09b8d9e2653ca63d1b0b65bf45adf
                                          • Instruction Fuzzy Hash: 1B9002A134100442D10061994414B060005E7E1341F52C119E3058664DC659CD567166
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6ba2a6636d7c6a420bfaed3269ed5cbc212cf5f517eba4db749fb08ead45f8a
                                          • Instruction ID: fc1f7d8fd4c0ecc18be393017fad90fab467f679e28d6ec82ffd9cb5181fe077
                                          • Opcode Fuzzy Hash: e6ba2a6636d7c6a420bfaed3269ed5cbc212cf5f517eba4db749fb08ead45f8a
                                          • Instruction Fuzzy Hash: 609002A121100042D104619944047060045A7E1341F52C116A3148664CC5698D657165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad68ac950632dd2abd2abe564ca2a8affa28ae9c463a6b8031458dd085da0ed8
                                          • Instruction ID: 0681b2f26e8f369ed279c0b427c2c32bfcf5b58245c8a7dca61218b7d19f2290
                                          • Opcode Fuzzy Hash: ad68ac950632dd2abd2abe564ca2a8affa28ae9c463a6b8031458dd085da0ed8
                                          • Instruction Fuzzy Hash: 429002B120100402D140719944047460005A7D0341F52C115A7058664EC6998ED976A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4ea8af3830f7c36ee1b0f0078014979263876382abaad73c6988954540045e21
                                          • Instruction ID: f580db2fd6e558598e4e237ab91f5c9c37a3bed9622e0d6d1875ef2b970d3539
                                          • Opcode Fuzzy Hash: 4ea8af3830f7c36ee1b0f0078014979263876382abaad73c6988954540045e21
                                          • Instruction Fuzzy Hash: 1F9002A120140403D140659948047070005A7D0342F52C115A3058665ECA698D557175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ffd835c986f61a44eb26e793f8d3ad278cd1224d72300e4d5b1778836ae6e5bd
                                          • Instruction ID: c09c28da86f16fa4e07eef08c64c1de8e3c861ae4a338b9b8bda54fc79343391
                                          • Opcode Fuzzy Hash: ffd835c986f61a44eb26e793f8d3ad278cd1224d72300e4d5b1778836ae6e5bd
                                          • Instruction Fuzzy Hash: 4990026130100402D102619944147060009E7D1385F92C116E3418665DC6658A57B172
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 391c1bcc27a5bba8d9fa7521f8e4286a151c22a9108a3d862bb46e0daf46d1da
                                          • Instruction ID: dc50ac6b4ca92e9b45b1958bebc0588dea2641d6499cb8b932858a9798027b34
                                          • Opcode Fuzzy Hash: 391c1bcc27a5bba8d9fa7521f8e4286a151c22a9108a3d862bb46e0daf46d1da
                                          • Instruction Fuzzy Hash: 5E90026160100502D10171994404716000AA7D0381F92C126A3018665ECA658A96B171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4bab129db731cd6c3d17791f9e17f24138d883e4ee74d10c70837545943e15a
                                          • Instruction ID: 4be32673a1e79e7c5446484d918cebb843509c1752d3d788df3e4fd9c23ebe52
                                          • Opcode Fuzzy Hash: a4bab129db731cd6c3d17791f9e17f24138d883e4ee74d10c70837545943e15a
                                          • Instruction Fuzzy Hash: 5590027124100402D141719944047060009B7D0381F92C116A3418664EC6958B5ABAA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e29d3c5f9588c3389cf82ca20342ea325ccb005ef3d47fe83857d29f0d8fca2
                                          • Instruction ID: 7c32dd73e0feb340ef54753d4b5898ac87985025c0c5a2edd386030d360d4519
                                          • Opcode Fuzzy Hash: 6e29d3c5f9588c3389cf82ca20342ea325ccb005ef3d47fe83857d29f0d8fca2
                                          • Instruction Fuzzy Hash: CB9002A1601140434540B19948045065015B7E1341392C225A3448670CC6A88959B2A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1515027481325a553fe356f5c7b51ac05fb533431595b078283f69b5fc08748c
                                          • Instruction ID: 7a9edf1fae6415b76eece347c17d3c62cc7e498aa706e7707470e7b0f6c51bda
                                          • Opcode Fuzzy Hash: 1515027481325a553fe356f5c7b51ac05fb533431595b078283f69b5fc08748c
                                          • Instruction Fuzzy Hash: 2E900261242041525545B19944046074006B7E0381792C116A3408A60CC566995AF661
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 736df50cd98028be6607a0428bdb332e20299717673d035880e8037fc9214b26
                                          • Instruction ID: a38c9b20ecf6f0f33db8e343f241a0179cd8d7652705ea56f34f2d95f55c24e7
                                          • Opcode Fuzzy Hash: 736df50cd98028be6607a0428bdb332e20299717673d035880e8037fc9214b26
                                          • Instruction Fuzzy Hash: 2590027120144002D1407199844470B5005B7E0341F52C515E3419664CC655895AB261
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4868054318a0ba81e282be47c299e68ad4d05ff881422f824ffd3063204063ad
                                          • Instruction ID: b9e40b9a6282f18eac7c290365a79489db2859324877248b0ce031a3dd8e6f27
                                          • Opcode Fuzzy Hash: 4868054318a0ba81e282be47c299e68ad4d05ff881422f824ffd3063204063ad
                                          • Instruction Fuzzy Hash: 0A90026124100802D140719984147070006E7D0741F52C115A3018664DC6568A6976F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50ddfbff81f534016045dde1c6005dcbd0774e2d2f1151b63281dd6b4ec217d0
                                          • Instruction ID: 05cadba22c66df211747033741803b544f7755799fcba2cc73419bfd35930df8
                                          • Opcode Fuzzy Hash: 50ddfbff81f534016045dde1c6005dcbd0774e2d2f1151b63281dd6b4ec217d0
                                          • Instruction Fuzzy Hash: 4390026120144442D14062994804B0F4105A7E1342F92C11DA714A664CC95589597761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d627fded00cf408faf2847a1b3f3b87c25c4cd61d1892d7ad50fbde8e9e8fde
                                          • Instruction ID: 222b570fd2a6e321a36dbe5bc2ac81c70fc19804d8004545c6f292d9eb1c0b51
                                          • Opcode Fuzzy Hash: 2d627fded00cf408faf2847a1b3f3b87c25c4cd61d1892d7ad50fbde8e9e8fde
                                          • Instruction Fuzzy Hash: 0290027120140402D1006199481470B0005A7D0342F52C115A3158665DC665895575B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cd4217f6a92f8dc293eb77e3027f207f6ed07237d83f51f51d6c3712b5973ee
                                          • Instruction ID: 6ec288eb35bba1b8f0917f24a757dcd4b6ca7b3991c378374e137ceeaa8c4254
                                          • Opcode Fuzzy Hash: 8cd4217f6a92f8dc293eb77e3027f207f6ed07237d83f51f51d6c3712b5973ee
                                          • Instruction Fuzzy Hash: 2690027120140402D100619948087470005A7D0342F52C115A7158665EC6A5C9957571
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23dfeb2a8ce71c8f83fc1b98a6592a1d23565641033d670fce71224e840e4282
                                          • Instruction ID: 098062668f2c5ab815f9df47d3420984559169414e028995fb824ff0de94ba26
                                          • Opcode Fuzzy Hash: 23dfeb2a8ce71c8f83fc1b98a6592a1d23565641033d670fce71224e840e4282
                                          • Instruction Fuzzy Hash: 7A90026160100042414071A98844A064005BBE1351752C225A398C660DC599896976A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa0394dca3a515421f94698e1b904c01c922c4fa38070ab9e6076c6c783c90f7
                                          • Instruction ID: bca24f177fca83219838b576bc31c06cbedabc176f77424de9763f7bb8b8f60f
                                          • Opcode Fuzzy Hash: fa0394dca3a515421f94698e1b904c01c922c4fa38070ab9e6076c6c783c90f7
                                          • Instruction Fuzzy Hash: 7490026121180042D20065A94C14B070005A7D0343F52C219A3148664CC95589657561
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e7df61a242878130e0e3307983005e71d8924ac8deab9b7dfbe30bf4b5466577
                                          • Instruction ID: 3b4c3115eefaf4f2775bb135c107e25a2564c0d260568dae96e8992c7ded6cf3
                                          • Opcode Fuzzy Hash: e7df61a242878130e0e3307983005e71d8924ac8deab9b7dfbe30bf4b5466577
                                          • Instruction Fuzzy Hash: 3E9002A120200003410571994414716400AA7E0341B52C125E30086A0DC56589957165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5881425fd32cf3723a8baf70387434884049f68d8cfe79173ba730cc2c721fd5
                                          • Instruction ID: b46512106ac012e0afecc87b41df6a6d7b49d68d6414011ff2bad42492ce688b
                                          • Opcode Fuzzy Hash: 5881425fd32cf3723a8baf70387434884049f68d8cfe79173ba730cc2c721fd5
                                          • Instruction Fuzzy Hash: 5790027120100802D104619948047860005A7D0341F52C115A7018765ED6A589957171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          C-Code - Quality: 63%
                                          			E018A40FD(void* __ecx) {
                                          				signed int _v8;
                                          				char _v548;
                                          				unsigned int _v552;
                                          				unsigned int _v556;
                                          				unsigned int _v560;
                                          				char _v564;
                                          				char _v568;
                                          				void* __ebx;
                                          				void* __edi;
                                          				void* __esi;
                                          				unsigned int _t49;
                                          				signed char _t53;
                                          				unsigned int _t55;
                                          				unsigned int _t56;
                                          				unsigned int _t65;
                                          				unsigned int _t66;
                                          				void* _t68;
                                          				unsigned int _t73;
                                          				unsigned int _t77;
                                          				unsigned int _t85;
                                          				char* _t98;
                                          				unsigned int _t102;
                                          				signed int _t103;
                                          				void* _t105;
                                          				signed int _t107;
                                          				void* _t108;
                                          				void* _t110;
                                          				void* _t111;
                                          				void* _t112;
                                          
                                          				_t45 =  *0x199d360 ^ _t107;
                                          				_v8 =  *0x199d360 ^ _t107;
                                          				_t105 = __ecx;
                                          				if( *0x19984d4 == 0) {
                                          					L5:
                                          					return L018EB640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
                                          				}
                                          				_t85 = 0;
                                          				E018BE9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
                                          				if(( *0x7ffe02d5 & 0x00000003) == 0) {
                                          					_t45 = 0;
                                          				} else {
                                          					_t45 =  *(_v564 + 0x5f) & 0x00000001;
                                          				}
                                          				if(_t45 == 0) {
                                          					_v552 = _t85;
                                          					_t49 = E018A42EB(_t105);
                                          					__eflags = _t49;
                                          					if(_t49 != 0) {
                                          						L15:
                                          						_t103 = 2;
                                          						_v552 = _t103;
                                          						L10:
                                          						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
                                          						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
                                          							_t45 = 1;
                                          						} else {
                                          							_t53 = E018A41EA(_v564);
                                          							asm("sbb al, al");
                                          							_t45 =  ~_t53 + 1;
                                          							__eflags = _t45;
                                          						}
                                          						__eflags = _t45;
                                          						if(_t45 == 0) {
                                          							_t102 = _t103 | 0x00000040;
                                          							_v552 = _t102;
                                          						}
                                          						__eflags = _t102;
                                          						if(_t102 != 0) {
                                          							L33:
                                          							_push(4);
                                          							_push( &_v552);
                                          							_push(0x22);
                                          							_push(0xffffffff);
                                          							_t45 = L018E96C0();
                                          						}
                                          						goto L4;
                                          					}
                                          					_v556 = _t85;
                                          					_t102 =  &_v556;
                                          					_t55 = E018A429E(_t105 + 0x2c, _t102);
                                          					__eflags = _t55;
                                          					if(_t55 >= 0) {
                                          						__eflags = _v556 - _t85;
                                          						if(_v556 == _t85) {
                                          							goto L8;
                                          						}
                                          						_t85 = _t105 + 0x24;
                                          						L01935720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
                                          						_v560 = 0x214;
                                          						E018EFA60( &_v548, 0, 0x214);
                                          						_t106 =  *0x19984d4;
                                          						_t110 = _t108 + 0x20;
                                          						 *0x199b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
                                          						_t65 =  *((intOrPtr*)( *0x19984d4))();
                                          						__eflags = _t65;
                                          						if(_t65 == 0) {
                                          							goto L8;
                                          						}
                                          						_t66 = _v560;
                                          						__eflags = _t66;
                                          						if(_t66 == 0) {
                                          							goto L8;
                                          						}
                                          						__eflags = _t66 - 0x214;
                                          						if(_t66 >= 0x214) {
                                          							goto L8;
                                          						}
                                          						_t68 = (_t66 >> 1) * 2 - 2;
                                          						__eflags = _t68 - 0x214;
                                          						if(_t68 >= 0x214) {
                                          							L018EB75A();
                                          							goto L33;
                                          						}
                                          						_push(_t85);
                                          						 *((short*)(_t107 + _t68 - 0x220)) = 0;
                                          						L01935720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
                                          						_t111 = _t110 + 0x14;
                                          						_t73 = L018F1480( &_v548, L"Execute=1");
                                          						_push(_t85);
                                          						__eflags = _t73;
                                          						if(_t73 == 0) {
                                          							L01935720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
                                          							_t106 =  &_v548;
                                          							_t98 =  &_v548;
                                          							_t112 = _t111 + 0x14;
                                          							_t77 = _v560 + _t98;
                                          							_v556 = _t77;
                                          							__eflags = _t98 - _t77;
                                          							if(_t98 >= _t77) {
                                          								goto L8;
                                          							} else {
                                          								goto L27;
                                          							}
                                          							do {
                                          								L27:
                                          								_t85 = E018F1150(_t106, 0x20);
                                          								__eflags = _t85;
                                          								if(__eflags != 0) {
                                          									__eflags = 0;
                                          									 *_t85 = 0;
                                          								}
                                          								L01935720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
                                          								_t112 = _t112 + 0x10;
                                          								L01923E13(_t105, _t106, __eflags);
                                          								__eflags = _t85;
                                          								if(_t85 == 0) {
                                          									goto L8;
                                          								}
                                          								_t41 = _t85 + 2; // 0x2
                                          								_t106 = _t41;
                                          								__eflags = _t106 - _v556;
                                          							} while (_t106 < _v556);
                                          							goto L8;
                                          						}
                                          						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
                                          						_push(3);
                                          						_push(0x55);
                                          						L01935720();
                                          						goto L15;
                                          					}
                                          					L8:
                                          					_t56 = E018A41F7(_t105);
                                          					__eflags = _t56;
                                          					if(_t56 != 0) {
                                          						goto L15;
                                          					}
                                          					_t103 = _v552;
                                          					goto L10;
                                          				} else {
                                          					L4:
                                          					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
                                          					goto L5;
                                          				}
                                          			}
































                                          0x018a410d
                                          0x018a410f
                                          0x018a411c
                                          0x018a411e
                                          0x018a4158
                                          0x018a4168
                                          0x018a4168
                                          0x018a4126
                                          0x018a4130
                                          0x018a413c
                                          0x019004a2
                                          0x018a4142
                                          0x018a414b
                                          0x018a414b
                                          0x018a414f
                                          0x018a416b
                                          0x018a4171
                                          0x018a4176
                                          0x018a4178
                                          0x018a41d0
                                          0x018a41d2
                                          0x018a41d3
                                          0x018a41a7
                                          0x018a41ae
                                          0x018a41b0
                                          0x018a41db
                                          0x018a41b2
                                          0x018a41b8
                                          0x018a41bf
                                          0x018a41c1
                                          0x018a41c1
                                          0x018a41c1
                                          0x018a41c3
                                          0x018a41c5
                                          0x018a41df
                                          0x018a41e2
                                          0x018a41e2
                                          0x018a41c7
                                          0x018a41c9
                                          0x01900628
                                          0x01900628
                                          0x01900630
                                          0x01900631
                                          0x01900633
                                          0x01900635
                                          0x01900635
                                          0x00000000
                                          0x018a41c9
                                          0x018a417d
                                          0x018a4183
                                          0x018a4189
                                          0x018a418e
                                          0x018a4190
                                          0x019004a9
                                          0x019004af
                                          0x00000000
                                          0x00000000
                                          0x019004b5
                                          0x019004c8
                                          0x019004d5
                                          0x019004e5
                                          0x019004ea
                                          0x019004f6
                                          0x01900518
                                          0x0190051e
                                          0x01900520
                                          0x01900522
                                          0x00000000
                                          0x00000000
                                          0x01900528
                                          0x0190052e
                                          0x01900530
                                          0x00000000
                                          0x00000000
                                          0x0190053b
                                          0x0190053d
                                          0x00000000
                                          0x00000000
                                          0x01900545
                                          0x0190054c
                                          0x0190054e
                                          0x01900623
                                          0x00000000
                                          0x01900623
                                          0x01900556
                                          0x01900557
                                          0x0190056f
                                          0x01900574
                                          0x01900583
                                          0x0190058a
                                          0x0190058b
                                          0x0190058d
                                          0x019005b5
                                          0x019005c0
                                          0x019005c6
                                          0x019005c8
                                          0x019005cb
                                          0x019005cd
                                          0x019005d3
                                          0x019005d5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x019005db
                                          0x019005db
                                          0x019005e3
                                          0x019005e7
                                          0x019005e9
                                          0x019005eb
                                          0x019005ed
                                          0x019005ed
                                          0x019005fa
                                          0x019005ff
                                          0x01900606
                                          0x0190060b
                                          0x0190060d
                                          0x00000000
                                          0x00000000
                                          0x01900613
                                          0x01900613
                                          0x01900616
                                          0x01900616
                                          0x00000000
                                          0x0190061e
                                          0x0190058f
                                          0x01900594
                                          0x01900596
                                          0x01900598
                                          0x00000000
                                          0x0190059d
                                          0x018a4196
                                          0x018a4198
                                          0x018a419d
                                          0x018a419f
                                          0x00000000
                                          0x00000000
                                          0x018a41a1
                                          0x00000000
                                          0x018a4151
                                          0x018a4151
                                          0x018a4151
                                          0x00000000
                                          0x018a4151

                                          Strings
                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 0190058F
                                          • ExecuteOptions, xrefs: 0190050A
                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 019005F1
                                          • Execute=1, xrefs: 0190057D
                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 019005AC
                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 019004BF
                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01900566
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                          • API String ID: 0-484625025
                                          • Opcode ID: eb9d654595c41a7b72f2eb9055d422a4bdf2f068bf475a834c026b4c64d5bdcf
                                          • Instruction ID: 60877b2bd4c6ab0dc5c6a56f605a0f0c69b38b26ea8ba3f8c16186b75d02b390
                                          • Opcode Fuzzy Hash: eb9d654595c41a7b72f2eb9055d422a4bdf2f068bf475a834c026b4c64d5bdcf
                                          • Instruction Fuzzy Hash: 3C613D31700619BBFF21EA59DC85FE977A8EF68704F4800A9E609D7181E7B0AF40CB65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0193FDFA
                                          Strings
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0193FE01
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0193FE2B
                                          Memory Dump Source
                                          • Source File: 00000006.00000002.259975111.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: true
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: 2f99168e380346f826dc451c359a32003cb651097d6f6deed66ed56aeb8b72c9
                                          • Instruction ID: a53503de107a08cfc56c295cd57a307517fb6e40972982e007721a405bbcc374
                                          • Opcode Fuzzy Hash: 2f99168e380346f826dc451c359a32003cb651097d6f6deed66ed56aeb8b72c9
                                          • Instruction Fuzzy Hash: 87F0F632640202BFEB211A49DC06F23BF5BEB85B30F150314F628961E1DA62F920C6F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%