Play interactive tour

Edit tour

Analysis Report #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Overview

General Information

Sample Name:	#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Analysis ID:	385277
MD5:	525cb22afe0244e45b2831b243b27a68
SHA1:	df33a4a91f50e49ee7c3283b1022024fca7ceade
SHA256:	bcbdc1722d82cfdd00d6748654937dd6e79b81661df159ea9387d61f3ed38034
Tags:	exeFormbookgeoKOR
Infos:
Most interesting Screenshot:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected FormBook

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Antivirus or Machine Learning detection for unpacked file

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Startup

System is w10x64

#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe (PID: 6476 cmdline: 'C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe' MD5: 525CB22AFE0244E45B2831B243B27A68)

#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe (PID: 6616 cmdline: {path} MD5: 525CB22AFE0244E45B2831B243B27A68)

#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe (PID: 6632 cmdline: {path} MD5: 525CB22AFE0244E45B2831B243B27A68)

#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe (PID: 6644 cmdline: {path} MD5: 525CB22AFE0244E45B2831B243B27A68)

cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.visitmatchgo.com/duy/"], "decoy": ["tychzh.net", "seafoodrambler.com", "sustainablyoutdoors.com", "ngisolomba.club", "pocee.com", "toshaliusa.com", "authenticpickleball.com", "2jm.guru", "site4v.com", "earlywarningsigns.com", "freekwennekers.com", "noelgift.store", "timaloney.com", "scotlandluxurylodges.com", "xevroruwf.icu", "ideasforgoodcourse.com", "feederscup.com", "kabutostrength.com", "studiomileend.com", "restaurantenelia.com", "kentbranding.company", "whitelinen.house", "mighty.zone", "bigsky3percent.com", "satelliteshows.com", "hlbrock.com", "xn--tssla-gra.com", "theholisticmix.com", "therealdmu.com", "lentiacontattoeshop.com", "uhejcjew.icu", "casnop.com", "lavisheclothiers.com", "topelevenhackcheatz.com", "monterklime.com", "fanoosbattery.com", "laramsmatter.com", "morrolion.com", "itstime4recess.com", "leeurgentcare.com", "panamienne.com", "implementbiosegurityoneline.com", "roseyogacoach.com", "domennyarendi19.net", "antsclassic.win", "soredecoraciones.com", "thelittlejetscompany.com", "culturasoft.net", "aajfw.xyz", "thedreamdistrict.com", "gmgdr.com", "releasement.solutions", "ditrdan.com", "ecoshoplanet.com", "boblikescock.com", "cotizalo.online", "gulastivbgone.xyz", "quelastimamiguelito.com", "tld-qa.com", "14pro.com", "michaeljoycetennis.com", "petrickpetmarket.xyz", "agilearccreations.com", "281as39.xyz"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18409:$sqlite3step: 68 34 1C 7B E1 0x1851c:$sqlite3step: 68 34 1C 7B E1 0x18438:$sqlite3text: 68 38 2A 90 C5 0x1855d:$sqlite3text: 68 38 2A 90 C5 0x1844b:$sqlite3blob: 68 53 D8 7F 8C 0x18573:$sqlite3blob: 68 53 D8 7F 8C
00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x1482e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x148562:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x174908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x174b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x154085:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x1806a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x153b71:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x180191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x154187:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1807a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1542ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x18091f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x148f7a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x17559a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x152dec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x17f40c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x149c73:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x176293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x159d27:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x186347:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x15ad2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x156e09:$sqlite3step: 68 34 1C 7B E1 0x156f1c:$sqlite3step: 68 34 1C 7B E1 0x183429:$sqlite3step: 68 34 1C 7B E1 0x18353c:$sqlite3step: 68 34 1C 7B E1 0x156e38:$sqlite3text: 68 38 2A 90 C5 0x156f5d:$sqlite3text: 68 38 2A 90 C5 0x183458:$sqlite3text: 68 38 2A 90 C5 0x18357d:$sqlite3text: 68 38 2A 90 C5 0x156e4b:$sqlite3blob: 68 53 D8 7F 8C 0x156f73:$sqlite3blob: 68 53 D8 7F 8C 0x18346b:$sqlite3blob: 68 53 D8 7F 8C 0x183593:$sqlite3blob: 68 53 D8 7F 8C
Process Memory Space: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6476	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18409:$sqlite3step: 68 34 1C 7B E1 0x1851c:$sqlite3step: 68 34 1C 7B E1 0x18438:$sqlite3text: 68 38 2A 90 C5 0x1855d:$sqlite3text: 68 38 2A 90 C5 0x1844b:$sqlite3blob: 68 53 D8 7F 8C 0x18573:$sqlite3blob: 68 53 D8 7F 8C
5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17609:$sqlite3step: 68 34 1C 7B E1 0x1771c:$sqlite3step: 68 34 1C 7B E1 0x17638:$sqlite3text: 68 38 2A 90 C5 0x1775d:$sqlite3text: 68 38 2A 90 C5 0x1764b:$sqlite3blob: 68 53 D8 7F 8C 0x17773:$sqlite3blob: 68 53 D8 7F 8C
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.visitmatchgo.com/duy/"], "decoy": ["tychzh.net", "seafoodrambler.com", "sustainablyoutdoors.com", "ngisolomba.club", "pocee.com", "toshaliusa.com", "authenticpickleball.com", "2jm.guru", "site4v.com", "earlywarningsigns.com", "freekwennekers.com", "noelgift.store", "timaloney.com", "scotlandluxurylodges.com", "xevroruwf.icu", "ideasforgoodcourse.com", "feederscup.com", "kabutostrength.com", "studiomileend.com", "restaurantenelia.com", "kentbranding.company", "whitelinen.house", "mighty.zone", "bigsky3percent.com", "satelliteshows.com", "hlbrock.com", "xn--tssla-gra.com", "theholisticmix.com", "therealdmu.com", "lentiacontattoeshop.com", "uhejcjew.icu", "casnop.com", "lavisheclothiers.com", "topelevenhackcheatz.com", "monterklime.com", "fanoosbattery.com", "laramsmatter.com", "morrolion.com", "itstime4recess.com", "leeurgentcare.com", "panamienne.com", "implementbiosegurityoneline.com", "roseyogacoach.com", "domennyarendi19.net", "antsclassic.win", "soredecoraciones.com", "thelittlejetscompany.com", "culturasoft.net", "aajfw.xyz", "thedreamdistrict.com", "gmgdr.com", "releasement.solutions", "ditrdan.com", "ecoshoplanet.com", "boblikescock.com", "cotizalo.online", "gulastivbgone.xyz", "quelastimamiguelito.com", "tld-qa.com", "14pro.com", "michaeljoycetennis.com", "petrickpetmarket.xyz", "agilearccreations.com", "281as39.xyz"]}

Multi AV Scanner detection for domain / URL

Show sources

Source: www.visitmatchgo.com/duy/

Virustotal: Detection: 7%

Perma Link

Multi AV Scanner detection for submitted file

Show sources

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Virustotal: Detection: 26%			Perma Link
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	ReversingLabs: Detection: 20%

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack, type: UNPACKEDPE

Machine Learning detection for sample

Show sources

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Joe Sandbox ML: detected

Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack

Avira: Label: TR/Crypt.ZPACK.Gen

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: wntdll.pdbUGP source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000005.00000002.338686497.000000000188F000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: www.visitmatchgo.com/duy/

E-Banking Fraud:

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack, type: UNPACKEDPE

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00419D60 NtCreateFile,	5_2_00419D60
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00419E10 NtReadFile,	5_2_00419E10
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00419E90 NtClose,	5_2_00419E90
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00419F40 NtAllocateVirtualMemory,	5_2_00419F40
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00419DB2 NtCreateFile,	5_2_00419DB2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00419E0B NtReadFile,	5_2_00419E0B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9860 NtQuerySystemInformation,LdrInitializeThunk,	5_2_017D9860
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9660 NtAllocateVirtualMemory,LdrInitializeThunk,	5_2_017D9660
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D96E0 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_017D96E0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9950 NtQueueApcThread,	5_2_017D9950
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9910 NtAdjustPrivilegesToken,	5_2_017D9910
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D99D0 NtCreateProcessEx,	5_2_017D99D0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D99A0 NtCreateSection,	5_2_017D99A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017DB040 NtSuspendThread,	5_2_017DB040
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9840 NtDelayExecution,	5_2_017D9840
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9820 NtEnumerateKey,	5_2_017D9820
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D98F0 NtReadVirtualMemory,	5_2_017D98F0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D98A0 NtWriteVirtualMemory,	5_2_017D98A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9B00 NtSetValueKey,	5_2_017D9B00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017DA3B0 NtGetContextThread,	5_2_017DA3B0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9A50 NtCreateFile,	5_2_017D9A50
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9A20 NtResumeThread,	5_2_017D9A20
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9A10 NtQuerySection,	5_2_017D9A10
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9A00 NtProtectVirtualMemory,	5_2_017D9A00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9A80 NtOpenDirectoryObject,	5_2_017D9A80
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9560 NtWriteFile,	5_2_017D9560
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9540 NtReadFile,	5_2_017D9540
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017DAD30 NtSetContextThread,	5_2_017DAD30
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9520 NtWaitForSingleObject,	5_2_017D9520
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D95F0 NtQueryInformationFile,	5_2_017D95F0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D95D0 NtClose,	5_2_017D95D0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017DA770 NtOpenThread,	5_2_017DA770
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9770 NtSetInformationFile,	5_2_017D9770
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9760 NtOpenProcess,	5_2_017D9760
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9730 NtQueryVirtualMemory,	5_2_017D9730
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9710 NtQueryInformationToken,	5_2_017D9710
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017DA710 NtOpenProcessToken,	5_2_017DA710
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9FE0 NtCreateMutant,	5_2_017D9FE0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D97A0 NtUnmapViewOfSection,	5_2_017D97A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9780 NtMapViewOfSection,	5_2_017D9780
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9670 NtQueryInformationProcess,	5_2_017D9670
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9650 NtQueryValueKey,	5_2_017D9650
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D9610 NtEnumerateValueKey,	5_2_017D9610
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D96D0 NtCreateKey,	5_2_017D96D0

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 0_2_00D5A448	0_2_00D5A448
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 0_2_016AC164	0_2_016AC164
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 0_2_016AE5A0	0_2_016AE5A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 0_2_016AE5B0	0_2_016AE5B0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 3_2_002AA448	3_2_002AA448
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 4_2_001DA448	4_2_001DA448
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041E808	5_2_0041E808
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00401030	5_2_00401030
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041D8E1	5_2_0041D8E1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041E8E8	5_2_0041E8E8
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041DB55	5_2_0041DB55
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041D321	5_2_0041D321
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00402D8B	5_2_00402D8B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00402D90	5_2_00402D90
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00409E40	5_2_00409E40
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00409E3B	5_2_00409E3B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041DFCA	5_2_0041DFCA
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00402FB0	5_2_00402FB0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_00BEA448	5_2_00BEA448
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B4120	5_2_017B4120
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179F900	5_2_0179F900
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AC1C0	5_2_017AC1C0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B2990	5_2_017B2990
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018620A8	5_2_018620A8
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA830	5_2_017BA830
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C701D	5_2_017C701D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018628EC	5_2_018628EC
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018560F5	5_2_018560F5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01796800	5_2_01796800
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01851002	5_2_01851002
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0186E824	5_2_0186E824
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C20A0	5_2_017C20A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AB090	5_2_017AB090
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0183EB8A	5_2_0183EB8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B3360	5_2_017B3360
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BAB40	5_2_017BAB40
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185DBD2	5_2_0185DBD2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018503DA	5_2_018503DA
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018423E3	5_2_018423E3
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017E8BE8	5_2_017E8BE8
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185231B	5_2_0185231B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CABD8	5_2_017CABD8
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01862B28	5_2_01862B28
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CEBB0	5_2_017CEBB0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0183CB4F	5_2_0183CB4F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BEB9A	5_2_017BEB9A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C138B	5_2_017C138B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018622AE	5_2_018622AE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018632A9	5_2_018632A9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185E2C5	5_2_0185E2C5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB236	5_2_017BB236
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0184FA2B	5_2_0184FA2B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01855A4F	5_2_01855A4F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852D82	5_2_01852D82
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B2D50	5_2_017B2D50
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01790D20	5_2_01790D20
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018625DD	5_2_018625DD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01862D07	5_2_01862D07
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AD5E0	5_2_017AD5E0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01861D55	5_2_01861D55
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C65A0	5_2_017C65A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2581	5_2_017C2581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B2430	5_2_017B2430
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A841F	5_2_017A841F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4CD4	5_2_017C4CD4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185D466	5_2_0185D466
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0186DFCE	5_2_0186DFCE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018567E2	5_2_018567E2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01861FF1	5_2_01861FF1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01841EB6	5_2_01841EB6
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B6E30	5_2_017B6E30
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01862EF7	5_2_01862EF7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B5600	5_2_017B5600
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185D616	5_2_0185D616
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0181AE60	5_2_0181AE60

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: String function: 01825720 appears 81 times
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: String function: 0179B150 appears 159 times
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: String function: 017ED08C appears 47 times

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Binary or memory string: OriginalFilename vs #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.338465475.0000000003221000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMetroFramework.dll> vs #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.343689465.00000000062A1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Binary or memory string: OriginalFilename vs #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Binary or memory string: OriginalFilename vs #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Binary or memory string: OriginalFilename vs #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000005.00000002.338686497.000000000188F000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Binary or memory string: OriginalFilenameu4tB.exeH vs #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@7/1@0/0

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.log

Jump to behavior

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Virustotal: Detection: 26%
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	ReversingLabs: Detection: 20%

Source: unknown	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe 'C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe'
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}	Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000005.00000002.338686497.000000000188F000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Static PE information: 0xDE084AFD [Fri Jan 16 09:57:17 2088 UTC]

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041E8E8 push dword ptr [CAB1F56Bh]; ret	5_2_0041EB24
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_004196C2 push esi; ret	5_2_004196CB
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041CEB5 push eax; ret	5_2_0041CF08
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041CF6C push eax; ret	5_2_0041CF72
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041CF02 push eax; ret	5_2_0041CF08
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041CF0B push eax; ret	5_2_0041CF72
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0041670C push 9412890Ah; iretd	5_2_00416711
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ED0D1 push ecx; ret	5_2_017ED0E4

Source: initial sample

Static PE information: section name: .text entropy: 7.89372694825

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match

File source: Process Memory Space: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6476, type: MEMORY

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	RDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	RDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Code function: 5_2_00409A90 rdtsc

5_2_00409A90

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe TID: 6480	Thread sleep time: -31500s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe TID: 6520	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Thread delayed: delay time: 31500			Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe, 00000000.00000002.344745287.0000000006736000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Code function: 5_2_00409A90 rdtsc

5_2_00409A90

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Code function: 5_2_017D9860 NtQuerySystemInformation,LdrInitializeThunk,

5_2_017D9860

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179B171 mov eax, dword ptr fs:[00000030h]	5_2_0179B171
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179B171 mov eax, dword ptr fs:[00000030h]	5_2_0179B171
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185A189 mov eax, dword ptr fs:[00000030h]	5_2_0185A189
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185A189 mov ecx, dword ptr fs:[00000030h]	5_2_0185A189
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179C962 mov eax, dword ptr fs:[00000030h]	5_2_0179C962
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018549A4 mov eax, dword ptr fs:[00000030h]	5_2_018549A4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018549A4 mov eax, dword ptr fs:[00000030h]	5_2_018549A4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018549A4 mov eax, dword ptr fs:[00000030h]	5_2_018549A4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018549A4 mov eax, dword ptr fs:[00000030h]	5_2_018549A4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018169A6 mov eax, dword ptr fs:[00000030h]	5_2_018169A6
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179395E mov eax, dword ptr fs:[00000030h]	5_2_0179395E
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179395E mov eax, dword ptr fs:[00000030h]	5_2_0179395E
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0186F1B5 mov eax, dword ptr fs:[00000030h]	5_2_0186F1B5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0186F1B5 mov eax, dword ptr fs:[00000030h]	5_2_0186F1B5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB944 mov eax, dword ptr fs:[00000030h]	5_2_017BB944
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB944 mov eax, dword ptr fs:[00000030h]	5_2_017BB944
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018151BE mov eax, dword ptr fs:[00000030h]	5_2_018151BE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018151BE mov eax, dword ptr fs:[00000030h]	5_2_018151BE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018151BE mov eax, dword ptr fs:[00000030h]	5_2_018151BE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018151BE mov eax, dword ptr fs:[00000030h]	5_2_018151BE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01793138 mov ecx, dword ptr fs:[00000030h]	5_2_01793138
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C513A mov eax, dword ptr fs:[00000030h]	5_2_017C513A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C513A mov eax, dword ptr fs:[00000030h]	5_2_017C513A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B4120 mov eax, dword ptr fs:[00000030h]	5_2_017B4120
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B4120 mov eax, dword ptr fs:[00000030h]	5_2_017B4120
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B4120 mov eax, dword ptr fs:[00000030h]	5_2_017B4120
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B4120 mov eax, dword ptr fs:[00000030h]	5_2_017B4120
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B4120 mov ecx, dword ptr fs:[00000030h]	5_2_017B4120
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018519D8 mov eax, dword ptr fs:[00000030h]	5_2_018519D8
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018689E7 mov eax, dword ptr fs:[00000030h]	5_2_018689E7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018241E8 mov eax, dword ptr fs:[00000030h]	5_2_018241E8
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01799100 mov eax, dword ptr fs:[00000030h]	5_2_01799100
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01799100 mov eax, dword ptr fs:[00000030h]	5_2_01799100
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01799100 mov eax, dword ptr fs:[00000030h]	5_2_01799100
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A0100 mov eax, dword ptr fs:[00000030h]	5_2_017A0100
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A0100 mov eax, dword ptr fs:[00000030h]	5_2_017A0100
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A0100 mov eax, dword ptr fs:[00000030h]	5_2_017A0100
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0179B1E1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0179B1E1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0179B1E1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017931E0 mov eax, dword ptr fs:[00000030h]	5_2_017931E0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AC1C0 mov eax, dword ptr fs:[00000030h]	5_2_017AC1C0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A99C7 mov eax, dword ptr fs:[00000030h]	5_2_017A99C7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A99C7 mov eax, dword ptr fs:[00000030h]	5_2_017A99C7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A99C7 mov eax, dword ptr fs:[00000030h]	5_2_017A99C7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A99C7 mov eax, dword ptr fs:[00000030h]	5_2_017A99C7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CC9BF mov eax, dword ptr fs:[00000030h]	5_2_017CC9BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CC9BF mov eax, dword ptr fs:[00000030h]	5_2_017CC9BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov ecx, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov ecx, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov eax, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov ecx, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov ecx, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov eax, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov ecx, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov ecx, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov eax, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov ecx, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov ecx, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B99BF mov eax, dword ptr fs:[00000030h]	5_2_017B99BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01851951 mov eax, dword ptr fs:[00000030h]	5_2_01851951
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C61A0 mov eax, dword ptr fs:[00000030h]	5_2_017C61A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C61A0 mov eax, dword ptr fs:[00000030h]	5_2_017C61A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A61A7 mov eax, dword ptr fs:[00000030h]	5_2_017A61A7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A61A7 mov eax, dword ptr fs:[00000030h]	5_2_017A61A7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A61A7 mov eax, dword ptr fs:[00000030h]	5_2_017A61A7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A61A7 mov eax, dword ptr fs:[00000030h]	5_2_017A61A7
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01868966 mov eax, dword ptr fs:[00000030h]	5_2_01868966
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185E962 mov eax, dword ptr fs:[00000030h]	5_2_0185E962
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179519E mov eax, dword ptr fs:[00000030h]	5_2_0179519E
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179519E mov ecx, dword ptr fs:[00000030h]	5_2_0179519E
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2990 mov eax, dword ptr fs:[00000030h]	5_2_017C2990
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4190 mov eax, dword ptr fs:[00000030h]	5_2_017C4190
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BC182 mov eax, dword ptr fs:[00000030h]	5_2_017BC182
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CA185 mov eax, dword ptr fs:[00000030h]	5_2_017CA185
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01813884 mov eax, dword ptr fs:[00000030h]	5_2_01813884
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01813884 mov eax, dword ptr fs:[00000030h]	5_2_01813884
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BF86D mov eax, dword ptr fs:[00000030h]	5_2_017BF86D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795050 mov eax, dword ptr fs:[00000030h]	5_2_01795050
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795050 mov eax, dword ptr fs:[00000030h]	5_2_01795050
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795050 mov eax, dword ptr fs:[00000030h]	5_2_01795050
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B0050 mov eax, dword ptr fs:[00000030h]	5_2_017B0050
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B0050 mov eax, dword ptr fs:[00000030h]	5_2_017B0050
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01797057 mov eax, dword ptr fs:[00000030h]	5_2_01797057
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA830 mov eax, dword ptr fs:[00000030h]	5_2_017BA830
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA830 mov eax, dword ptr fs:[00000030h]	5_2_017BA830
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA830 mov eax, dword ptr fs:[00000030h]	5_2_017BA830
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA830 mov eax, dword ptr fs:[00000030h]	5_2_017BA830
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018518CA mov eax, dword ptr fs:[00000030h]	5_2_018518CA
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AB02A mov eax, dword ptr fs:[00000030h]	5_2_017AB02A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AB02A mov eax, dword ptr fs:[00000030h]	5_2_017AB02A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AB02A mov eax, dword ptr fs:[00000030h]	5_2_017AB02A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AB02A mov eax, dword ptr fs:[00000030h]	5_2_017AB02A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C002D mov eax, dword ptr fs:[00000030h]	5_2_017C002D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C002D mov eax, dword ptr fs:[00000030h]	5_2_017C002D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C002D mov eax, dword ptr fs:[00000030h]	5_2_017C002D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C002D mov eax, dword ptr fs:[00000030h]	5_2_017C002D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C002D mov eax, dword ptr fs:[00000030h]	5_2_017C002D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0182B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0182B8D0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0182B8D0 mov ecx, dword ptr fs:[00000030h]	5_2_0182B8D0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0182B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0182B8D0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0182B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0182B8D0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0182B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0182B8D0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0182B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0182B8D0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4020 mov edi, dword ptr fs:[00000030h]	5_2_017C4020
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C701D mov eax, dword ptr fs:[00000030h]	5_2_017C701D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C701D mov eax, dword ptr fs:[00000030h]	5_2_017C701D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C701D mov eax, dword ptr fs:[00000030h]	5_2_017C701D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C701D mov eax, dword ptr fs:[00000030h]	5_2_017C701D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C701D mov eax, dword ptr fs:[00000030h]	5_2_017C701D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C701D mov eax, dword ptr fs:[00000030h]	5_2_017C701D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018560F5 mov eax, dword ptr fs:[00000030h]	5_2_018560F5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018560F5 mov eax, dword ptr fs:[00000030h]	5_2_018560F5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018560F5 mov eax, dword ptr fs:[00000030h]	5_2_018560F5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018560F5 mov eax, dword ptr fs:[00000030h]	5_2_018560F5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01796800 mov eax, dword ptr fs:[00000030h]	5_2_01796800
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01796800 mov eax, dword ptr fs:[00000030h]	5_2_01796800
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01796800 mov eax, dword ptr fs:[00000030h]	5_2_01796800
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28FD mov eax, dword ptr fs:[00000030h]	5_2_017A28FD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28FD mov eax, dword ptr fs:[00000030h]	5_2_017A28FD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28FD mov eax, dword ptr fs:[00000030h]	5_2_017A28FD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01864015 mov eax, dword ptr fs:[00000030h]	5_2_01864015
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01864015 mov eax, dword ptr fs:[00000030h]	5_2_01864015
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017958EC mov eax, dword ptr fs:[00000030h]	5_2_017958EC
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01817016 mov eax, dword ptr fs:[00000030h]	5_2_01817016
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01817016 mov eax, dword ptr fs:[00000030h]	5_2_01817016
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01817016 mov eax, dword ptr fs:[00000030h]	5_2_01817016
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017940E1 mov eax, dword ptr fs:[00000030h]	5_2_017940E1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017940E1 mov eax, dword ptr fs:[00000030h]	5_2_017940E1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017940E1 mov eax, dword ptr fs:[00000030h]	5_2_017940E1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB8E4 mov eax, dword ptr fs:[00000030h]	5_2_017BB8E4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB8E4 mov eax, dword ptr fs:[00000030h]	5_2_017BB8E4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017978D6 mov eax, dword ptr fs:[00000030h]	5_2_017978D6
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017978D6 mov eax, dword ptr fs:[00000030h]	5_2_017978D6
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017978D6 mov ecx, dword ptr fs:[00000030h]	5_2_017978D6
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017970C0 mov eax, dword ptr fs:[00000030h]	5_2_017970C0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017970C0 mov eax, dword ptr fs:[00000030h]	5_2_017970C0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CF0BF mov ecx, dword ptr fs:[00000030h]	5_2_017CF0BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CF0BF mov eax, dword ptr fs:[00000030h]	5_2_017CF0BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CF0BF mov eax, dword ptr fs:[00000030h]	5_2_017CF0BF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01851843 mov eax, dword ptr fs:[00000030h]	5_2_01851843
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D90AF mov eax, dword ptr fs:[00000030h]	5_2_017D90AF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28AE mov eax, dword ptr fs:[00000030h]	5_2_017A28AE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28AE mov eax, dword ptr fs:[00000030h]	5_2_017A28AE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28AE mov eax, dword ptr fs:[00000030h]	5_2_017A28AE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28AE mov ecx, dword ptr fs:[00000030h]	5_2_017A28AE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28AE mov eax, dword ptr fs:[00000030h]	5_2_017A28AE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A28AE mov eax, dword ptr fs:[00000030h]	5_2_017A28AE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C20A0 mov eax, dword ptr fs:[00000030h]	5_2_017C20A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C20A0 mov eax, dword ptr fs:[00000030h]	5_2_017C20A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C20A0 mov eax, dword ptr fs:[00000030h]	5_2_017C20A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C20A0 mov eax, dword ptr fs:[00000030h]	5_2_017C20A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C20A0 mov eax, dword ptr fs:[00000030h]	5_2_017C20A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C20A0 mov eax, dword ptr fs:[00000030h]	5_2_017C20A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C78A0 mov eax, dword ptr fs:[00000030h]	5_2_017C78A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01861074 mov eax, dword ptr fs:[00000030h]	5_2_01861074
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852073 mov eax, dword ptr fs:[00000030h]	5_2_01852073
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01799080 mov eax, dword ptr fs:[00000030h]	5_2_01799080
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01793880 mov eax, dword ptr fs:[00000030h]	5_2_01793880
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01793880 mov eax, dword ptr fs:[00000030h]	5_2_01793880
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0184D380 mov ecx, dword ptr fs:[00000030h]	5_2_0184D380
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3B7A mov eax, dword ptr fs:[00000030h]	5_2_017C3B7A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3B7A mov eax, dword ptr fs:[00000030h]	5_2_017C3B7A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0183EB8A mov ecx, dword ptr fs:[00000030h]	5_2_0183EB8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0183EB8A mov eax, dword ptr fs:[00000030h]	5_2_0183EB8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0183EB8A mov eax, dword ptr fs:[00000030h]	5_2_0183EB8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0183EB8A mov eax, dword ptr fs:[00000030h]	5_2_0183EB8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AF370 mov eax, dword ptr fs:[00000030h]	5_2_017AF370
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AF370 mov eax, dword ptr fs:[00000030h]	5_2_017AF370
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AF370 mov eax, dword ptr fs:[00000030h]	5_2_017AF370
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185138A mov eax, dword ptr fs:[00000030h]	5_2_0185138A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179DB60 mov ecx, dword ptr fs:[00000030h]	5_2_0179DB60
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179F358 mov eax, dword ptr fs:[00000030h]	5_2_0179F358
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01865BA5 mov eax, dword ptr fs:[00000030h]	5_2_01865BA5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3B5A mov eax, dword ptr fs:[00000030h]	5_2_017C3B5A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3B5A mov eax, dword ptr fs:[00000030h]	5_2_017C3B5A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3B5A mov eax, dword ptr fs:[00000030h]	5_2_017C3B5A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3B5A mov eax, dword ptr fs:[00000030h]	5_2_017C3B5A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01851BA8 mov eax, dword ptr fs:[00000030h]	5_2_01851BA8
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01868BB6 mov eax, dword ptr fs:[00000030h]	5_2_01868BB6
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01869BBE mov eax, dword ptr fs:[00000030h]	5_2_01869BBE
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179DB40 mov eax, dword ptr fs:[00000030h]	5_2_0179DB40
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018153CA mov eax, dword ptr fs:[00000030h]	5_2_018153CA
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018153CA mov eax, dword ptr fs:[00000030h]	5_2_018153CA
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018423E3 mov ecx, dword ptr fs:[00000030h]	5_2_018423E3
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018423E3 mov ecx, dword ptr fs:[00000030h]	5_2_018423E3
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018423E3 mov eax, dword ptr fs:[00000030h]	5_2_018423E3
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA309 mov eax, dword ptr fs:[00000030h]	5_2_017BA309
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01791BE9 mov eax, dword ptr fs:[00000030h]	5_2_01791BE9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BDBE9 mov eax, dword ptr fs:[00000030h]	5_2_017BDBE9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185131B mov eax, dword ptr fs:[00000030h]	5_2_0185131B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C03E2 mov eax, dword ptr fs:[00000030h]	5_2_017C03E2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C03E2 mov eax, dword ptr fs:[00000030h]	5_2_017C03E2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C03E2 mov eax, dword ptr fs:[00000030h]	5_2_017C03E2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C03E2 mov eax, dword ptr fs:[00000030h]	5_2_017C03E2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C03E2 mov eax, dword ptr fs:[00000030h]	5_2_017C03E2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C03E2 mov eax, dword ptr fs:[00000030h]	5_2_017C03E2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C53C5 mov eax, dword ptr fs:[00000030h]	5_2_017C53C5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4BAD mov eax, dword ptr fs:[00000030h]	5_2_017C4BAD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4BAD mov eax, dword ptr fs:[00000030h]	5_2_017C4BAD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4BAD mov eax, dword ptr fs:[00000030h]	5_2_017C4BAD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01868B58 mov eax, dword ptr fs:[00000030h]	5_2_01868B58
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BEB9A mov eax, dword ptr fs:[00000030h]	5_2_017BEB9A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BEB9A mov eax, dword ptr fs:[00000030h]	5_2_017BEB9A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01826365 mov eax, dword ptr fs:[00000030h]	5_2_01826365
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01826365 mov eax, dword ptr fs:[00000030h]	5_2_01826365
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01826365 mov eax, dword ptr fs:[00000030h]	5_2_01826365
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2397 mov eax, dword ptr fs:[00000030h]	5_2_017C2397
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CB390 mov eax, dword ptr fs:[00000030h]	5_2_017CB390
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01794B94 mov edi, dword ptr fs:[00000030h]	5_2_01794B94
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A1B8F mov eax, dword ptr fs:[00000030h]	5_2_017A1B8F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A1B8F mov eax, dword ptr fs:[00000030h]	5_2_017A1B8F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C138B mov eax, dword ptr fs:[00000030h]	5_2_017C138B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C138B mov eax, dword ptr fs:[00000030h]	5_2_017C138B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C138B mov eax, dword ptr fs:[00000030h]	5_2_017C138B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D927A mov eax, dword ptr fs:[00000030h]	5_2_017D927A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D5A69 mov eax, dword ptr fs:[00000030h]	5_2_017D5A69
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D5A69 mov eax, dword ptr fs:[00000030h]	5_2_017D5A69
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D5A69 mov eax, dword ptr fs:[00000030h]	5_2_017D5A69
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185129A mov eax, dword ptr fs:[00000030h]	5_2_0185129A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01799240 mov eax, dword ptr fs:[00000030h]	5_2_01799240
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01799240 mov eax, dword ptr fs:[00000030h]	5_2_01799240
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01799240 mov eax, dword ptr fs:[00000030h]	5_2_01799240
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01799240 mov eax, dword ptr fs:[00000030h]	5_2_01799240
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01798239 mov eax, dword ptr fs:[00000030h]	5_2_01798239
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01798239 mov eax, dword ptr fs:[00000030h]	5_2_01798239
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01798239 mov eax, dword ptr fs:[00000030h]	5_2_01798239
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB236 mov eax, dword ptr fs:[00000030h]	5_2_017BB236
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB236 mov eax, dword ptr fs:[00000030h]	5_2_017BB236
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB236 mov eax, dword ptr fs:[00000030h]	5_2_017BB236
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB236 mov eax, dword ptr fs:[00000030h]	5_2_017BB236
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB236 mov eax, dword ptr fs:[00000030h]	5_2_017BB236
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB236 mov eax, dword ptr fs:[00000030h]	5_2_017BB236
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D4A2C mov eax, dword ptr fs:[00000030h]	5_2_017D4A2C
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D4A2C mov eax, dword ptr fs:[00000030h]	5_2_017D4A2C
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BA229 mov eax, dword ptr fs:[00000030h]	5_2_017BA229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01794A20 mov eax, dword ptr fs:[00000030h]	5_2_01794A20
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01794A20 mov eax, dword ptr fs:[00000030h]	5_2_01794A20
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01868ADD mov eax, dword ptr fs:[00000030h]	5_2_01868ADD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B3A1C mov eax, dword ptr fs:[00000030h]	5_2_017B3A1C
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795210 mov eax, dword ptr fs:[00000030h]	5_2_01795210
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795210 mov ecx, dword ptr fs:[00000030h]	5_2_01795210
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795210 mov eax, dword ptr fs:[00000030h]	5_2_01795210
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795210 mov eax, dword ptr fs:[00000030h]	5_2_01795210
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854AEF mov eax, dword ptr fs:[00000030h]	5_2_01854AEF
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179AA16 mov eax, dword ptr fs:[00000030h]	5_2_0179AA16
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179AA16 mov eax, dword ptr fs:[00000030h]	5_2_0179AA16
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A8A0A mov eax, dword ptr fs:[00000030h]	5_2_017A8A0A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov ecx, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017ABA00 mov eax, dword ptr fs:[00000030h]	5_2_017ABA00
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185AA16 mov eax, dword ptr fs:[00000030h]	5_2_0185AA16
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185AA16 mov eax, dword ptr fs:[00000030h]	5_2_0185AA16
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2AE4 mov eax, dword ptr fs:[00000030h]	5_2_017C2AE4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01851229 mov eax, dword ptr fs:[00000030h]	5_2_01851229
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017912D4 mov eax, dword ptr fs:[00000030h]	5_2_017912D4
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01793ACA mov eax, dword ptr fs:[00000030h]	5_2_01793ACA
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2ACB mov eax, dword ptr fs:[00000030h]	5_2_017C2ACB
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795AC0 mov eax, dword ptr fs:[00000030h]	5_2_01795AC0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795AC0 mov eax, dword ptr fs:[00000030h]	5_2_01795AC0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01795AC0 mov eax, dword ptr fs:[00000030h]	5_2_01795AC0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C12BD mov esi, dword ptr fs:[00000030h]	5_2_017C12BD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C12BD mov eax, dword ptr fs:[00000030h]	5_2_017C12BD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C12BD mov eax, dword ptr fs:[00000030h]	5_2_017C12BD
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AAAB0 mov eax, dword ptr fs:[00000030h]	5_2_017AAAB0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AAAB0 mov eax, dword ptr fs:[00000030h]	5_2_017AAAB0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01855A4F mov eax, dword ptr fs:[00000030h]	5_2_01855A4F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01855A4F mov eax, dword ptr fs:[00000030h]	5_2_01855A4F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01855A4F mov eax, dword ptr fs:[00000030h]	5_2_01855A4F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01855A4F mov eax, dword ptr fs:[00000030h]	5_2_01855A4F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CFAB0 mov eax, dword ptr fs:[00000030h]	5_2_017CFAB0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185EA55 mov eax, dword ptr fs:[00000030h]	5_2_0185EA55
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01824257 mov eax, dword ptr fs:[00000030h]	5_2_01824257
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01791AA0 mov eax, dword ptr fs:[00000030h]	5_2_01791AA0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01851A5F mov eax, dword ptr fs:[00000030h]	5_2_01851A5F
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A62A0 mov eax, dword ptr fs:[00000030h]	5_2_017A62A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A62A0 mov eax, dword ptr fs:[00000030h]	5_2_017A62A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A62A0 mov eax, dword ptr fs:[00000030h]	5_2_017A62A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A62A0 mov eax, dword ptr fs:[00000030h]	5_2_017A62A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017952A5 mov eax, dword ptr fs:[00000030h]	5_2_017952A5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017952A5 mov eax, dword ptr fs:[00000030h]	5_2_017952A5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017952A5 mov eax, dword ptr fs:[00000030h]	5_2_017952A5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017952A5 mov eax, dword ptr fs:[00000030h]	5_2_017952A5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017952A5 mov eax, dword ptr fs:[00000030h]	5_2_017952A5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C5AA0 mov eax, dword ptr fs:[00000030h]	5_2_017C5AA0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C5AA0 mov eax, dword ptr fs:[00000030h]	5_2_017C5AA0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0184B260 mov eax, dword ptr fs:[00000030h]	5_2_0184B260
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0184B260 mov eax, dword ptr fs:[00000030h]	5_2_0184B260
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01868A62 mov eax, dword ptr fs:[00000030h]	5_2_01868A62
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CD294 mov eax, dword ptr fs:[00000030h]	5_2_017CD294
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CD294 mov eax, dword ptr fs:[00000030h]	5_2_017CD294
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CDA88 mov eax, dword ptr fs:[00000030h]	5_2_017CDA88
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CDA88 mov eax, dword ptr fs:[00000030h]	5_2_017CDA88
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185B581 mov eax, dword ptr fs:[00000030h]	5_2_0185B581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185B581 mov eax, dword ptr fs:[00000030h]	5_2_0185B581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185B581 mov eax, dword ptr fs:[00000030h]	5_2_0185B581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185B581 mov eax, dword ptr fs:[00000030h]	5_2_0185B581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852D82 mov eax, dword ptr fs:[00000030h]	5_2_01852D82
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852D82 mov eax, dword ptr fs:[00000030h]	5_2_01852D82
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852D82 mov eax, dword ptr fs:[00000030h]	5_2_01852D82
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852D82 mov eax, dword ptr fs:[00000030h]	5_2_01852D82
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852D82 mov eax, dword ptr fs:[00000030h]	5_2_01852D82
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852D82 mov eax, dword ptr fs:[00000030h]	5_2_01852D82
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01852D82 mov eax, dword ptr fs:[00000030h]	5_2_01852D82
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BC577 mov eax, dword ptr fs:[00000030h]	5_2_017BC577
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BC577 mov eax, dword ptr fs:[00000030h]	5_2_017BC577
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B8D76 mov eax, dword ptr fs:[00000030h]	5_2_017B8D76
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B8D76 mov eax, dword ptr fs:[00000030h]	5_2_017B8D76
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B8D76 mov eax, dword ptr fs:[00000030h]	5_2_017B8D76
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B8D76 mov eax, dword ptr fs:[00000030h]	5_2_017B8D76
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B8D76 mov eax, dword ptr fs:[00000030h]	5_2_017B8D76
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018605AC mov eax, dword ptr fs:[00000030h]	5_2_018605AC
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018605AC mov eax, dword ptr fs:[00000030h]	5_2_018605AC
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B7D50 mov eax, dword ptr fs:[00000030h]	5_2_017B7D50
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D4D51 mov eax, dword ptr fs:[00000030h]	5_2_017D4D51
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D4D51 mov eax, dword ptr fs:[00000030h]	5_2_017D4D51
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179354C mov eax, dword ptr fs:[00000030h]	5_2_0179354C
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179354C mov eax, dword ptr fs:[00000030h]	5_2_0179354C
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D3D43 mov eax, dword ptr fs:[00000030h]	5_2_017D3D43
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4D3B mov eax, dword ptr fs:[00000030h]	5_2_017C4D3B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4D3B mov eax, dword ptr fs:[00000030h]	5_2_017C4D3B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C4D3B mov eax, dword ptr fs:[00000030h]	5_2_017C4D3B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01816DC9 mov eax, dword ptr fs:[00000030h]	5_2_01816DC9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01816DC9 mov eax, dword ptr fs:[00000030h]	5_2_01816DC9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01816DC9 mov eax, dword ptr fs:[00000030h]	5_2_01816DC9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01816DC9 mov ecx, dword ptr fs:[00000030h]	5_2_01816DC9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01816DC9 mov eax, dword ptr fs:[00000030h]	5_2_01816DC9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01816DC9 mov eax, dword ptr fs:[00000030h]	5_2_01816DC9
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179AD30 mov eax, dword ptr fs:[00000030h]	5_2_0179AD30
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017A3D34 mov eax, dword ptr fs:[00000030h]	5_2_017A3D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0184FDD3 mov eax, dword ptr fs:[00000030h]	5_2_0184FDD3
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CF527 mov eax, dword ptr fs:[00000030h]	5_2_017CF527
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CF527 mov eax, dword ptr fs:[00000030h]	5_2_017CF527
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CF527 mov eax, dword ptr fs:[00000030h]	5_2_017CF527
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179751A mov eax, dword ptr fs:[00000030h]	5_2_0179751A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179751A mov eax, dword ptr fs:[00000030h]	5_2_0179751A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179751A mov eax, dword ptr fs:[00000030h]	5_2_0179751A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0179751A mov eax, dword ptr fs:[00000030h]	5_2_0179751A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185FDE2 mov eax, dword ptr fs:[00000030h]	5_2_0185FDE2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185FDE2 mov eax, dword ptr fs:[00000030h]	5_2_0185FDE2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185FDE2 mov eax, dword ptr fs:[00000030h]	5_2_0185FDE2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185FDE2 mov eax, dword ptr fs:[00000030h]	5_2_0185FDE2
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01848DF1 mov eax, dword ptr fs:[00000030h]	5_2_01848DF1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0183CD04 mov eax, dword ptr fs:[00000030h]	5_2_0183CD04
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017995F0 mov eax, dword ptr fs:[00000030h]	5_2_017995F0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017995F0 mov ecx, dword ptr fs:[00000030h]	5_2_017995F0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C95EC mov eax, dword ptr fs:[00000030h]	5_2_017C95EC
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AD5E0 mov eax, dword ptr fs:[00000030h]	5_2_017AD5E0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AD5E0 mov eax, dword ptr fs:[00000030h]	5_2_017AD5E0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01853518 mov eax, dword ptr fs:[00000030h]	5_2_01853518
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01853518 mov eax, dword ptr fs:[00000030h]	5_2_01853518
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01853518 mov eax, dword ptr fs:[00000030h]	5_2_01853518
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01868D34 mov eax, dword ptr fs:[00000030h]	5_2_01868D34
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0181A537 mov eax, dword ptr fs:[00000030h]	5_2_0181A537
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017915C1 mov eax, dword ptr fs:[00000030h]	5_2_017915C1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_0185E539 mov eax, dword ptr fs:[00000030h]	5_2_0185E539
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01813540 mov eax, dword ptr fs:[00000030h]	5_2_01813540
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01848D47 mov eax, dword ptr fs:[00000030h]	5_2_01848D47
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01843D40 mov eax, dword ptr fs:[00000030h]	5_2_01843D40
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C1DB5 mov eax, dword ptr fs:[00000030h]	5_2_017C1DB5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C1DB5 mov eax, dword ptr fs:[00000030h]	5_2_017C1DB5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C1DB5 mov eax, dword ptr fs:[00000030h]	5_2_017C1DB5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C65A0 mov eax, dword ptr fs:[00000030h]	5_2_017C65A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C65A0 mov eax, dword ptr fs:[00000030h]	5_2_017C65A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C65A0 mov eax, dword ptr fs:[00000030h]	5_2_017C65A0
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C35A1 mov eax, dword ptr fs:[00000030h]	5_2_017C35A1
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CFD9B mov eax, dword ptr fs:[00000030h]	5_2_017CFD9B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CFD9B mov eax, dword ptr fs:[00000030h]	5_2_017CFD9B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01793591 mov eax, dword ptr fs:[00000030h]	5_2_01793591
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01792D8A mov eax, dword ptr fs:[00000030h]	5_2_01792D8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01792D8A mov eax, dword ptr fs:[00000030h]	5_2_01792D8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01792D8A mov eax, dword ptr fs:[00000030h]	5_2_01792D8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01792D8A mov eax, dword ptr fs:[00000030h]	5_2_01792D8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01792D8A mov eax, dword ptr fs:[00000030h]	5_2_01792D8A
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2581 mov eax, dword ptr fs:[00000030h]	5_2_017C2581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2581 mov eax, dword ptr fs:[00000030h]	5_2_017C2581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2581 mov eax, dword ptr fs:[00000030h]	5_2_017C2581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C2581 mov eax, dword ptr fs:[00000030h]	5_2_017C2581
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CAC7B mov eax, dword ptr fs:[00000030h]	5_2_017CAC7B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017BB477 mov eax, dword ptr fs:[00000030h]	5_2_017BB477
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017D5C70 mov eax, dword ptr fs:[00000030h]	5_2_017D5C70
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01854496 mov eax, dword ptr fs:[00000030h]	5_2_01854496
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B746D mov eax, dword ptr fs:[00000030h]	5_2_017B746D
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01869CB3 mov eax, dword ptr fs:[00000030h]	5_2_01869CB3
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017CA44B mov eax, dword ptr fs:[00000030h]	5_2_017CA44B
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018264B5 mov eax, dword ptr fs:[00000030h]	5_2_018264B5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_018264B5 mov eax, dword ptr fs:[00000030h]	5_2_018264B5
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_01794439 mov eax, dword ptr fs:[00000030h]	5_2_01794439
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3C3E mov eax, dword ptr fs:[00000030h]	5_2_017C3C3E
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3C3E mov eax, dword ptr fs:[00000030h]	5_2_017C3C3E
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017C3C3E mov eax, dword ptr fs:[00000030h]	5_2_017C3C3E
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AB433 mov eax, dword ptr fs:[00000030h]	5_2_017AB433
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AB433 mov eax, dword ptr fs:[00000030h]	5_2_017AB433
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017AB433 mov eax, dword ptr fs:[00000030h]	5_2_017AB433
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Code function: 5_2_017B2430 mov eax, dword ptr fs:[00000030h]	5_2_017B2430

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Process created: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe {path}	Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Queries volume information: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection11	Masquerading1	OS Credential Dumping	Security Software Discovery221	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Disable or Modify Tools1	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion31	Security Account Manager	Virtualization/Sandbox Evasion31	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection11	NTDS	System Information Discovery112	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Deobfuscate/Decode Files or Information1	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information3	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Software Packing3	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Timestomp1	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	27%	Virustotal		Browse
#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	21%	ReversingLabs	ByteCode-MSIL.Trojan.Woreflint
#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
5.2.#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
www.visitmatchgo.com/duy/	7%	Virustotal		Browse
www.visitmatchgo.com/duy/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
www.visitmatchgo.com/duy/	true	7%, Virustotal, Browse Avira URL Cloud: safe	low

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	385277
Start date:	12.04.2021
Start time:	09:30:08
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@7/1@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 1% (good quality ratio 1%) Quality average: 82% Quality standard deviation: 24.9%
HCA Information:	Successful, ratio: 100% Number of executed functions: 26 Number of non-executed functions: 224
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Stop behavior analysis, all processes terminated
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe

Simulations

Behavior and APIs

Time	Type	Description
09:30:58	API Interceptor	1x Sleep call for process: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe.log Download File
Process:	C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.355304211458859
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
MD5:	FED34146BF2F2FA59DCF8702FCC8232E
SHA1:	B03BFEA175989D989850CF06FE5E7BBF56EAA00A
SHA-256:	123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
SHA-512:	1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.88721653299409
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
File size:	698880
MD5:	525cb22afe0244e45b2831b243b27a68
SHA1:	df33a4a91f50e49ee7c3283b1022024fca7ceade
SHA256:	bcbdc1722d82cfdd00d6748654937dd6e79b81661df159ea9387d61f3ed38034
SHA512:	369ccf65d7a03a981c13a223e67ae02665cfd41fdacfbb9c5ab300c61556d0161938e8baa32631da7425e14ac344c0e34bd71b56dcc59e33703b625d20b72d01
SSDEEP:	12288:eUA8Dpprq/7mz98ARu519pEpCPXD3XkeXxSHnob0agtjty2PouxcM1:eUA8iy5NO1YGnzQZnyIL
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J................0.................. ........@.. ....................................@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x4abf1e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0xDE084AFD [Fri Jan 16 09:57:17 2088 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xabecc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xac000	0x5f8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xae000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xabeb0	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xa9f24	0xaa000	False	0.903818646599	data	7.89372694825	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0xac000	0x5f8	0x600	False	0.438802083333	data	4.22543998316	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xae000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0xac090	0x366	data
RT_MANIFEST	0xac408	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright Integra Wealth
Assembly Version	1.8.9.10
InternalName	u4tB.exe
FileVersion	1.9.1.0
CompanyName	Integra Wealth
LegalTrademarks
Comments
ProductName	ReplacementFallback
ProductVersion	1.9.1.0
FileDescription	ReplacementFallback
OriginalFilename	u4tB.exe

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6476 Parent PID: 5964

General

Start time:	09:30:57
Start date:	12/04/2021
Path:	C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe'
Imagebase:	0xd50000
File size:	698880 bytes
MD5 hash:	525CB22AFE0244E45B2831B243B27A68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.338606384.0000000004249000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Chronological Activities

Analysis Process: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6616 Parent PID: 6476

General

Start time:	09:31:01
Start date:	12/04/2021
Path:	C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Wow64 process (32bit):	false
Commandline:	{path}
Imagebase:	0x2a0000
File size:	698880 bytes
MD5 hash:	525CB22AFE0244E45B2831B243B27A68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6632 Parent PID: 6476

General

Start time:	09:31:01
Start date:	12/04/2021
Path:	C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Wow64 process (32bit):	false
Commandline:	{path}
Imagebase:	0x1d0000
File size:	698880 bytes
MD5 hash:	525CB22AFE0244E45B2831B243B27A68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6644 Parent PID: 6476

General

Start time:	09:31:02
Start date:	12/04/2021
Path:	C:\Users\user\Desktop\#Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0xbe0000
File size:	698880 bytes
MD5 hash:	525CB22AFE0244E45B2831B243B27A68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6476 Parent PID: 5964 #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exeCOMMON

Executed Functions

Function 016AE5A0, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca38fd937fbfff68cfaeec7e62acc8cccf5a373ed82a22edc6f308c2008f1654
Instruction ID: a43fb441638adcc75428ff9b33a3b66c1559156dc8ca1755de273b888d80bda0
Opcode Fuzzy Hash: ca38fd937fbfff68cfaeec7e62acc8cccf5a373ed82a22edc6f308c2008f1654
Instruction Fuzzy Hash: CEC14DB1A117468FDB34DF6AF8881897BB1FB85328F504308D1616BAD8D7B4764ACF84

Uniqueness

Uniqueness Score: -1.00%

Function 016AB6C1, Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 016AB730
GetCurrentThread.KERNEL32 ref: 016AB76D
GetCurrentProcess.KERNEL32 ref: 016AB7AA
GetCurrentThreadId.KERNEL32 ref: 016AB803

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 018f947a6f0448e7dfbc86c2f0d0cca098db6545d0893b907634aca7b0354294
Instruction ID: fd92825e91879e38683866a373d26a34d53b01ffb2537bb2b32a8f73b997bf36
Opcode Fuzzy Hash: 018f947a6f0448e7dfbc86c2f0d0cca098db6545d0893b907634aca7b0354294
Instruction Fuzzy Hash: 195153B09006498FEB24CFA9D948BAEBFF0BF49314F248059E119A7350D774A988CF65

Uniqueness

Uniqueness Score: -1.00%

Function 016AB6D0, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 016AB730
GetCurrentThread.KERNEL32 ref: 016AB76D
GetCurrentProcess.KERNEL32 ref: 016AB7AA
GetCurrentThreadId.KERNEL32 ref: 016AB803

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 55c7b4f8a6f8cdc52b4e0eb60a9b90e7ec53d19433e58ac0da85dacc4ba7de1e
Instruction ID: a7a3853217a2def35fb850c4b29414cdd5f577774b07f453da1252cb997243dc
Opcode Fuzzy Hash: 55c7b4f8a6f8cdc52b4e0eb60a9b90e7ec53d19433e58ac0da85dacc4ba7de1e
Instruction Fuzzy Hash: FA5154B09006498FEB24CFA9D948BAEBBF0FF49314F248459E119A7350D774A984CF65

Uniqueness

Uniqueness Score: -1.00%

Function 016AFD2C, Relevance: 1.6, APIs: 1, Instructions: 117COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 016AFE4A

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: bb4fb5b61acdbe3ae2db77dad159b83828ea4001b39d029f6594f2c936cb6451
Instruction ID: 0aa5530bc2d869ad6e846ab0f3565faf3f9284fc593f80b02d38e6f136414ab8
Opcode Fuzzy Hash: bb4fb5b61acdbe3ae2db77dad159b83828ea4001b39d029f6594f2c936cb6451
Instruction Fuzzy Hash: 7151EEB1D00209AFDB14CFA9C884ADEBBB5BF88314F24856AE919AB210D7719845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 016AFD38, Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 016AFE4A

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: fab4faff41d02cdf767ad5e93a2b166251fded4770299e0b602bab850d02f280
Instruction ID: b378d36180abab0c797b718f96159ad41bc67dc36fddb9bac6314e43cdf63b61
Opcode Fuzzy Hash: fab4faff41d02cdf767ad5e93a2b166251fded4770299e0b602bab850d02f280
Instruction Fuzzy Hash: 2841DFB1D00309AFDB14CF99C884ADEBBB5BF88310F64852AE519AB210D7709845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 016A5365, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 016A5421

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: de30f6148a2a06ef56c1e8e2b8cb7c26a7bb11bd6e0fcdba84f3598432c1ce1d
Instruction ID: 2ee02fded9ac8db6e91a4579d9e3d9462e1983e409bb917c89d2b4944e4d440b
Opcode Fuzzy Hash: de30f6148a2a06ef56c1e8e2b8cb7c26a7bb11bd6e0fcdba84f3598432c1ce1d
Instruction Fuzzy Hash: 17410471D00628CFDB24DFA9C8847CEBBB5FF49308F208069D509AB251DB756946CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 016A3DE8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 016A5421

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 909ccb06d00c49b3e3777142926ffa8341d3bd1124fb656efeb4bf7a6a7224ac
Instruction ID: ce3cac0d8e90474e8d27518d116e9329c456e9254b63ea15e1e0ad7008fb7b43
Opcode Fuzzy Hash: 909ccb06d00c49b3e3777142926ffa8341d3bd1124fb656efeb4bf7a6a7224ac
Instruction Fuzzy Hash: 88410370D04628CFDB24DFA9C8847CEBBB5FF48304F608069D509AB251DB75694ACFA0

Uniqueness

Uniqueness Score: -1.00%

Function 016AB8F0, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016AB97F

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 40067236668f89c895e502329e3a02c0bada5af29fdbe0627f6769501418c1f2
Instruction ID: f0e85afb63d04abab2285981cf42a2e7f85b706498d355d61d3a6b25ac7ddf82
Opcode Fuzzy Hash: 40067236668f89c895e502329e3a02c0bada5af29fdbe0627f6769501418c1f2
Instruction Fuzzy Hash: FC21E3B5900358AFDB10CFA9D884ADEBFF8FB49324F14845AE954A7310D374A944DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 016AB8F8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016AB97F

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2112e9fd8d208bac368ec800675de078cdc06ce5b9608fe18a8648d7f3c01e6b
Instruction ID: df4b074857eca30b454063dec0aec382243919d2916fbdb77c6ac95afc6940e5
Opcode Fuzzy Hash: 2112e9fd8d208bac368ec800675de078cdc06ce5b9608fe18a8648d7f3c01e6b
Instruction Fuzzy Hash: 1221D5B5D002189FDB10CFA9D884ADEFBF8FB48324F14841AE954A7310D374A954DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 016A9478, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016A9951,00000800,00000000,00000000), ref: 016A9B62

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 008ce00d2ce7c6e760c8bcf2a31f01d39db9fbab4963055dd16af42acae29452
Instruction ID: 4992aa90dfea87597774b2c04621765f3937e7352ce5aacd1b95419456d671d0
Opcode Fuzzy Hash: 008ce00d2ce7c6e760c8bcf2a31f01d39db9fbab4963055dd16af42acae29452
Instruction Fuzzy Hash: CF11E4B69003099FDB10DF9AC844ADEFBF8EB88724F54852EE515A7700C774A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 016A9AF0, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016A9951,00000800,00000000,00000000), ref: 016A9B62

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 19f1cdb93086c632212fd4887961800fe955ca267750ba28ce9898783f696358
Instruction ID: fae5253a09ed4be4afd32c2b6c8e2ff5f6e6722443575ce51dd30525fb37ca0c
Opcode Fuzzy Hash: 19f1cdb93086c632212fd4887961800fe955ca267750ba28ce9898783f696358
Instruction Fuzzy Hash: D11103B29002098FDB10CFAAC844ADFFBF4AF88324F54852EE555A7210C375A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 016A9869, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 016A98D6

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 14b92c35637ca2fc3d9a03c17905dc208a426faa59064f9e8864e4924630088d
Instruction ID: b94b17e86f365cc8c5277c7dbd72da077c1c3f330092a6c947f2147817951eaa
Opcode Fuzzy Hash: 14b92c35637ca2fc3d9a03c17905dc208a426faa59064f9e8864e4924630088d
Instruction Fuzzy Hash: 2611EFB1C006098FDB20CF9AD844ADEFBF4EF88324F15896AD469A7610C375A546CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 016A9870, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 016A98D6

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: d2843eb27f780e8b52e163052dc77d0ee1b767617a3b0709efbadd6b6dfd4299
Instruction ID: fc981539208ef44729bb813101779774d93d7e0c54b2f752baa982c6438de75d
Opcode Fuzzy Hash: d2843eb27f780e8b52e163052dc77d0ee1b767617a3b0709efbadd6b6dfd4299
Instruction Fuzzy Hash: 611102B1C002098FDB10CF9AC844ADEFBF8EB88324F15842AD419A7700C374A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00D5A448, Relevance: .6, Instructions: 607
COMMONCrypto

Download Yara Rule

C-Code - Quality: 67%

			E00D5A448(intOrPtr* __eax, intOrPtr* __ebx, signed int __ecx, signed char __edx, signed int __edi, signed int __esi) {
				intOrPtr* _t234;
				signed char _t235;
				signed char _t236;
				signed int _t237;
				signed int _t238;
				signed char _t239;
				signed int _t240;
				signed char _t241;
				signed int _t244;
				signed int _t246;
				signed int _t248;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed int _t254;
				signed int _t255;
				intOrPtr* _t257;
				intOrPtr* _t258;
				void* _t260;
				intOrPtr* _t262;
				signed int* _t264;
				intOrPtr* _t265;
				signed int _t266;
				signed int _t267;
				void* _t269;
				void* _t270;
				intOrPtr* _t272;
				intOrPtr* _t273;
				signed int* _t275;
				signed int* _t277;
				intOrPtr* _t278;
				signed char _t279;
				signed int _t281;
				signed char _t282;
				signed char _t283;
				intOrPtr* _t286;
				signed char _t289;
				signed char _t291;
				signed char _t293;
				signed char _t294;
				signed char _t295;
				signed char _t296;
				signed char _t298;
				signed int _t305;
				signed int _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				intOrPtr* _t310;
				intOrPtr* _t311;
				void* _t313;
				void* _t314;
				void* _t316;
				void* _t318;
				signed int _t321;
				signed char _t322;
				signed char _t323;
				signed char _t324;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed char _t330;
				signed char _t331;
				signed char _t332;
				void* _t333;
				void* _t334;
				signed char _t336;
				intOrPtr* _t338;
				intOrPtr* _t339;
				void* _t340;
				signed int* _t341;
				signed char _t342;
				signed int _t344;
				signed int _t345;
				void* _t347;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				void* _t352;
				signed int _t353;
				signed int _t354;
				intOrPtr _t385;
				signed int _t386;
				intOrPtr _t387;
				intOrPtr _t389;
				void* _t390;
				signed int _t391;

				_t345 = __esi;
				_t344 = __edi;
				_t322 = __edx;
				_t286 = __ebx;
				_t352 = _t347;
				_pop(_t348);
				 *__eax =  *__eax + __eax;
				_t234 = __eax + 0x6f;
				 *_t234 = 0;
				_t298 = __ecx |  *__edx;
				_push(es);
				if(_t298 != 0) {
					 *_t234 =  *_t234 + _t234;
					 *__ebx =  *__ebx + _t298;
					_pop(es);
					_t281 = _t234 -  *_t234 -  *((intOrPtr*)(_t234 -  *_t234));
					 *_t281 =  *_t281 + _t281;
					asm("adc esi, [eax]");
					 *_t281 =  *_t281 + _t281;
					_t282 = _t281 |  *_t281;
					 *_t282 =  *_t282 + _t282;
					_t283 = _t282 & 0x00000000;
					 *_t298 =  *_t298 + __edx;
					 *((intOrPtr*)(__esi - 0x36)) =  *((intOrPtr*)(__esi - 0x36)) + __ebx;
					 *_t283 =  *_t283 + _t283;
					do {
						_push(es);
						_t283 = _t283 + 0xa -  *((intOrPtr*)(_t283 + 0xa)) -  *__edx;
						_t298 = _t298 +  *_t283;
						 *_t283 = 0x2a000a00;
						_push(__esi);
					} while (_t298 >= 0);
					 *_t283 =  *_t283 + _t283;
					_push(es);
				}
				_t235 = _t234 - _t298;
				 *_t235 =  *_t235 + _t235;
				_t323 = _t322 |  *(_t322 + _t286);
				 *_t323 =  *_t323 + _t235;
				_t324 = _t323;
				 *((intOrPtr*)(_t324 + _t348)) =  *((intOrPtr*)(_t324 + _t348)) + _t235;
				 *_t235 =  *_t235 + _t235;
				_push(_t286);
				_t327 = _t324 + 1 - 1 + 1;
				 *_t235 =  *_t235 + _t235;
				 *_t235 =  *_t235 + _t235;
				 *_t235 =  *_t235 + _t235;
				 *_t235 =  *_t235 + _t235;
				_t236 = _t235;
				 *_t236 =  *_t236 + _t236;
				if( *_t236 <= 0) {
					L7:
					 *_t236 =  *_t236 + _t236;
					_t328 = _t327 &  *(_t348 + 0x53);
					 *((intOrPtr*)(_t236 + 0x10000067)) =  *((intOrPtr*)(_t236 + 0x10000067)) + _t328;
					 *_t236 =  *_t236 + _t236;
					 *_t286 =  *_t286 + _t236;
					_t344 = _t344 + 1;
					_push(_t348);
					_t298 = _t298 - 1;
					_t352 = _t352 + 1;
					 *_t236 =  *_t236 + _t236;
					_t237 = _t236 + _t236;
					_t18 = _t286 + _t345;
					 *_t18 =  *((intOrPtr*)(_t286 + _t345)) + _t237;
					if( *_t18 >= 0) {
						 *_t237 =  *_t237 + _t237;
						_t237 = _t237 &  *(_t328 + 0x6c);
						asm("outsd");
						asm("bound eax, [eax]");
					}
					 *_t237 =  *_t237 + _t237;
					 *_t237 =  *_t237 + _t237;
					 *_t237 =  *_t237 + _t237;
					 *_t328 =  *_t328 + _t237;
					 *_t237 =  *_t237 + _t237;
					 *((intOrPtr*)(_t344 + 0x15)) =  *((intOrPtr*)(_t344 + 0x15)) + _t328;
					 *0x10909 = _t237;
					 *_t237 =  *_t237 + _t237;
					asm("cli");
					 *_t286 =  *_t286 + _t345;
					 *_t345 =  *_t345 + _t328;
					 *_t237 =  *_t237 + _t237;
					 *_t237 =  *_t237 + _t237;
					 *_t237 =  *_t237 + _t237;
					 *((intOrPtr*)(_t286 + _t345)) =  *((intOrPtr*)(_t286 + _t345)) + _t237;
					 *_t328 =  *_t328 + _t286;
					 *_t237 =  *_t237 + _t237;
					_t329 = _t328 + _t298;
					 *_t237 =  *_t237 + _t237;
					 *_t237 =  *_t237 + _t237;
					_t286 = _t286 + _t298 + _t298;
					 *_t237 =  *_t237 + _t237;
					_t236 = _t237 + _t298;
					 *_t236 =  *_t236 + _t236;
					 *_t345 =  *_t345 + _t329;
					 *_t236 =  *_t236 + _t236;
				} else {
					 *[cs:esi] =  *[cs:esi] ^ _t298;
					_t345 = _t345 ^  *_t236 ^  *_t298;
					 *_t236 =  *_t236 + _t236;
					 *0x6c00 =  *0x6c00 + _t236;
					 *((intOrPtr*)(_t352 + 0x7e230000)) =  *((intOrPtr*)(_t352 + 0x7e230000)) + _t286;
					 *_t236 =  *_t236 + _t236;
					 *0x206c0000 =  *0x206c0000 - _t236;
					 *_t236 =  *_t236 + _t236;
					_t329 = _t327 &  *(_t286 + 0x74);
					if(_t329 >= 0) {
						asm("outsb");
						asm("a16 jae 0x3");
						 *_t236 =  *_t236 + _t236;
						 *((intOrPtr*)(_t348 + 0x221c0000 + _t236 * 2)) =  *((intOrPtr*)(_t348 + 0x221c0000 + _t236 * 2)) + _t329;
						goto L7;
					}
				}
				 *_t236 =  *_t236 + _t236;
				_t238 = _t236 & 0x00000000;
				 *_t238 =  *_t238 + _t238;
				_t239 = _t238 |  *_t238;
				 *_t239 =  *_t239 + _t239;
				 *_t239 =  *_t239 & _t239;
				 *_t239 =  *_t239 + _t239;
				 *_t239 =  *_t239 + _t239;
				 *_t298 =  *_t298 + _t239;
				 *_t239 =  *_t239 + _t239;
				 *0xf000000 =  *0xf000000 + _t239;
				 *_t239 =  *_t239 + _t239;
				 *_t239 =  *_t239 + _t239;
				 *((intOrPtr*)(_t286 + 0xc)) =  *((intOrPtr*)(_t286 + 0xc)) + _t286;
				 *_t239 =  *_t239 + _t239;
				 *_t239 =  *_t239 + _t239;
				 *_t239 =  *_t239 + _t239;
				_push(es);
				 *((intOrPtr*)(_t286 + 0x616fc0b)) =  *((intOrPtr*)(_t286 + 0x616fc0b)) + _t329;
				 *_t239 =  *_t239 + _t239;
				_t240 = _t239 | 0x000000fc;
				_push(ss);
				_push(es);
				 *((intOrPtr*)(_t345 + 0xf16ca0a)) =  *((intOrPtr*)(_t345 + 0xf16ca0a)) + _t298;
				 *((intOrPtr*)(_t345 + 0x6000019)) =  *((intOrPtr*)(_t345 + 0x6000019)) + _t298;
				_t305 = _t298 |  *(_t345 + 0x76000613) |  *(_t345 + 0x57000613) |  *(_t345 - 0x18fff9ed) |  *(_t345 - 0x4cfff9ed) |  *(_t345 - 0x33fff9ed) |  *(_t345 + 0x6000613) |  *(_t345 - 0x24fff9ed);
				_t289 = _t286 + _t298 | _t305;
				_push(ss);
				_push(es);
				 *((intOrPtr*)(_t329 + _t305 - 0x23)) =  *((intOrPtr*)(_t329 + _t305 - 0x23)) + _t305;
				_push(ss);
				_push(es);
				 *_t329 =  *_t329 + _t289;
				_t306 = _t305 |  *(_t345 + 0x21000613);
				_t349 = _t348 |  *(_t348 + 0x3c00060c);
				asm("sbb al, 0x35");
				asm("adc [edx], ecx");
				_t330 = _t329 + _t240;
				asm("adc cl, al");
				asm("sbb cl, [edx]");
				 *((intOrPtr*)(_t345 + 0x11)) =  *((intOrPtr*)(_t345 + 0x11)) + _t240;
				asm("rcr dword [edx], 0xe");
				_t48 = _t240 + 0x16;
				 *_t48 =  *((intOrPtr*)(_t240 + 0x16)) + _t306;
				if( *_t48 == 0) {
					_t240 = _t240 |  *_t240;
					_t330 =  *_t240 * 0xa1ac1;
					asm("sbb bl, [edi]");
					asm("rcr dword [edx], 0xa");
					 *((intOrPtr*)(_t349 + 0x14)) =  *((intOrPtr*)(_t349 + 0x14)) + _t330;
				}
				asm("rcr dword [edx], 0xa");
				 *((intOrPtr*)(_t330 + 0x15)) =  *((intOrPtr*)(_t330 + 0x15)) + _t240;
				asm("rcr dword [edx], 0x6");
				 *((intOrPtr*)(_t289 + 0x1a)) =  *((intOrPtr*)(_t289 + 0x1a)) + _t289;
				_t241 = _t240 ^ 0x49001211;
				asm("adc al, 0x85");
				asm("sbb eax, 0x5420012");
				if(( *0x1a3b000e & _t289) == 0) {
					_t279 = _t241 |  *_t241;
					_t344 = 0x61ac11c;
					 *((intOrPtr*)(_t330 + 0x6171c15)) =  *((intOrPtr*)(_t330 + 0x6171c15)) + _t279;
					_t241 = _t279 + _t289;
					asm("sbb eax, 0x61b12");
				}
				asm("adc bl, [ebx]");
				_push(es);
				 *0x6138e20 =  *0x6138e20 + _t241;
				 *_t345 =  *_t345 + _t330;
				 *0x80000611 =  *0x80000611 | _t345;
				asm("adc al, 0x8e");
				asm("adc eax, [esi]");
				 *_t345 =  *_t345 + _t289;
				_t331 = _t330 |  *0x41000a11;
				_push(ds);
				asm("rcr dword [edx], 0xa");
				 *((intOrPtr*)(_t331 + 0xa1ac106)) =  *((intOrPtr*)(_t331 + 0xa1ac106)) + _t306;
				 *((intOrPtr*)(_t289 + _t331)) =  *((intOrPtr*)(_t289 + _t331)) + _t241;
				asm("rcr dword [edx], 0xa");
				_t307 = _t306 + _t241;
				asm("adc ecx, eax");
				asm("sbb al, [esi]");
				 *_t307 =  *_t307 + _t331;
				 *_t241 =  *_t241 + _t307;
				_t332 = _t331 +  *_t331;
				 *((intOrPtr*)(_t345 + 0x15)) =  *((intOrPtr*)(_t345 + 0x15)) + _t241;
				asm("rcr dword [edx], 0x12");
				 *((intOrPtr*)(_t345 + 7)) =  *((intOrPtr*)(_t345 + 7)) + _t241;
				asm("adc eax, [edx]");
				_t308 = _t307 + _t332;
				 *0x11000a11 =  *0x11000a11 | _t332;
				ds = es;
				asm("rcr dword [edx], 0xe");
				 *((intOrPtr*)(_t332 + 0xa)) =  *((intOrPtr*)(_t332 + 0xa)) + _t289;
				 *_t345 =  *_t345 ^ _t332;
				_push(es);
				 *((intOrPtr*)(_t308 + 0x616ca0a)) =  *((intOrPtr*)(_t308 + 0x616ca0a)) + _t332;
				 *((intOrPtr*)(_t308 + 0xa)) =  *((intOrPtr*)(_t308 + 0xa)) + _t332;
				asm("cld");
				_push(ss);
				_push(es);
				 *((intOrPtr*)(_t289 + 0x16137914)) =  *((intOrPtr*)(_t289 + 0x16137914)) + _t308;
				 *((intOrPtr*)(_t345 + 0xe0df814)) =  *((intOrPtr*)(_t345 + 0xe0df814)) + _t289;
				 *_t332 =  *_t332 + _t241;
				_t333 = _t332 + _t241;
				_t291 = _t289 |  *(_t332 + 0x10) |  *(_t333 + 0x10);
				 *((intOrPtr*)(_t308 + 9)) =  *((intOrPtr*)(_t308 + 9)) + _t291;
				asm("adc ecx, [fs:edx]");
				_t309 = _t308 + _t333;
				asm("adc cl, al");
				asm("sbb cl, [edx]");
				_t334 = _t333 + _t333;
				asm("adc cl, al");
				asm("sbb cl, [edx]");
				 *_t345 =  *_t345 + _t241;
				ds = cs;
				asm("rcr dword [edx], 0xa");
				 *_t344 =  *_t344 + _t241;
				asm("sbb eax, 0x61ac1");
				asm("fisttp dword [esi+0x3c001211]");
				asm("adc al, 0x62");
				asm("adc al, 0x12");
				 *_t241 =  *_t241 + _t291;
				asm("aam 0x1d");
				es = cs;
				_t244 = _t241 + 0x00061462 ^ 0x19000800;
				_push(ss);
				if(_t244 == 0) {
					_push(cs);
					 *((intOrPtr*)(_t309 + 0x16107a0c)) =  *((intOrPtr*)(_t309 + 0x16107a0c)) + _t309;
					 *((intOrPtr*)(_t291 + 0x160df81d)) =  *((intOrPtr*)(_t291 + 0x160df81d)) + _t291;
					 *((intOrPtr*)(_t352 + _t309 + 0x60df8)) =  *((intOrPtr*)(_t352 + _t309 + 0x60df8)) + _t244;
				}
				asm("clc");
				_t246 = (_t244 | 0x16230006) ^ 0x00000e11;
				_push(ss);
				if(_t246 == 0) {
					_t246 = _t246 |  *_t246;
					_t345 = _t345 - 1;
					_t321 = _t309 | _t246;
					asm("sbb dl, [esi]");
					 *0xa0df802 =  *0xa0df802 + _t321;
					_t309 = _t321 + _t246;
					_push(es);
				}
				asm("rcr dword [edx], 0xdb");
				 *((intOrPtr*)(_t291 + 0x6000013)) =  *((intOrPtr*)(_t291 + 0x6000013)) + _t291;
				 *((intOrPtr*)(_t344 + _t246 + 0x35)) =  *((intOrPtr*)(_t344 + _t246 + 0x35)) + _t334;
				asm("adc [esi], eax");
				 *0x25000611 =  *0x25000611 + _t345;
				asm("sbb cl, [esi+0x77000613]");
				asm("adc eax, 0x6138e");
				asm("sbb esp, [eax]");
				_t248 = _t246 ^ 0xb000000;
				 *(_t345 - 0x64fff9ed) =  *(_t345 - 0x64fff9ed) | _t309;
				asm("sbb eax, 0xa1135");
				_t293 = _t291 +  *((intOrPtr*)(_t352 + _t309 + 0x11870006)) - 1;
				asm("adc eax, ecx");
				asm("sbb dl, [edx]");
				 *_t309 =  *_t309 + _t293;
				asm("adc eax, 0xa1462");
				_t336 = _t334 + _t246 &  *(_t309 + _t248 * 8);
				asm("sbb cl, [edx]");
				 *((intOrPtr*)(_t309 + 0x1e)) =  *((intOrPtr*)(_t309 + 0x1e)) + _t248;
				asm("rcr dword [edx], 0xa");
				 *((intOrPtr*)(_t248 + 0xa1ac113)) =  *((intOrPtr*)(_t248 + 0xa1ac113)) + _t248;
				 *((intOrPtr*)(_t248 + _t336 + 0xa1ac1)) =  *((intOrPtr*)(_t248 + _t336 + 0xa1ac1)) + _t293;
				asm("out dx, eax");
				_push(es);
				asm("rcr dword [edx], 0xa");
				asm("adc eax, ecx");
				asm("sbb cl, [edx]");
				_t338 = _t336 + _t248 + _t293;
				asm("adc ecx, eax");
				asm("sbb cl, [edx]");
				 *_t293 =  *_t293 + _t338;
				asm("rcr dword [edx], 0xa");
				 *_t344 =  *_t344 + _t248;
				asm("int 0x13");
				asm("adc eax, [edx]");
				asm("adc al, [eax]");
				asm("ficom dword [ecx]");
				asm("adc eax, [edx]");
				asm("adc al, [eax]");
				asm("adc [ebx+edx], dl");
				_t339 = _t338 +  *_t338;
				 *((intOrPtr*)(_t309 + 0x1e)) =  *((intOrPtr*)(_t309 + 0x1e)) + _t293;
				asm("adc eax, [edx]");
				 *((intOrPtr*)(_t344 + 0x11)) =  *((intOrPtr*)(_t344 + 0x11)) + _t339;
				_t250 = _t248 + 0x00121ac1 ^ 0xee000a11;
				asm("adc cl, al");
				asm("sbb dh, [ebx+0x13ff00]");
				 *_t339 =  *_t339 + _t309;
				 *((intOrPtr*)(_t344 + _t250 + 0x161ac1)) =  *((intOrPtr*)(_t344 + _t250 + 0x161ac1)) + _t293;
				asm("lds ebx, [0x160df8]");
				asm("clc");
				asm("clc");
				_t252 = _t250 | 0x1de7001e;
				asm("adc eax, [fs:eax]");
				 *_t252 =  *_t252 + _t252;
				_t253 = _t252 + _t309;
				 *_t253 =  *_t253 + _t253;
				 *_t253 =  *_t253 + _t253;
				 *_t309 =  *_t309 + _t253;
				 *_t309 =  *_t309 + _t253;
				 *_t253 =  *_t253 + _t253;
				 *_t253 =  *_t253 + _t339;
				 *_t309 =  *_t309 + _t293;
				es = es;
				 *_t309 =  *_t309 + _t253;
				 *_t253 =  *_t253 + _t253;
				 *_t253 =  *_t253 + _t339;
				 *((intOrPtr*)(_t345 + 0x410e3d1b)) =  *((intOrPtr*)(_t345 + 0x410e3d1b)) + _t253;
				 *_t309 =  *_t309 + _t309;
				 *_t293 =  *_t293 + _t253;
				 *_t253 =  *_t253 + _t253;
				 *_t253 =  *_t253 + _t339;
				 *_t345 =  *_t345 + _t293;
				_t254 = _t253 | 0x0000003d;
				_t310 = _t309 + 1;
				 *_t293 =  *_t293 + _t310;
				 *_t254 =  *_t254 + _t310;
				 *_t254 =  *_t254 + _t254;
				 *_t254 =  *_t254 + _t339;
				 *_t293 =  *_t293 + _t293;
				 *0xb00410e =  *0xb00410e & _t293;
				 *_t293 =  *_t293 + _t310;
				 *_t310 =  *_t310 + _t254;
				 *_t254 =  *_t254 + _t339;
				 *((intOrPtr*)(_t310 + _t339 + 0x490e3d)) =  *((intOrPtr*)(_t310 + _t339 + 0x490e3d)) + _t254;
				_t255 = _t254 | 0x01001000;
				 *_t255 =  *_t255 + _t339;
				 *((intOrPtr*)(_t344 + 0x11)) =  *((intOrPtr*)(_t344 + 0x11)) + _t293;
				 *_t339 =  *_t339 + _t293;
				 *_t310 =  *_t310 + _t255;
				 *_t255 =  *_t255 + _t339;
				 *((intOrPtr*)(_t344 + 0x11)) =  *((intOrPtr*)(_t344 + 0x11)) + _t293;
				 *_t293 =  *_t293 + _t255;
				 *_t310 =  *_t310 + _t255;
				 *_t255 =  *_t255 + _t339;
				 *_t255 =  *_t255 + _t255;
				 *0x1e00490e =  *0x1e00490e | _t344;
				 *_t344 =  *_t344 + _t255;
				 *((intOrPtr*)(_t255 - 0x5ffefff)) =  *((intOrPtr*)(_t255 - 0x5ffefff)) + _t255;
				asm("adc [0x2200410e], bh");
				 *_t310 =  *_t310 + _t339;
				 *_t255 =  *_t255 + _t255;
				 *_t255 =  *_t255 + _t339;
				 *((intOrPtr*)(_t349 + 0x1d)) =  *((intOrPtr*)(_t349 + 0x1d)) + _t339;
				 *_t339 =  *_t339 + _t339;
				 *_t255 =  *_t255 + _t255;
				 *_t255 =  *_t255 + _t339;
				 *((intOrPtr*)(_t293 + 0x410e3d1c)) =  *((intOrPtr*)(_t293 + 0x410e3d1c)) + _t293;
				 *_t339 =  *_t339 + _t310;
				 *_t293 =  *_t293 + _t255;
				 *_t255 =  *_t255 + _t255;
				asm("adc [eax], al");
				asm("fcom qword [0x410e3d]");
				_t257 = _t255 - 0xffffffffffffffff;
				 *_t310 =  *_t310 + _t257;
				 *_t257 =  *_t257 + _t339;
				 *((intOrPtr*)(_t345 + 0x450e3d11)) =  *((intOrPtr*)(_t345 + 0x450e3d11)) + _t339;
				 *_t310 =  *_t310 + _t339;
				 *((intOrPtr*)(_t257 + _t257 + 1)) =  *((intOrPtr*)(_t257 + _t257 + 1)) + _t339;
				 *_t257 =  *_t257 + _t339;
				 *((intOrPtr*)(_t293 + _t293 + 0x3d)) =  *((intOrPtr*)(_t293 + _t293 + 0x3d)) + _t293;
				 *_t293 =  *_t293 + _t293;
				 *((intOrPtr*)(_t257 + _t257 + 1)) =  *((intOrPtr*)(_t257 + _t257 + 1)) + _t293;
				 *_t257 =  *_t257 + _t339;
				_t340 = _t339 + _t293;
				 *0x4800450e =  *0x4800450e | _t293;
				 *_t310 =  *_t310 + _t310;
				 *_t257 =  *_t257 + _t257;
				asm("adc [eax], al");
				_t351 = _t349 + 1 - 1;
				 *((intOrPtr*)(_t257 + _t257 + 1)) =  *((intOrPtr*)(_t257 + _t257 + 1)) + _t340;
				 *_t257 =  *_t257 + _t340;
				_t341 = _t340 + _t310;
				asm("sbb edi, [0x6000450e]");
				 *((intOrPtr*)(_t257 + 0x10000100)) =  *((intOrPtr*)(_t257 + 0x10000100)) + _t310;
				 *((intOrPtr*)(_t293 + 0x1c)) =  *((intOrPtr*)(_t293 + 0x1c)) + _t257;
				 *((intOrPtr*)(_t293 + 0x10000100)) =  *((intOrPtr*)(_t293 + 0x10000100)) + _t293;
				_t341[0x11438f45] = _t341 + _t341[0x11438f45];
				 *((intOrPtr*)(_t310 + 0x100ad00)) =  *((intOrPtr*)(_t310 + 0x100ad00)) + _t341;
				 *_t257 =  *_t257 + _t341;
				_t294 = _t293 + _t310;
				ds = cs;
				 *((intOrPtr*)(_t344 + 0x10000100)) =  *((intOrPtr*)(_t344 + 0x10000100)) + _t294;
				 *_t310 =  *_t310 + _t341;
				asm("sbb edi, [0xac00450e]");
				_t311 = _t310 + _t310;
				 *_t257 =  *_t257 + _t257;
				 *_t257 =  *_t257 + _t341;
				 *((intOrPtr*)(_t345 + 0x410e3d16)) =  *((intOrPtr*)(_t345 + 0x410e3d16)) + _t311;
				 *((intOrPtr*)(_t351 + 0x100d900)) =  *((intOrPtr*)(_t351 + 0x100d900)) + _t294;
				 *_t257 =  *_t257 + _t341;
				 *_t257 =  *_t257 + _t341;
				_t258 = _t257 + _t257;
				 *_t258 =  *_t258 + _t258;
				 *_t258 =  *_t258 + _t341;
				 *_t294 =  *_t294 + _t258;
				ss = ds;
				asm("stosb");
				asm("sbb [ecx], eax");
				asm("enter 0xe800, 0x0");
				 *_t311 =  *_t311 + _t258;
				asm("adc [eax], al");
				_t295 = _t294 ^  *_t341;
				asm("stosb");
				asm("sbb ecx, edx");
				_t342 = _t341 + _t311;
				 *_t345 =  *_t345 + _t342;
				 *_t345 =  *_t345 + _t311 + _t311;
				asm("adc eax, 0x160453");
				asm("rcl byte [ecx], cl");
				 *((intOrPtr*)(_t344 + 0x14)) =  *((intOrPtr*)(_t344 + 0x14)) + _t342;
				_t313 = _t345;
				_t260 = _t258 + 0x2c;
				 *((intOrPtr*)(_t342 + _t260)) =  *((intOrPtr*)(_t342 + _t260)) + _t260;
				_t353 = cs;
				 *((intOrPtr*)(_t295 + 0x160460)) =  *((intOrPtr*)(_t295 + 0x160460)) + _t342;
				asm("fimul word [eax]");
				_t262 = _t260 + 0x2c;
				_t296 = _t295 + _t313;
				ds = ss;
				asm("adc [esp+eax+0x1], ebp");
				 *((intOrPtr*)(_t313 + 0x1045908)) =  *((intOrPtr*)(_t313 + 0x1045908)) + _t313;
				 *_t262 =  *_t262 + _t262;
				ds = 0xb6001604;
				_push(_t296);
				_t264 = _t262 + 1 + _t342;
				 *(_t313 + 4) =  *(_t313 + 4) | _t296;
				 *_t264 = _t264 +  *_t264;
				 *_t264 =  *_t264 | _t353;
				_push(_t296);
				_t265 =  &(_t264[0]);
				_t314 = _t313 + _t313;
				asm("sbb esi, [eax+0x4]");
				 *_t265 =  *_t265 + _t265;
				asm("wait");
				asm("adc [esp+eax+0x1], esi");
				_t184 = _t342 + 8;
				 *_t184 =  *((intOrPtr*)(_t342 + 8)) + _t342;
				if( *_t184 != 0) {
					 *_t265 =  *_t265 + _t265;
					 *0x10474 =  *0x10474 + 0x5e;
					_t385 =  *0x10474;
				}
				if(_t385 != 0) {
					 *_t265 =  *_t265 + _t265;
					_pop(_t345);
					_t186 = _t265 + 4;
					 *_t186 =  *(_t265 + 4) | _t296;
					_t386 =  *_t186;
				}
				if(_t386 >= 0) {
					 *_t265 =  *_t265 + _t265;
					_t387 =  *_t265;
					_pop( *0x10478);
				}
				if(_t387 >= 0) {
					 *_t265 =  *_t265 + _t265;
					asm("lodsd");
					asm("adc [esp+eax+0x1], edi");
				}
				if(_t387 >= 0) {
					 *_t265 =  *_t265 + _t265;
					_push(_t342);
					 *((intOrPtr*)(_t265 - 0x12fffefc)) =  *((intOrPtr*)(_t265 - 0x12fffefc)) + _t265;
				}
				 *((char*)(_t314 + _t265)) =  *((char*)(_t314 + _t265));
				asm("in eax, dx");
				asm("sbb esi, [eax+0x4]");
				 *_t265 =  *_t265 + _t265;
				asm("stosd");
				 *((intOrPtr*)(_t353 + _t265 + 0x1940001)) =  *((intOrPtr*)(_t353 + _t265 + 0x1940001)) + _t265;
				asm("pushad");
				_t266 = _t265 + 1;
				 *_t266 =  *_t266 + _t296;
				 *((intOrPtr*)(_t353 + _t266 + 1)) =  *((intOrPtr*)(_t353 + _t266 + 1)) + _t266;
				 *((intOrPtr*)(_t345 + 0x1046801)) =  *((intOrPtr*)(_t345 + 0x1046801)) + _t342;
				 *_t344 =  *_t344 + _t342;
				 *((intOrPtr*)(_t353 + _t266 + 1)) =  *((intOrPtr*)(_t353 + _t266 + 1)) + _t314;
				asm("sbb esi, [eax+0x4]");
				 *_t266 =  *_t266 + _t266;
				_t267 = _t353;
				_t354 = _t266;
				 *((intOrPtr*)(_t267 + 4)) =  *((intOrPtr*)(_t267 + 4)) + _t354;
				 *_t267 =  *_t267 + _t267;
				asm("stosd");
				_t209 = _t354 + _t267 + 0x1bed0001;
				 *_t209 =  *((intOrPtr*)(_t354 + _t267 + 0x1bed0001)) + _t267;
				_t389 =  *_t209;
				if(_t389 >= 0) {
					 *_t267 =  *_t267 + _t267;
					_t354 = _t351;
					_pop(_t351);
					asm("adc [esp+eax+0x1], edi");
				}
				if(_t389 < 0) {
					L32:
					if(_t390 >= 0) {
						 *_t267 =  *_t267 + _t267;
						asm("cmc");
						_t213 = _t354 + _t267 + 1;
						 *_t213 =  *(_t354 + _t267 + 1) | _t342;
						_t391 =  *_t213;
					}
					if(_t391 != 0) {
						 *_t267 =  *_t267 + _t267;
						asm("adc eax, 0x10459");
					}
					_pop(_t316);
					_t267 = _t267 + 1 + _t342;
					 *(_t316 + 4) =  *(_t316 + 4) | _t296;
					 *_t267 =  *_t267 + _t267;
				} else {
					 *_t267 =  *_t267 + _t267;
					_t390 =  *_t267;
					if(_t390 == 0) {
						goto L32;
					}
				}
				_t269 = _t267 - 0x1045908;
				 *((intOrPtr*)(_t342 + 0x10459)) =  *((intOrPtr*)(_t342 + 0x10459)) + _t269;
				_t270 = _t269 + 1;
				 *((intOrPtr*)(_t345 + 0x104591b)) =  *((intOrPtr*)(_t345 + 0x104591b)) + _t270;
				 *_t345 =  *_t345 + _t296;
				_pop(ds);
				_pop(_t318);
				 *((intOrPtr*)(_t345 + 0x1045909)) =  *((intOrPtr*)(_t345 + 0x1045909)) + 0x10;
				_t272 = _t270 + 0x11;
				 *(_t318 + 4) =  *(_t318 + 4) | _t296;
				 *_t272 =  *_t272 + _t272;
				asm("sbb dword [edx], 0x53");
				_t273 = _t272 + 1;
				 *_t273 =  *_t273 + _t273;
				_pop(ds);
				_push(_t296);
				_t275 = _t273 + 0x11;
				 *(_t318 + 4) =  *(_t318 + 4) | _t296;
				 *_t275 = _t275 +  *_t275;
				 *_t275 =  *_t275 | _t354;
				_push(_t296);
				 *((intOrPtr*)(_t351 + 0x104531f)) =  *((intOrPtr*)(_t351 + 0x104531f)) + _t318;
				 *_t344 =  *_t344 + 0x10;
				_push(cs);
				_t277 =  &(_t275[0]);
				 *((intOrPtr*)(0x10 + _t277)) =  *((intOrPtr*)(0x10 + _t277)) + _t277;
				_t278 = _t277 + 1;
				asm("sbb esi, [eax+0x4]");
				 *_t278 =  *_t278 + _t278;
				return _t278;
			}

0x00d5a448
0x00d5a448
0x00d5a448
0x00d5a448
0x00d5a448
0x00d5a448
0x00d5a449
0x00d5a44b
0x00d5a44d
0x00d5a450
0x00d5a452
0x00d5a453
0x00d5a455
0x00d5a457
0x00d5a45b
0x00d5a45c
0x00d5a45e
0x00d5a460
0x00d5a462
0x00d5a464
0x00d5a466
0x00d5a468
0x00d5a46a
0x00d5a46c
0x00d5a46f
0x00d5a471
0x00d5a475
0x00d5a476
0x00d5a478
0x00d5a47a
0x00d5a480
0x00d5a480
0x00d5a483
0x00d5a485
0x00d5a485
0x00d5a486
0x00d5a488
0x00d5a48a
0x00d5a48e
0x00d5a490
0x00d5a493
0x00d5a496
0x00d5a499
0x00d5a49b
0x00d5a49c
0x00d5a49e
0x00d5a4a0
0x00d5a4a2
0x00d5a4a4
0x00d5a4a6
0x00d5a4a8
0x00d5a4de
0x00d5a4de
0x00d5a4e0
0x00d5a4e3
0x00d5a4e9
0x00d5a4eb
0x00d5a4ed
0x00d5a4ee
0x00d5a4ef
0x00d5a4f0
0x00d5a4f1
0x00d5a4f3
0x00d5a4f5
0x00d5a4f5
0x00d5a4f8
0x00d5a4fa
0x00d5a4fc
0x00d5a4ff
0x00d5a500
0x00d5a500
0x00d5a501
0x00d5a503
0x00d5a505
0x00d5a507
0x00d5a509
0x00d5a50b
0x00d5a50e
0x00d5a513
0x00d5a515
0x00d5a516
0x00d5a518
0x00d5a51a
0x00d5a51c
0x00d5a51e
0x00d5a520
0x00d5a523
0x00d5a525
0x00d5a527
0x00d5a529
0x00d5a52d
0x00d5a52f
0x00d5a531
0x00d5a533
0x00d5a535
0x00d5a537
0x00d5a539
0x00d5a4aa
0x00d5a4aa
0x00d5a4af
0x00d5a4b3
0x00d5a4b5
0x00d5a4bb
0x00d5a4c2
0x00d5a4c4
0x00d5a4ca
0x00d5a4cc
0x00d5a4cf
0x00d5a4d1
0x00d5a4d2
0x00d5a4d5
0x00d5a4d7
0x00000000
0x00d5a4d7
0x00d5a4cf
0x00d5a53a
0x00d5a53c
0x00d5a53e
0x00d5a540
0x00d5a542
0x00d5a544
0x00d5a546
0x00d5a54d
0x00d5a54f
0x00d5a551
0x00d5a553
0x00d5a559
0x00d5a55b
0x00d5a55d
0x00d5a560
0x00d5a562
0x00d5a564
0x00d5a566
0x00d5a567
0x00d5a56d
0x00d5a56f
0x00d5a571
0x00d5a572
0x00d5a573
0x00d5a579
0x00d5a5a5
0x00d5a5ab
0x00d5a5ad
0x00d5a5ae
0x00d5a5af
0x00d5a5b3
0x00d5a5b4
0x00d5a5b5
0x00d5a5b7
0x00d5a5bd
0x00d5a5c3
0x00d5a5c5
0x00d5a5c7
0x00d5a5c9
0x00d5a5cb
0x00d5a5cd
0x00d5a5d0
0x00d5a5d3
0x00d5a5d3
0x00d5a5d6
0x00d5a5d8
0x00d5a5da
0x00d5a5e0
0x00d5a5e2
0x00d5a5e5
0x00d5a5e5
0x00d5a5e8
0x00d5a5eb
0x00d5a5ee
0x00d5a5f1
0x00d5a5f4
0x00d5a5f9
0x00d5a5fb
0x00d5a606
0x00d5a608
0x00d5a60a
0x00d5a60f
0x00d5a615
0x00d5a617
0x00d5a617
0x00d5a618
0x00d5a61a
0x00d5a61b
0x00d5a621
0x00d5a623
0x00d5a629
0x00d5a62b
0x00d5a62d
0x00d5a62f
0x00d5a635
0x00d5a636
0x00d5a639
0x00d5a63f
0x00d5a642
0x00d5a645
0x00d5a647
0x00d5a649
0x00d5a64b
0x00d5a64d
0x00d5a64f
0x00d5a651
0x00d5a65a
0x00d5a65d
0x00d5a660
0x00d5a663
0x00d5a665
0x00d5a66b
0x00d5a66c
0x00d5a66f
0x00d5a672
0x00d5a674
0x00d5a675
0x00d5a67b
0x00d5a67e
0x00d5a67f
0x00d5a680
0x00d5a681
0x00d5a687
0x00d5a68d
0x00d5a693
0x00d5a695
0x00d5a699
0x00d5a69c
0x00d5a69f
0x00d5a6a1
0x00d5a6a3
0x00d5a6a5
0x00d5a6a7
0x00d5a6a9
0x00d5a6ab
0x00d5a6ad
0x00d5a6ae
0x00d5a6b1
0x00d5a6b3
0x00d5a6b8
0x00d5a6bf
0x00d5a6c1
0x00d5a6c3
0x00d5a6ca
0x00d5a6d1
0x00d5a6d2
0x00d5a6d7
0x00d5a6d8
0x00d5a6da
0x00d5a6db
0x00d5a6e1
0x00d5a6e7
0x00d5a6e7
0x00d5a6ea
0x00d5a6f0
0x00d5a6f5
0x00d5a6f6
0x00d5a6f8
0x00d5a6fa
0x00d5a6fb
0x00d5a6fd
0x00d5a6ff
0x00d5a705
0x00d5a707
0x00d5a707
0x00d5a708
0x00d5a70b
0x00d5a711
0x00d5a715
0x00d5a719
0x00d5a71f
0x00d5a725
0x00d5a72a
0x00d5a738
0x00d5a73d
0x00d5a743
0x00d5a748
0x00d5a749
0x00d5a74b
0x00d5a74d
0x00d5a74f
0x00d5a754
0x00d5a757
0x00d5a759
0x00d5a75c
0x00d5a75f
0x00d5a765
0x00d5a76c
0x00d5a76d
0x00d5a76e
0x00d5a773
0x00d5a775
0x00d5a777
0x00d5a779
0x00d5a77b
0x00d5a77d
0x00d5a780
0x00d5a783
0x00d5a78a
0x00d5a78c
0x00d5a78e
0x00d5a790
0x00d5a792
0x00d5a794
0x00d5a796
0x00d5a799
0x00d5a79b
0x00d5a79e
0x00d5a7a1
0x00d5a7a4
0x00d5a7a9
0x00d5a7ab
0x00d5a7b1
0x00d5a7b3
0x00d5a7ba
0x00d5a7c2
0x00d5a7c8
0x00d5a7c9
0x00d5a7ce
0x00d5a7d1
0x00d5a7d3
0x00d5a7d5
0x00d5a7d7
0x00d5a7d9
0x00d5a7db
0x00d5a7dd
0x00d5a7df
0x00d5a7e1
0x00d5a7e3
0x00d5a7e9
0x00d5a7eb
0x00d5a7ed
0x00d5a7ef
0x00d5a7f5
0x00d5a7f7
0x00d5a7f9
0x00d5a7fb
0x00d5a7fd
0x00d5a7ff
0x00d5a802
0x00d5a803
0x00d5a805
0x00d5a807
0x00d5a809
0x00d5a80b
0x00d5a80d
0x00d5a813
0x00d5a815
0x00d5a817
0x00d5a819
0x00d5a820
0x00d5a825
0x00d5a827
0x00d5a82f
0x00d5a831
0x00d5a833
0x00d5a835
0x00d5a83d
0x00d5a83f
0x00d5a841
0x00d5a843
0x00d5a845
0x00d5a84b
0x00d5a84d
0x00d5a853
0x00d5a859
0x00d5a85b
0x00d5a85d
0x00d5a85f
0x00d5a867
0x00d5a869
0x00d5a86b
0x00d5a86d
0x00d5a873
0x00d5a875
0x00d5a878
0x00d5a87a
0x00d5a87c
0x00d5a884
0x00d5a885
0x00d5a887
0x00d5a889
0x00d5a88f
0x00d5a891
0x00d5a895
0x00d5a897
0x00d5a89d
0x00d5a89f
0x00d5a8a3
0x00d5a8a5
0x00d5a8a7
0x00d5a8ad
0x00d5a8b0
0x00d5a8b2
0x00d5a8ba
0x00d5a8bb
0x00d5a8bf
0x00d5a8c1
0x00d5a8c3
0x00d5a8c9
0x00d5a8cf
0x00d5a8d7
0x00d5a8dd
0x00d5a8e3
0x00d5a8e9
0x00d5a8eb
0x00d5a8ed
0x00d5a8f3
0x00d5a8f9
0x00d5a8fb
0x00d5a901
0x00d5a903
0x00d5a905
0x00d5a907
0x00d5a90d
0x00d5a913
0x00d5a915
0x00d5a91d
0x00d5a91f
0x00d5a921
0x00d5a923
0x00d5a925
0x00d5a926
0x00d5a927
0x00d5a92a
0x00d5a92e
0x00d5a930
0x00d5a932
0x00d5a934
0x00d5a935
0x00d5a937
0x00d5a93b
0x00d5a93d
0x00d5a93f
0x00d5a944
0x00d5a949
0x00d5a94c
0x00d5a94d
0x00d5a94f
0x00d5a952
0x00d5a955
0x00d5a95c
0x00d5a95e
0x00d5a961
0x00d5a963
0x00d5a969
0x00d5a96d
0x00d5a973
0x00d5a975
0x00d5a976
0x00d5a979
0x00d5a97b
0x00d5a97e
0x00d5a980
0x00d5a982
0x00d5a983
0x00d5a985
0x00d5a987
0x00d5a98a
0x00d5a98c
0x00d5a98d
0x00d5a991
0x00d5a991
0x00d5a994
0x00d5a996
0x00d5a998
0x00d5a998
0x00d5a998
0x00d5a99a
0x00d5a99c
0x00d5a99e
0x00d5a99f
0x00d5a99f
0x00d5a99f
0x00d5a99f
0x00d5a9a0
0x00d5a9a2
0x00d5a9a2
0x00d5a9a4
0x00d5a9a4
0x00d5a9a6
0x00d5a9a8
0x00d5a9aa
0x00d5a9ab
0x00d5a9ab
0x00d5a9ac
0x00d5a9ae
0x00d5a9b0
0x00d5a9b1
0x00d5a9b1
0x00d5a9b2
0x00d5a9b6
0x00d5a9b7
0x00d5a9ba
0x00d5a9bc
0x00d5a9bd
0x00d5a9c4
0x00d5a9c5
0x00d5a9c7
0x00d5a9c9
0x00d5a9cd
0x00d5a9d3
0x00d5a9d5
0x00d5a9db
0x00d5a9de
0x00d5a9e0
0x00d5a9e0
0x00d5a9e1
0x00d5a9e4
0x00d5a9e6
0x00d5a9e7
0x00d5a9e7
0x00d5a9e7
0x00d5a9ee
0x00d5a9f0
0x00d5a9f2
0x00d5a9f2
0x00d5a9f3
0x00d5a9f3
0x00d5a9f4
0x00d5a9fa
0x00d5a9fa
0x00d5a9fc
0x00d5a9fe
0x00d5a9ff
0x00d5a9ff
0x00d5a9ff
0x00d5a9ff
0x00d5aa00
0x00d5aa02
0x00d5aa04
0x00d5aa04
0x00d5aa06
0x00d5aa09
0x00d5aa0b
0x00d5aa0e
0x00d5a9f6
0x00d5a9f6
0x00d5a9f6
0x00d5a9f8
0x00000000
0x00000000
0x00d5a9f8
0x00d5aa10
0x00d5aa15
0x00d5aa1f
0x00d5aa21
0x00d5aa27
0x00d5aa29
0x00d5aa2a
0x00d5aa2d
0x00d5aa33
0x00d5aa35
0x00d5aa38
0x00d5aa3a
0x00d5aa3d
0x00d5aa3f
0x00d5aa41
0x00d5aa42
0x00d5aa45
0x00d5aa47
0x00d5aa4a
0x00d5aa4c
0x00d5aa4e
0x00d5aa51
0x00d5aa57
0x00d5aa59
0x00d5aa5b
0x00d5aa5d
0x00d5aa61
0x00d5aa65
0x00d5aa68
0x00d5aa6a

Memory Dump Source

Source File: 00000000.00000002.336955871.0000000000D52000.00000002.00020000.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000000.00000002.336933079.0000000000D50000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 194ab2bccac45c2466fa1b834d262a1c2eec38e93c702c93044e71690a84f5c0
Instruction ID: 2d35d2144008edb077c217384cfc766f1e29bff8410b80c9d8dcdb36b95ce183
Opcode Fuzzy Hash: 194ab2bccac45c2466fa1b834d262a1c2eec38e93c702c93044e71690a84f5c0
Instruction Fuzzy Hash: C33255A684E3D15FC7038B749CB5481BFB1AE1322471E49DFC8C18F4A3E259995ACB63

Uniqueness

Uniqueness Score: -1.00%

Function 016AE5B0, Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cb56bd986dca2f9677e0dff5a8cc131c46d480ea9fdb1f702d17e8e06a1497d
Instruction ID: aecbe713580f236eb286965b8f3255c28f6ea368ffef1cf128c1844fead93c6b
Opcode Fuzzy Hash: 0cb56bd986dca2f9677e0dff5a8cc131c46d480ea9fdb1f702d17e8e06a1497d
Instruction Fuzzy Hash: 0012C4F16117469FDB34CF6AF9981893BA1B755328F904308D2612BAD9D7B8334ACF84

Uniqueness

Uniqueness Score: -1.00%

Function 016AC164, Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.338090333.00000000016A0000.00000040.00000001.sdmp, Offset: 016A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 660cf51b3f9450b20a901ad7b0d897fcd03a986a8cb1d534d6ea7ed6baf06c6b
Instruction ID: 67e28a15b7597fd63e7b6d1f1f0ead5c9b21d27e1a0d464f3d6b55402045cc8e
Opcode Fuzzy Hash: 660cf51b3f9450b20a901ad7b0d897fcd03a986a8cb1d534d6ea7ed6baf06c6b
Instruction Fuzzy Hash: A4A14D32E0061A8FCF15DFE9C8449DEBBB2FF99300B55856AE905AB261DB31AD45CF40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6644 Parent PID: 6476 #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exeCOMMON

Executed Functions

Function 00419E0B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55

Strings

BMA, xrefs: 00419E32, 00419E40
BMA, xrefs: 00419E4D, 00419E54

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID: BMA$BMA
API String ID: 2738559852-2163208940
Opcode ID: 1957faf283b7ee774171152ef97b01bc40514265525b585656e7cf491c17f1a6
Instruction ID: 689883de6578cbe391bae5492427174bf8ebd4b6e9f5a67a35c169dca52ee0f1
Opcode Fuzzy Hash: 1957faf283b7ee774171152ef97b01bc40514265525b585656e7cf491c17f1a6
Instruction Fuzzy Hash: 29F0F9B2200108AFCB14DF99CC80EEB7BA9FF8C754F158248FA0DA7251C630E951CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55

Strings

BMA, xrefs: 00419E32, 00419E40
BMA, xrefs: 00419E4D, 00419E54

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID: BMA$BMA
API String ID: 2738559852-2163208940
Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00419DB2, Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: dc57c62af5a252e64749609f0c59021bf890688b24e77c6a729b75ae4022b2fb
Instruction ID: 7c9c9659d240f20d81ae5bda02a267e9f782f8a8bbf0bb480fcd2cae13e3758f
Opcode Fuzzy Hash: dc57c62af5a252e64749609f0c59021bf890688b24e77c6a729b75ae4022b2fb
Instruction Fuzzy Hash: C501D2B2210208ABCB58DF99DC95EEB37EDAF8C714F158249FA0C97240D630EC558BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0

Uniqueness

Uniqueness Score: -1.00%

Function 017D9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 017D986A

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 82edc238f46b1cd569630e59b71b111cacfa08bb33e5e07268c559494b9b9f92
Instruction ID: 5405bc6e14326400df894244b4aa6233809b9923e23a1a77219e16042b939261
Opcode Fuzzy Hash: 82edc238f46b1cd569630e59b71b111cacfa08bb33e5e07268c559494b9b9f92
Instruction Fuzzy Hash: D290027120500417D121619985087174089A7D82C1F91C422A4418559DD6968962B161

Uniqueness

Uniqueness Score: -1.00%

Function 017D9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 017D966A

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4d7a0e7994421b0017c347b3768cefb94d93a994378d722a8540cff2a998de8d
Instruction ID: 3ea3ae69b7614fcc1549b992a9a1935254b840bb207e27391bba92f218bfb7e0
Opcode Fuzzy Hash: 4d7a0e7994421b0017c347b3768cefb94d93a994378d722a8540cff2a998de8d
Instruction Fuzzy Hash: CD90027120500806D1907199840865A4085A7D9381F91C025A4019655DCA558A6977E1

Uniqueness

Uniqueness Score: -1.00%

Function 017D96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 017D96EA

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 641c1a4b282e463753d60c78dc30ca2cca62708b7e39183fae3621b9d3234418
Instruction ID: 40dc9fb80c0b05600722e5a65b12873f8a2a876b5d3d53d463d704c1ac9481c2
Opcode Fuzzy Hash: 641c1a4b282e463753d60c78dc30ca2cca62708b7e39183fae3621b9d3234418
Instruction Fuzzy Hash: 6B90027120508806D1206199C40875A4085A7D8381F55C421A8418659DC6D588A17161

Uniqueness

Uniqueness Score: -1.00%

Function 00409A90, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efcf0ab6665c7b0157fd04bcb744907f430064515781423b38bce05023b8fb6d
Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
Opcode Fuzzy Hash: efcf0ab6665c7b0157fd04bcb744907f430064515781423b38bce05023b8fb6d
Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0

Uniqueness

Uniqueness Score: -1.00%

Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D

Memory Dump Source

Source File: 00000005.00000002.337974724.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0

Uniqueness

Uniqueness Score: -1.00%

Function 017D967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 017D9694

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 08a92c74444f480e88e2991265c07959e975a1cedc093545e3f3e6b1c9520c9b
Instruction ID: 11d2cc884645dd01cc80a80b638b2ca46eacc9df36a075b68fd57c58e0b2f065
Opcode Fuzzy Hash: 08a92c74444f480e88e2991265c07959e975a1cedc093545e3f3e6b1c9520c9b
Instruction Fuzzy Hash: 6AB09B719054C5C9D611D7B4460C727F95077D4745F16C061D2024645B4778C491F6B5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0184B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON

Download Yara Rule

Strings

The resource is owned exclusively by thread %p, xrefs: 0184B374
If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0184B314
This failed because of error %Ix., xrefs: 0184B446
This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0184B47D
*** enter .exr %p for the exception record, xrefs: 0184B4F1
*** A stack buffer overrun occurred in %ws:%s, xrefs: 0184B2F3
The instruction at %p tried to %s , xrefs: 0184B4B6
write to, xrefs: 0184B4A6
*** then kb to get the faulting stack, xrefs: 0184B51C
The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0184B38F
*** Inpage error in %ws:%s, xrefs: 0184B418
read from, xrefs: 0184B4AD, 0184B4B2
The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0184B3D6
The instruction at %p referenced memory at %p., xrefs: 0184B432
This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0184B305
*** enter .cxr %p for the context, xrefs: 0184B50D
*** Critical Section Timeout (%p) in %ws:%s, xrefs: 0184B39B
*** An Access Violation occurred in %ws:%s, xrefs: 0184B48F
Go determine why that thread has not released the critical section., xrefs: 0184B3C5
a NULL pointer, xrefs: 0184B4E0
The critical section is owned by thread %p., xrefs: 0184B3B9
an invalid address, %p, xrefs: 0184B4CF
The resource is owned shared by %d threads, xrefs: 0184B37E
The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0184B323
*** Resource timeout (%p) in %ws:%s, xrefs: 0184B352
*** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0184B2DC
This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0184B484
*** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0184B53F
This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0184B476
<unknown>, xrefs: 0184B27E, 0184B2D1, 0184B350, 0184B399, 0184B417, 0184B48E

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
API String ID: 0-108210295
Opcode ID: b5d7e75e3f85d5934c6a1747b03e581194f97bc848d79471bc1d54b9d30321c9
Instruction ID: 69e822db8703b65be007bea4ba49f43672c8b3cde414f652dfa8cd8387f2fe44
Opcode Fuzzy Hash: b5d7e75e3f85d5934c6a1747b03e581194f97bc848d79471bc1d54b9d30321c9
Instruction Fuzzy Hash: 608175B0AC0224FFDB226A4ACC99EBB7F65AF56B54F000049F504EB152DB64C681C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 017CC9BF, Relevance: 14.2, Strings: 11, Instructions: 412COMMON

Download Yara Rule

Strings

SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 0180AC2C
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 0180A8EC
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 0180AA11
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 0180AA1A
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 0180ABF3
RtlpResolveAssemblyStorageMapEntry, xrefs: 0180AC27
@, xrefs: 0180ABA3
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 0180AAC8
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 0180AAA0
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 0180AC0A
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 0180AB0E

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 3a91fa2bf7ff75a9135e8da69f2acb8da568913fdf2dde4a080a4366ba29baab
Instruction ID: 56f29024a05ebd830c6bbc22f26170da57a754390f7803c2f401d0b2090cf4dd
Opcode Fuzzy Hash: 3a91fa2bf7ff75a9135e8da69f2acb8da568913fdf2dde4a080a4366ba29baab
Instruction Fuzzy Hash: C1027BB1D402299BDB72DB18CD80BAAF7B8AB54704F4541DEE60DA7281DB309F84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 01854AEF, Relevance: 11.8, Strings: 9, Instructions: 529COMMON

Download Yara Rule

Strings

Heap block at %p has incorrect segment offset (%x), xrefs: 0185503B
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 01854F81
Free Heap block %p modified at %p after it was freed, xrefs: 01854F2F
Heap block at %p is not last block in segment (%p), xrefs: 01854FD6
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 01855119
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 018550C6
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 0185508C
HEAP[%wZ]: , xrefs: 01854EE1, 01854F0D, 01854F5D, 01854FBA, 0185501D, 01855061, 018550FA
HEAP: , xrefs: 01854F1A, 01854F6A, 01854FC7, 0185502A, 0185506E, 018550B6, 01855107

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: f6ded4ff57d226b2cc67c913cb9d62427a2d4934225e6f1f346d2d34b3c57547
Instruction ID: 74a19d9ef69c9611d8cae6c807cf859362c905e64abeea6da9cfcc8886c9db07
Opcode Fuzzy Hash: f6ded4ff57d226b2cc67c913cb9d62427a2d4934225e6f1f346d2d34b3c57547
Instruction Fuzzy Hash: 0712FA702006469FEB65DF6DC498BBAFBF1EF48714F148459E886CB241E774EA80CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01854496, Relevance: 10.4, Strings: 8, Instructions: 417COMMON

Download Yara Rule

Strings

Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 018547E2
Tag %04x (%ws) size incorrect (%Ix != %Ix) %p, xrefs: 01854992
Total size of free blocks in arena (%Id) does not match number total in heap header (%Id), xrefs: 0185486F
dedicated (%04Ix) free list element %p is marked busy, xrefs: 018546CF
HEAP[%wZ]: , xrefs: 01854652, 018546B3, 018547C6, 01854851, 01854917, 0185496B
Non-Dedicated free list element %p is out of order, xrefs: 0185466B
Pseudo Tag %04x size incorrect (%Ix != %Ix) %p, xrefs: 0185493D
HEAP: , xrefs: 0185465F, 018546C0, 018547D3, 0185485E, 01854924, 01854978

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
API String ID: 0-1357697941
Opcode ID: bb0a1863f4305e1e9589a12797ea12f930ba72c8b0ead51aaf9151a3d85d4609
Instruction ID: d77bc3d5be7ddb76cf0c6921f8c83f35868fe417ff549e3d75c44692667ee62a
Opcode Fuzzy Hash: bb0a1863f4305e1e9589a12797ea12f930ba72c8b0ead51aaf9151a3d85d4609
Instruction Fuzzy Hash: 7FF1517160064AEFEB61DF6DC484BAAFBF1FF09704F048029E946D7241E770AA85CB50

Uniqueness

Uniqueness Score: -1.00%

Function 017C78A0, Relevance: 8.5, Strings: 6, Instructions: 989COMMON

Download Yara Rule

Strings

{, xrefs: 01808CEE
MUI, xrefs: 017C7BCA
LdrpResSearchResourceInsideDirectory Enter, xrefs: 017C794C
T, xrefs: 017C7942
R, xrefs: 017C7956
LdrpResSearchResourceInsideDirectory Exit, xrefs: 017C7960

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$MUI$R$T${
API String ID: 0-2515562510
Opcode ID: 5b9f0fa78655f6526af0b950ad98ffaa88dae675a2b901488996e2be8ece1e54
Instruction ID: e627e8a24c4a81e6da564f1ca61addc891c5e1cc2676bb70bc8fab34e0a4676c
Opcode Fuzzy Hash: 5b9f0fa78655f6526af0b950ad98ffaa88dae675a2b901488996e2be8ece1e54
Instruction Fuzzy Hash: 73925870E04229CFDB65CF98C880BADFBB5BF45714F14829DD949AB281EB349A81CF41

Uniqueness

Uniqueness Score: -1.00%

Function 017BA309, Relevance: 8.2, Strings: 6, Instructions: 687COMMON

Download Yara Rule

Strings

((LONG)FreeEntry->Size > 1), xrefs: 01801F89
(!TrailingUCR), xrefs: 01802274
(UCRBlock != NULL), xrefs: 01801EA0
HEAP[%wZ]: , xrefs: 01801E88, 01801F71, 01802124, 0180225C
HEAP: , xrefs: 01801E95, 01801F7E, 01802131, 01802269
(LONG)FreeEntry->Size > 1, xrefs: 0180213C

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 56177c0099a4d66ea53fc0278a27b54229570f746a8fda7e592854105d141bf1
Instruction ID: db2e413c1579d73c8d1dcb549da1f57698176f704f593c89a5dfb16f304f4633
Opcode Fuzzy Hash: 56177c0099a4d66ea53fc0278a27b54229570f746a8fda7e592854105d141bf1
Instruction Fuzzy Hash: 2142ED706087419FD716EF28C888B6AFBE2BF84704F04496DE486CB292D774DA85CB52

Uniqueness

Uniqueness Score: -1.00%

Function 01852D82, Relevance: 7.7, Strings: 6, Instructions: 228COMMON

Download Yara Rule

Strings

Invalid allocation size - %Ix (exceeded %Ix), xrefs: 0185305E
Just allocated block at %p for 0x%Ix bytes with tag %ws, xrefs: 01853015
Just allocated block at %p for %Ix bytes, xrefs: 01852F5F
HEAP[%wZ]: , xrefs: 01852F3E, 01852FEB, 01853042
RtlAllocateHeap, xrefs: 01852DCA
HEAP: , xrefs: 01852F4B, 01852FF8, 0185304F

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
API String ID: 0-1745908468
Opcode ID: 86be39bdf207331849baaa0d64bb8279ea9c4a8b83ee9b653659d26a1b6e7f81
Instruction ID: 62feab082e01ef716ed23f32b00b0fa462eb6ec0e1eceb3918b340baffab0f26
Opcode Fuzzy Hash: 86be39bdf207331849baaa0d64bb8279ea9c4a8b83ee9b653659d26a1b6e7f81
Instruction Fuzzy Hash: 3D910E31600645DFDB62DFACD494AADFBF2FF49714F18805DE946AB252CB329A41CB00

Uniqueness

Uniqueness Score: -1.00%

Function 017B2430, Relevance: 6.7, Strings: 5, Instructions: 461COMMON

Download Yara Rule

Strings

, xrefs: 017B24C0
minkernel\ntdll\sxsisol.cpp, xrefs: 017FD3D6
Internal error check failed, xrefs: 017FD3DB
Status != STATUS_SXS_SECTION_NOT_FOUND, xrefs: 017FD3CC
, xrefs: 017B24E4

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
API String ID: 0-3393094623
Opcode ID: 7c5b43e26cb2353f83832089f4acc19ff86119603938f6cb75ba7152508ef5a3
Instruction ID: 87812bf3a8b4fea2d3328fab87486fb00253959671c26fbcc8f9c3ca03ea7cff
Opcode Fuzzy Hash: 7c5b43e26cb2353f83832089f4acc19ff86119603938f6cb75ba7152508ef5a3
Instruction Fuzzy Hash: B4029C7150A3418BD731DF68C084BABFBE0BF89714F14491EEA9997362E770E844CB92

Uniqueness

Uniqueness Score: -1.00%

Function 017A3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON

Download Yara Rule

Strings

Kernel-MUI-Language-Disallowed, xrefs: 017A3E97
Kernel-MUI-Language-Allowed, xrefs: 017A3DC0
Kernel-MUI-Language-SKU, xrefs: 017A3F70
Kernel-MUI-Number-Allowed, xrefs: 017A3D8C
WindowsExcludedProcs, xrefs: 017A3D6F

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
API String ID: 0-258546922
Opcode ID: 64525b3dc3c464b5c40a65609ee771e829a1aba6d9bd6eff2650dbfce2351570
Instruction ID: 4142cf62dc9bfb456473e6dc27b2ecfaf481bbc122cfe3b60e36df6ca2bae8a7
Opcode Fuzzy Hash: 64525b3dc3c464b5c40a65609ee771e829a1aba6d9bd6eff2650dbfce2351570
Instruction Fuzzy Hash: 11F16C72D04619EFCB11DF98C984AEFFBB9FF48650F55016AE606A7250E7719E00CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 018264B5, Relevance: 6.4, Strings: 5, Instructions: 116COMMON

Download Yara Rule

Strings

Item:, xrefs: 01826505
SR - , xrefs: 0182652D
Type:, xrefs: 018264CE
Name:, xrefs: 018264E7
Language:, xrefs: 018264F6

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: Item:$ Language:$ Name:$SR - $Type:
API String ID: 0-3082644519
Opcode ID: ec7a30ac82ed3ede1c7620e75bdcdb9e70c6e7fdb92027dbc8f03cdfd949a0c5
Instruction ID: 9ab6f0adc6f8396ba442c8b78862de59a00343860ec662fe0f51aee3e471e4fd
Opcode Fuzzy Hash: ec7a30ac82ed3ede1c7620e75bdcdb9e70c6e7fdb92027dbc8f03cdfd949a0c5
Instruction Fuzzy Hash: EB41A171A002296FDB21DB68CC5CB9ABBBCAF45314F5401E5E949E7254EE309F84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 017940E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON

Download Yara Rule

Strings

Invalid heap signature for heap at %p, xrefs: 017F0458
HEAP[%wZ]: , xrefs: 017F043F
, passed to %s, xrefs: 017F0469
RtlAllocateHeap, xrefs: 017F0468
HEAP: , xrefs: 017F044C

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
API String ID: 0-188067316
Opcode ID: 15ca50a002cca4d894b460610efd61fb4f1000ceb5830b18a39cbc15a1c2dc82
Instruction ID: 0b49410d258e48a7a76faa49f06e69fe340854b31fab02db61ac24c2e76123c3
Opcode Fuzzy Hash: 15ca50a002cca4d894b460610efd61fb4f1000ceb5830b18a39cbc15a1c2dc82
Instruction Fuzzy Hash: 26019C721406419EEB25976DF45DFB7F7A4DB03F30F29406EF1040B756CAE49444C620

Uniqueness

Uniqueness Score: -1.00%

Function 017C701D, Relevance: 5.6, Strings: 4, Instructions: 569COMMON

Download Yara Rule

Strings

LdrpResSearchResourceMappedFile Enter, xrefs: 017C70B9
MUI, xrefs: 017C75E1
#, xrefs: 018086BA
LdrpResSearchResourceMappedFile Exit, xrefs: 017C70D4

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: #$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
API String ID: 0-3266796247
Opcode ID: bceaab8c8bb8546eb5bf08e8cd0f9834d0b2f19cc7574461e675c31fa5418af5
Instruction ID: 428c8aca7591b0ee1c4e7ff48301d301d0cf4dcf5a698fe217c1328a03d24b79
Opcode Fuzzy Hash: bceaab8c8bb8546eb5bf08e8cd0f9834d0b2f19cc7574461e675c31fa5418af5
Instruction Fuzzy Hash: 2A327E31A042A98BDF6ACB18CC88BE9BBB5AB45740F1441EDE949A7251DB309FC1CF54

Uniqueness

Uniqueness Score: -1.00%

Function 017BA830, Relevance: 5.4, Strings: 4, Instructions: 350COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 018022D7, 018023E7
((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 018022F3
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01802403
HEAP: , xrefs: 018022E6, 018023F6

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: aa44a6a03f53a60e58959754caa5e866f94c9e033edc1acfc16f345bdda6d3a5
Instruction ID: 3f4bd9f449945a4e7aa43dfd15154b5b72dab320facb73c19bb765f191a38f60
Opcode Fuzzy Hash: aa44a6a03f53a60e58959754caa5e866f94c9e033edc1acfc16f345bdda6d3a5
Instruction Fuzzy Hash: 46D1CF746002059FDB29EF68C4D4BAAF7F2FF48300F158569D95ADB746E330AA45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 017BA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON

Download Yara Rule

Strings

ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 01801DF9
`, xrefs: 01801C8D
HEAP[%wZ]: , xrefs: 01801DD7
HEAP: , xrefs: 01801DE4

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: InitializeThunk
String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
API String ID: 2994545307-2586055223
Opcode ID: 4ed2969652cc23db8831c2093c36c276a246fa4a0626cb4f8a4e8b85f34060d3
Instruction ID: fc3a8d2d588a265ebe439fa0fa4100075abb5b25bf5319103bbc40070117a01f
Opcode Fuzzy Hash: 4ed2969652cc23db8831c2093c36c276a246fa4a0626cb4f8a4e8b85f34060d3
Instruction Fuzzy Hash: 305108322056859FE722EB68CC88FA7B7E8FB80B60F050464F955C72D1D774D940C761

Uniqueness

Uniqueness Score: -1.00%

Function 018549A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON

Download Yara Rule

Strings

Heap %p - headers modified (%p is %lx instead of %lx), xrefs: 01854A61
HEAP[%wZ]: , xrefs: 01854A3D, 01854AB7
This is located in the %s field of the heap header., xrefs: 01854AD6
HEAP: , xrefs: 01854A4A, 01854A5D, 01854A5F, 01854AC4

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: InitializeThunk
String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
API String ID: 2994545307-336120773
Opcode ID: 7333b22c5b41c0731287dc8a1f6dc1b5799c5367a4ded47a76ebf0547e475de9
Instruction ID: c7b242ad721108a4e225aac4cf8d2465e46373aa72e43505fdfe60faf29b33e6
Opcode Fuzzy Hash: 7333b22c5b41c0731287dc8a1f6dc1b5799c5367a4ded47a76ebf0547e475de9
Instruction Fuzzy Hash: D7314671200104EFDBA2DB9DD889FABB7E8EF05B24F15405AF905CB255F670EA84CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0179751A, Relevance: 5.1, Strings: 4, Instructions: 101COMMON

Download Yara Rule

Strings

VirtualQuery Failed 0x%p %x, xrefs: 017F284E
VirtualProtect Failed 0x%p %x, xrefs: 017F2811
HEAP[%wZ]: , xrefs: 017F27F7, 017F2834
HEAP: , xrefs: 017F2804, 017F2841

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
API String ID: 0-1391187441
Opcode ID: c38b26ba0080ee854414e8f6f3278a955b9845b9d31dc49e6ba377c3ea80171c
Instruction ID: 3afaee276ad0f4ccb8e4b0256f6d93ba6ba512327f133e7a01c4d481927f7b16
Opcode Fuzzy Hash: c38b26ba0080ee854414e8f6f3278a955b9845b9d31dc49e6ba377c3ea80171c
Instruction Fuzzy Hash: 6E31F472A50148AFDF11DB99D888FABFBB8EB44B30F254069F914A7251D770E944CE60

Uniqueness

Uniqueness Score: -1.00%

Function 01853518, Relevance: 5.1, Strings: 4, Instructions: 55COMMON

Download Yara Rule

Strings

RtlDestroyHeap, xrefs: 01853571
May not destroy the process heap at %p, xrefs: 01853561
HEAP[%wZ]: , xrefs: 01853548
HEAP: , xrefs: 01853555

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
API String ID: 0-4256168463
Opcode ID: b46939d317423309794389e68f4d341934a7a6e82ca847e601bef62e403aa2ee
Instruction ID: 81dd8a895342c2b20d0bbb50639817d8b6830fe80f7108ef06bf93d19c6f7f37
Opcode Fuzzy Hash: b46939d317423309794389e68f4d341934a7a6e82ca847e601bef62e403aa2ee
Instruction Fuzzy Hash: F9014532150604DFCB61EB6D9488FA6F7E8FB41BA4F00846AFC06DB345DA70EB44CA60

Uniqueness

Uniqueness Score: -1.00%

Function 017B99BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01801572, 01801639, 018017DE, 01801927
HEAP[%wZ]: , xrefs: 01801550, 01801617, 018017BC, 01801905
HEAP: , xrefs: 0180155D, 01801624, 018017C9, 01801912

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: f7c691c32d0aaa283287ea4deec4e97d0712be6d35872ea24f98cd1b2c7a8de7
Instruction ID: a9f23bacfd9bbd4e0130b0634a79b3a649d345fe54cb8238a3d1685de06a644e
Opcode Fuzzy Hash: f7c691c32d0aaa283287ea4deec4e97d0712be6d35872ea24f98cd1b2c7a8de7
Instruction Fuzzy Hash: 3622147060020A9FEB66CF1CC898BBAFBB5EF44714F248569E555CB385E771DA40CB50

Uniqueness

Uniqueness Score: -1.00%

Function 017BB477, Relevance: 4.2, Strings: 3, Instructions: 405COMMON

Download Yara Rule

Strings

(UCRBlock->Size >= *Size), xrefs: 0180298B
HEAP[%wZ]: , xrefs: 01802973
HEAP: , xrefs: 01802980

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: a8756c3a29378f997aeff42e4bdc0d80c253eb636215c4210fdcafdc8430be90
Instruction ID: 5f3f6d205ba78c4f923842c20c8f90f50a535247cda2df9ceb57f1ba789a9f90
Opcode Fuzzy Hash: a8756c3a29378f997aeff42e4bdc0d80c253eb636215c4210fdcafdc8430be90
Instruction Fuzzy Hash: 26E17C70600609DFDB1ACF68C898BAABBB6FF44304F244199E916DB291D774EA81CB51

Uniqueness

Uniqueness Score: -1.00%

Function 017A62A0, Relevance: 4.0, Strings: 3, Instructions: 291COMMON

Download Yara Rule

Strings

MUI, xrefs: 017A62B8, 017A63B7
LdrResGetRCConfig Exit, xrefs: 017A62F4
LdrResGetRCConfig Enter, xrefs: 017A62E2

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
API String ID: 0-1145731471
Opcode ID: 232c75beb96ab01a0a3aba286d3f5cefb172d1ce945a257ea3d68ac6188cb6df
Instruction ID: 7e0da78c7fb2d2f12522259ca416aa19c0a6424a511e83d9fb4f03f33a6d82e4
Opcode Fuzzy Hash: 232c75beb96ab01a0a3aba286d3f5cefb172d1ce945a257ea3d68ac6188cb6df
Instruction Fuzzy Hash: 9FB1BF71A002169BDF25CF69C884BADFB75BF94314F684269FA51EB394E730E850CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01798239, Relevance: 4.0, Strings: 3, Instructions: 233COMMON

Download Yara Rule

Strings

FilterFullPath, xrefs: 017F2F2C
UseFilter, xrefs: 01798263
\??\, xrefs: 017F2E2A

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 866409a861030b31a0b4f014a6d9d93db1f104341ff2a1505a48022bb0f959e6
Instruction ID: e8833c478ef89d34104ba5f5dd521def6c517205c2c558a2682e8d3d96efc1af
Opcode Fuzzy Hash: 866409a861030b31a0b4f014a6d9d93db1f104341ff2a1505a48022bb0f959e6
Instruction Fuzzy Hash: DAA159719116299BDF31DF68CC88BAAF7B8EF44704F1001EAEA09A7250D7359E84CF50

Uniqueness

Uniqueness Score: -1.00%

Function 017CAC7B, Relevance: 4.0, Strings: 3, Instructions: 205COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 0180A0AD
HEAP: , xrefs: 0180A0BA
RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0180A0CD

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
API String ID: 0-1340214556
Opcode ID: 11ce1eb1d8d1031df2fc8729b7c8ef65db40286d7f16cb7edee1158068cebd7a
Instruction ID: 9d10e2e9a33335f2b9ac30dcc04a956c7ce27dc69b896423d04cbe5c624aadb0
Opcode Fuzzy Hash: 11ce1eb1d8d1031df2fc8729b7c8ef65db40286d7f16cb7edee1158068cebd7a
Instruction Fuzzy Hash: 4181D231640689EFE726CB6CC894BA9FBF8FB05B15F0445A9E541C7296E774EA80CB10

Uniqueness

Uniqueness Score: -1.00%

Function 018423E3, Relevance: 3.9, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

Heap block at %p modified at %p past requested size of %Ix, xrefs: 0184256F
HEAP[%wZ]: , xrefs: 0184254F
HEAP: , xrefs: 0184255C

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: 863c9ce3ec2fa0a45199f28f023d83e19cbcc7d85a5bd3dcc0b91e8683554da0
Instruction ID: 5f9c4d89f22a72887ec492edaf2b9f05929d9de6fa0c28a7f18d70dc472e7814
Opcode Fuzzy Hash: 863c9ce3ec2fa0a45199f28f023d83e19cbcc7d85a5bd3dcc0b91e8683554da0
Instruction Fuzzy Hash: CE5136301082588BE774DE1EE884772BBF3EB44748F154859F8C2CB285DA39DA46DB60

Uniqueness

Uniqueness Score: -1.00%

Function 017BEB9A, Relevance: 3.9, Strings: 3, Instructions: 156COMMON

Download Yara Rule

Strings

RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 018042BA
HEAP[%wZ]: , xrefs: 018042A2
HEAP: , xrefs: 018042AF

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
API String ID: 0-1596344177
Opcode ID: e8813295542cfa06d1f861fba765daa4e3e8f0bd2f2715ae0c041706a49ac0db
Instruction ID: 4bfeb22c8ea11daae517f6d1b13d72cb4e0c0a0eb7ef32bc3e6970dc33f96182
Opcode Fuzzy Hash: e8813295542cfa06d1f861fba765daa4e3e8f0bd2f2715ae0c041706a49ac0db
Instruction Fuzzy Hash: C351EE70A00519DFDB14DF58C484BAAFBB2FF85300F1581A9E9059B346DB70A942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 017BB8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON

Download Yara Rule

Strings

(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 01802C8A
HEAP[%wZ]: , xrefs: 01802C72
HEAP: , xrefs: 01802C7F

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 873b1be0bce80aaafbd33405109e55327b132886ed96d14207d422e09376557e
Instruction ID: 370c33d0cc5f4a0deebfe1e1d69af19678224a5c1ef65cec653c5d410f5a7a1e
Opcode Fuzzy Hash: 873b1be0bce80aaafbd33405109e55327b132886ed96d14207d422e09376557e
Instruction Fuzzy Hash: AB11D331344502DFEB29E719D4D8FB6F7A6EF90A20F158469E806CB255DB70D944C741

Uniqueness

Uniqueness Score: -1.00%

Function 017ABA00, Relevance: 3.1, Strings: 2, Instructions: 614COMMON

Download Yara Rule

Strings

$, xrefs: 017ABA68
.mui, xrefs: 017ABC37

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: $$.mui
API String ID: 0-2138749814
Opcode ID: 2ec5f445c5492ea009ccee9382cef1ef3e705c10fcb9a1fbbdded99862d1d6c8
Instruction ID: 301b6b8845c810cdfd89effb6a401f1199949d93fdfcad494778a7204c9808c6
Opcode Fuzzy Hash: 2ec5f445c5492ea009ccee9382cef1ef3e705c10fcb9a1fbbdded99862d1d6c8
Instruction Fuzzy Hash: BE424C729026699FEB61CF58CC40BEAF7B8BB88310F4441E9E50DA7256DB309E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 017A99C7, Relevance: 2.8, Strings: 2, Instructions: 294COMMON

Download Yara Rule

Strings

LdrResFallbackLangList Enter, xrefs: 017A99F2
LdrResFallbackLangList Exit, xrefs: 017A9A04

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-1720564570
Opcode ID: 8a8c523437075ce1eff0ba419a1fdf9ca0cb370d9e1ef98b920c11fca6c4a484
Instruction ID: e00f32c0612abb974cb9ad4efd57a54edcee682c204640e41f9bb5c0cbf05b6a
Opcode Fuzzy Hash: 8a8c523437075ce1eff0ba419a1fdf9ca0cb370d9e1ef98b920c11fca6c4a484
Instruction Fuzzy Hash: CFB19E32208386DBD715CF18C440B6AF7E4BBC4744F848A6EFA899B391E734D954C752

Uniqueness

Uniqueness Score: -1.00%

Function 0185E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON

Download Yara Rule

Strings

`, xrefs: 0185E670
`, xrefs: 0185E5D7

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
Instruction ID: bbb3fede0c37e9be9555c4cc83303953e351ecb959400c4331266723b3059901
Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
Instruction Fuzzy Hash: 90918E712043469BE764CE29CC45B1BFBE6EF84754F14892DFA95CB280E774EA04CB62

Uniqueness

Uniqueness Score: -1.00%

Function 018151BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON

Download Yara Rule

Strings

Legacy, xrefs: 01815226
UEFI, xrefs: 0181521D

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 18fcd9776c2a5f524f95a5f6b523e3aa2a5c33b3b986e5a5c8a6501a705da9f4
Instruction ID: 249c367b1d482672936d067fa21f971e9d5ac08988c1357810cfe031b7dc6571
Opcode Fuzzy Hash: 18fcd9776c2a5f524f95a5f6b523e3aa2a5c33b3b986e5a5c8a6501a705da9f4
Instruction Fuzzy Hash: F15180B2E006099FDB25DFA8C850BADBBF8FF8A704F14402DE609EB255D7719A41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01794439, Relevance: 2.6, Strings: 2, Instructions: 129COMMON

Download Yara Rule

Strings

0, xrefs: 017944A3
Flst, xrefs: 01794476

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: 0$Flst
API String ID: 0-758220159
Opcode ID: d20c5a38000018aa0e5fb743f9e8b43d09a783cc4ab89cadb3a15f3dded391ad
Instruction ID: ae97ef0b9716edeb2eb5457a163102ce87ff510712cb5d7a2e3ad8558a178b03
Opcode Fuzzy Hash: d20c5a38000018aa0e5fb743f9e8b43d09a783cc4ab89cadb3a15f3dded391ad
Instruction Fuzzy Hash: 03418CB1A00648CFDF25CF99DA887AEFBF5EF44314F14802ED14A9B656D7319946CB80

Uniqueness

Uniqueness Score: -1.00%

Function 017A61A7, Relevance: 2.6, Strings: 2, Instructions: 115COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Enter, xrefs: 017A61CE
RtlpResUltimateFallbackInfo Exit, xrefs: 017A61DD

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: e3e736457407789cdfd1404abf1547e03920633639d2bca9cbc699def7bf8b84
Instruction ID: 51116474621a6ab17613df2b7230d50931538c1d92764d77a04f4db67a2a7e2c
Opcode Fuzzy Hash: e3e736457407789cdfd1404abf1547e03920633639d2bca9cbc699def7bf8b84
Instruction Fuzzy Hash: 0941CE31A08206DFEB158FA9C844BAAFBB4FF85314F1845A9FA00DB391E7359A40CB51

Uniqueness

Uniqueness Score: -1.00%

Function 017AC1C0, Relevance: 2.1, Strings: 1, Instructions: 876COMMON

Download Yara Rule

Strings

MUI, xrefs: 017AC2EE, 017ACB6D, 017ACE47

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 322fb3d6562c44340ea6cc67a76ced7113c1f4189d1ac9497b80acaa211e9a66
Instruction ID: 585fd87f635d61f4685e5458ed258c0fa6ffd6e0730550b920cc78d87c399d28
Opcode Fuzzy Hash: 322fb3d6562c44340ea6cc67a76ced7113c1f4189d1ac9497b80acaa211e9a66
Instruction Fuzzy Hash: 59728075E00219DFEB26CF68C8407ADFBB1BF88314F5482AAE959AB345D7309985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0183EB8A, Relevance: 1.8, Strings: 1, Instructions: 599COMMON

Download Yara Rule

Strings

@, xrefs: 0183F10A

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c01ae60a8d3ed72b47af12ae9082842773fbe56f0cc8516a732f682fd99261af
Instruction ID: 7dfa1be6797e14d0f212a6807828058c550bbca129da26d67a6d842cd08b2c0b
Opcode Fuzzy Hash: c01ae60a8d3ed72b47af12ae9082842773fbe56f0cc8516a732f682fd99261af
Instruction Fuzzy Hash: 5032C074614655CBEB25CF2DC090376BBE1BF85304F0C849AEA86CB286D335E652CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 017BB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017BB9A5

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 885266447-0
Opcode ID: 69120ed94e662b9ff8f44ddddd15395cd53a5b87159c2b8650f9bc135e37925f
Instruction ID: 2cf76eb7e9b84cfa6be9227d99fe95a3c99ce6f16fee6056b5ef0df8122fbce1
Opcode Fuzzy Hash: 69120ed94e662b9ff8f44ddddd15395cd53a5b87159c2b8650f9bc135e37925f
Instruction Fuzzy Hash: AC515471A08301CFC721CF6CC4C4A6AFBE9FB88600F54896EEA8597385D770E944CB92

Uniqueness

Uniqueness Score: -1.00%

Function 017C2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMON

Download Yara Rule

Strings

PATH, xrefs: 017C2642, 017C2691

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: 587eb96d17ab2df190b4f3c317b64afb26d3117d21fceb39a1cea62bb7a9315f
Instruction ID: 8ba313aa3dcfc0d0bbb8a65b901565635fffd1db5fd89745c047a8202429055f
Opcode Fuzzy Hash: 587eb96d17ab2df190b4f3c317b64afb26d3117d21fceb39a1cea62bb7a9315f
Instruction Fuzzy Hash: F4C16C71D002199BDB25DFACD890BADFBB1FF48B10F58406DE601BB255D734A941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 017CFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0180BE0F

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
API String ID: 0-865735534
Opcode ID: 9f97bc38e28b63e5b428cc478362a226a8befcf719a1a0b96b6246010dd727b9
Instruction ID: 51301f1812d337e27c4aabded50b88abf9008217a4a943a34f3907df2b592f08
Opcode Fuzzy Hash: 9f97bc38e28b63e5b428cc478362a226a8befcf719a1a0b96b6246010dd727b9
Instruction Fuzzy Hash: CEA1F475B006068BEB36DF6CC854B7AF7A6AF44B10F04456EEA16DB681DB30DE41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01792D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

RTL: Re-Waiting, xrefs: 017EFA4A

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: RTL: Re-Waiting
API String ID: 0-316354757
Opcode ID: 3a807ddb2bb41ac9fb0424c92b79567f43efebcd0fd762ebf9ebeb0f35aa436f
Instruction ID: c3ebafbcff172531a657d23d7b105c2056ac8ffc83dbab72c90269b3d2b5126c
Opcode Fuzzy Hash: 3a807ddb2bb41ac9fb0424c92b79567f43efebcd0fd762ebf9ebeb0f35aa436f
Instruction Fuzzy Hash: 77612331A00605ABEF32EF6CD888B7EFBF5EB49710F1406A9D6119B6C2C7349A44C781

Uniqueness

Uniqueness Score: -1.00%

Function 017CF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

@, xrefs: 017CF124

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction ID: cdf36d13c51aa04ebefb5e679687326372d56fc144dfbd358d6a686385e76016
Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction Fuzzy Hash: E2516A71504715ABC321DF19C840A6BFBF9FF88B10F008A2DFA9687690E7B4E944CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01813540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 0181358F

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 7b62a05d4b9139ea19bfbcda5e1d17e2675318781a4f39ec405b926fcbc998d2
Instruction ID: eaacc0c83ebbfbc7a468c884604ee23574c957da522ba1fa0168c4d6a28fd147
Opcode Fuzzy Hash: 7b62a05d4b9139ea19bfbcda5e1d17e2675318781a4f39ec405b926fcbc998d2
Instruction Fuzzy Hash: BA4151F2D0052DABDB21DA54CC84FEEB77CAB45724F0045A5EB09AB245DB309F888F95

Uniqueness

Uniqueness Score: -1.00%

Function 018605AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

`, xrefs: 01860633

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
Instruction ID: 51389d94148f47e6dcf79307f0bd72e8a2fa400e60bd2719815e2bdd88949294
Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
Instruction Fuzzy Hash: 7231E23220430A6BE710DE28CD84F967B9DEBC4754F144229FA58DB2C0DB70EE04CB96

Uniqueness

Uniqueness Score: -1.00%

Function 017C4020, Relevance: 1.4, Strings: 1, Instructions: 110COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 017C40E8

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
API String ID: 0-996340685
Opcode ID: c6a4ab608891b2dc98845a0a2f0d94c7e018119a86327c929ee752582707f691
Instruction ID: 7c8c1afb068d3b160528e308ff737a12a449916dd07794f21c5c90300aa7c55a
Opcode Fuzzy Hash: c6a4ab608891b2dc98845a0a2f0d94c7e018119a86327c929ee752582707f691
Instruction Fuzzy Hash: C5416075A0074A9BD725DFB8C4516EAFBF4FF59700F00496ED6AAC3240E330A655CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01813884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 018138B4

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: dd8d27b26ebe04d6cc56b348a42972790351b633587517da2cdb858be107a909
Instruction ID: 3e8ff80549b5d88c2c0ae270ad9ac81cead33f94b55db8da64e72f44f3a5d5a0
Opcode Fuzzy Hash: dd8d27b26ebe04d6cc56b348a42972790351b633587517da2cdb858be107a909
Instruction Fuzzy Hash: 6431FF7390050AAFEB16DB58C945EABFB79FB81B30F014169AE09E7285D7309F00C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 017CD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

@, xrefs: 017CD303

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 7565c79cd0024d13d3f7dea1406decd6dec2b0f23a9d5c330effd7f4ebf2e6c0
Instruction ID: 401cda143379d0c50f8fbc170b0d62cf5850c1c26850786f85c80f19fbba8d28
Opcode Fuzzy Hash: 7565c79cd0024d13d3f7dea1406decd6dec2b0f23a9d5c330effd7f4ebf2e6c0
Instruction Fuzzy Hash: 1F316BB1508345DFC321DF68C984AABFBE8EB99B54F00092EF99583251E634DD04CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 017A1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

WindowsExcludedProcs, xrefs: 017A1BC5

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: WindowsExcludedProcs
API String ID: 0-3583428290
Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
Instruction ID: d229699cfcfaec9eb8662702271beaa5b1287ef628891d8ffd0dc8025ea5939c
Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
Instruction Fuzzy Hash: 4721293B500229ABEB269E59C884F9BFBBDEFD1A60F854565FE048B304D630DC00D7A0

Uniqueness

Uniqueness Score: -1.00%

Function 01848DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

Strings

Critical error detected %lx, xrefs: 01848E21

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: Critical error detected %lx
API String ID: 0-802127002
Opcode ID: 7d62a7263aecc6319d8a74a0390424c5fd5ad1bf8a74ead5f79e23b1f854564c
Instruction ID: 25aef7a083421bbb8f93bdd40f4dca9ed372e876dc26a41dfec42e6b10500be8
Opcode Fuzzy Hash: 7d62a7263aecc6319d8a74a0390424c5fd5ad1bf8a74ead5f79e23b1f854564c
Instruction Fuzzy Hash: 471153B1D44348EBDB25DFE8C5097ECBBF0AB19714F20422EE528AB282C6344602CF14

Uniqueness

Uniqueness Score: -1.00%

Function 01865BA5, Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d889f536c0063d7e7c1decc056b2fc03bcabf6ceac163f3fbebf7d702063a8c
Instruction ID: 505ac4a23add9996870ce599ef591d517feae331621cf8e8d6c7aded1b7056c0
Opcode Fuzzy Hash: 9d889f536c0063d7e7c1decc056b2fc03bcabf6ceac163f3fbebf7d702063a8c
Instruction Fuzzy Hash: 6D425B71D00269CFDB24CF68C980BA9BBB5FF45304F2481AAD94DEB242E7749A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01855A4F, Relevance: .6, Instructions: 581COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd5163421565808c149003d02c55e1cb4122e2db6142a2775585a63b6d1381b9
Instruction ID: 2daa4bb9640e30ab0307885e52811ea2385a489ccc8dfe2edbf7ab1bc1c41ef4
Opcode Fuzzy Hash: dd5163421565808c149003d02c55e1cb4122e2db6142a2775585a63b6d1381b9
Instruction Fuzzy Hash: 23227135A002168FDB59CF5DC4906AEB7B2FF88714F28856DD951EB345EB30AE42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 018560F5, Relevance: .6, Instructions: 558COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bcf30b7115d316a2c9ff51d143bb29b088577d740eda55cbecf2994d391cde8
Instruction ID: c2211afe23ea2703204f8c1a90d593505f772419cf0fcadc7de09e7ac3d07870
Opcode Fuzzy Hash: 0bcf30b7115d316a2c9ff51d143bb29b088577d740eda55cbecf2994d391cde8
Instruction Fuzzy Hash: 6C22B3356043118FDB59CF18C4D0A2AB7E2FF88314F648A6DE996CB355E730EA45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 017B4120, Relevance: .4, Instructions: 444COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26079b5b74eedf662f58ddfe9019844d3080cc0410eef3475940b0aefa2e5f15
Instruction ID: 5b55288cddeea2d7ee8e174dc01d6c3e6417f911b27150c806af55d9f43b84eb
Opcode Fuzzy Hash: 26079b5b74eedf662f58ddfe9019844d3080cc0410eef3475940b0aefa2e5f15
Instruction Fuzzy Hash: 9EF16A706086118FD724CF19C484BBAF7E1AF88714F15496EF5878B3A2EB34D891CB52

Uniqueness

Uniqueness Score: -1.00%

Function 017C20A0, Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7970685093c094e4377a88dba253a95b266cbb241d1a3791bb9f0d2e6c4aafe9
Instruction ID: 50d3071c9841d7a2c598bed1826561764d7edd9c1870655380e5ab19e08aedb0
Opcode Fuzzy Hash: 7970685093c094e4377a88dba253a95b266cbb241d1a3791bb9f0d2e6c4aafe9
Instruction Fuzzy Hash: 39F111316083059FEB26CB2CC84476ABBE2AFC5B24F05856DE995DB282D734D940CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01796800, Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7abdb0f6f96ae2f767362e315880a293da6716c3484b6f676ec0d0d660659e4
Instruction ID: e420ea671798fac8d60c7f51c18e500b36cb705509cb6115a4499df9e7af087c
Opcode Fuzzy Hash: c7abdb0f6f96ae2f767362e315880a293da6716c3484b6f676ec0d0d660659e4
Instruction Fuzzy Hash: 52D19F71A0020ADBDF14DF68D891ABAF7B4EF15314F14426DFA16DB280E734E949CB60

Uniqueness

Uniqueness Score: -1.00%

Function 017C65A0, Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51744795a25aabf519569e41856d7ce02bfb96152e66cd7a2db259a055463025
Instruction ID: 7dcb189454b6a32cdd8eecd575578359cc79068c7ae7a4bc435953249802d360
Opcode Fuzzy Hash: 51744795a25aabf519569e41856d7ce02bfb96152e66cd7a2db259a055463025
Instruction Fuzzy Hash: EDE16D75A002098FDB18CF59C880AAAFBF1FF48710F54816DE955EB395D734EA81CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 017AD5E0, Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b709bda27e8de0a28c28e29d5d0087cf30a0a433fed6c2ed92f4982e5e510384
Instruction ID: 3f094f5c39076f2d2a6204e0842e6dcab07874cfdf183c2bcc8bd59d7103014f
Opcode Fuzzy Hash: b709bda27e8de0a28c28e29d5d0087cf30a0a433fed6c2ed92f4982e5e510384
Instruction Fuzzy Hash: B6E1C130A0025ACFEB35DF58C984BAAFBB2BF85304F44029DDA0997691DB74A981CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01793ACA, Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1105b6962e250028d56f3f7f1b265319444d015af065429acd799b3b2d3b3527
Instruction ID: 9a44e98a9001ccbf1540672a07da21923fe749516d659470f5675b2a69c98b7c
Opcode Fuzzy Hash: 1105b6962e250028d56f3f7f1b265319444d015af065429acd799b3b2d3b3527
Instruction Fuzzy Hash: 2EE1EC70E01648DFCF25CFA9D984AAEFBF2BF48300F24456AE546A7261D730A985CF10

Uniqueness

Uniqueness Score: -1.00%

Function 017BB236, Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
Instruction ID: 02c98fa72fccf3d5a78283e0abd013b8b53cda8b74941248124f11a79fc66004
Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
Instruction Fuzzy Hash: F1B1B031A0460A9FDB16CBA9C8D4BBEBBB6EF84304F1401A9EA42D7385D770DA40CB50

Uniqueness

Uniqueness Score: -1.00%

Function 017C513A, Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3c0355380cc41e45179c6e523879e45f776b4c10e93d5c0113b602b171a1ffa
Instruction ID: fa727d36daf7242deb01936c5d4436aeec9d6d98e9984e8b5b033f1ddbeef811
Opcode Fuzzy Hash: f3c0355380cc41e45179c6e523879e45f776b4c10e93d5c0113b602b171a1ffa
Instruction Fuzzy Hash: 23C124756083818FD355CF28C980A5AFBF1BF88704F244A6EF9998B392D771E945CB42

Uniqueness

Uniqueness Score: -1.00%

Function 017C03E2, Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f03203bc6066e78946d2bb3ce7c762e91f3e16df637c1ad3909882769816b5
Instruction ID: db0c6cc5512b6f185664d1f184a4907e35d4af7f9f77322d2edb27bee14b7ac3
Opcode Fuzzy Hash: 86f03203bc6066e78946d2bb3ce7c762e91f3e16df637c1ad3909882769816b5
Instruction Fuzzy Hash: 1A91E635E40259DFEB229B6CDC48BAEFBA4AB01B24F150269FA11E72D1D7749E40C7C1

Uniqueness

Uniqueness Score: -1.00%

Function 017CDA88, Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b92aa00bc6d3a379d2f495664edec07cc1b901d83597352ab0aecdad7940d90
Instruction ID: f59b1169c47cd70383197aa9c745b393ae7175c284354251524e731644ce2ef0
Opcode Fuzzy Hash: 9b92aa00bc6d3a379d2f495664edec07cc1b901d83597352ab0aecdad7940d90
Instruction Fuzzy Hash: B2A16974A042058FDB35DF9CC580BA9FBE0BF48714F2445AED9119B296E771DA82CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01795AC0, Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2933788c4808bfad533a83b3003570b730c939a176258b5371a257f42592afd9
Instruction ID: 394f848372b953001ef1d82cd4eae920cc78a457e081046c2ef435798af4f39a
Opcode Fuzzy Hash: 2933788c4808bfad533a83b3003570b730c939a176258b5371a257f42592afd9
Instruction Fuzzy Hash: 0B81B4B5A001298BDF258B68CD40BEAF7B8AB44314F4441AE9B15E3281EB74DEC58B95

Uniqueness

Uniqueness Score: -1.00%

Function 017C138B, Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
Instruction ID: bd9853f2da6f36e19a9ebad426fdd1bcd9e92d4823dd6871dec263ea817ba8b6
Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
Instruction Fuzzy Hash: 98816B75A00649DFDB25CF68C884BAAFBF5EF48700F14856DE956C7692D330EA41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0182B8D0, Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3566ec2df4405ee8bb98faf68e68498922e0af06f9bd69420455da0b37a97bd
Instruction ID: d101d4c27027ac7c97524642903337f22f3c6b3a6bf18d81340f7c2c59d82c0c
Opcode Fuzzy Hash: a3566ec2df4405ee8bb98faf68e68498922e0af06f9bd69420455da0b37a97bd
Instruction Fuzzy Hash: 1271E132202716AFE7329F18C845F56BBF5EB44724F144528E656DB2E1EB71EA80CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01816DC9, Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
Instruction ID: 63811d3fbccabfad03b1a355b817ba35afd65469b98426ecb55b336945d2a0a9
Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
Instruction Fuzzy Hash: 28717F72E00219EFDB10DFA8C984AEEFBB9FF48714F104569E505E7254EB34AA41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 017AF370, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bd3e041e034337ca81c4d8501f51048365d5e92dac3406b74046888d4c83a49
Instruction ID: d0317ef870de52d6d39f6d1fad027680879f36979a648a0c31ac4932d71baa15
Opcode Fuzzy Hash: 0bd3e041e034337ca81c4d8501f51048365d5e92dac3406b74046888d4c83a49
Instruction Fuzzy Hash: 3D61EE32A052158BCB29CF5CC4807AEFBB1EF85710B9982A9E955DF345DB34D942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0179395E, Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c4ee65b584820a852363e2a19ce469667503a2fa0e7e1c0f764603c4663b8ec
Instruction ID: ca6245f7f0831cfacf377c930db02ad2a688a042d8b8cb6fce4de2666b6e5c07
Opcode Fuzzy Hash: 3c4ee65b584820a852363e2a19ce469667503a2fa0e7e1c0f764603c4663b8ec
Instruction Fuzzy Hash: 4351A071A007469FDB34DF69D888B6BF7AAFF45319F00452DE10687615CB78EA48CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0179B171, Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a18f5864363b79de1df38f3d3d91a430298f6ce748d12dc3a211663619e2bdb1
Instruction ID: 0f06fc2fd51208441a82f6cc815aa5a9e825c23ed7bf770693f2512f711b5771
Opcode Fuzzy Hash: a18f5864363b79de1df38f3d3d91a430298f6ce748d12dc3a211663619e2bdb1
Instruction Fuzzy Hash: 3F51AC71E0025A8BEB31CF68C844BAFFBF0AF04710F1141ADDA5AAB386D7744985CB91

Uniqueness

Uniqueness Score: -1.00%

Function 017C95EC, Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbbb0c9f816e4341c04a5a26a05b6dc81e27651a85ed76c2bdf03ec3ab00d987
Instruction ID: 19e61ae39b555fcceeb4de09293de59de7e20b242ffacd3245a69f7c3f4734ba
Opcode Fuzzy Hash: bbbb0c9f816e4341c04a5a26a05b6dc81e27651a85ed76c2bdf03ec3ab00d987
Instruction Fuzzy Hash: 5A51BD71A0060AAFDB56DF68C848BBEFBB4BF54719F00416DD616A72A1DB749A10CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0185B581, Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3357c7473cd300f00aee481158c2c11523ecddc46f100ad4d96e084ce8768785
Instruction ID: 485f56bca1eb1162ee9c3e1e30818445d59ccb17623d09591bfc09ca7c295d80
Opcode Fuzzy Hash: 3357c7473cd300f00aee481158c2c11523ecddc46f100ad4d96e084ce8768785
Instruction Fuzzy Hash: 3851F5316047468FE395DF28C594B66BBE6FFA0308F080569ED45CB290EB30EA05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 017952A5, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddd018ca3713c6c961c95b54c32a58a408d8a2f95526a5cc031e433f05f8a23a
Instruction ID: 284be0fbaa3a9ce93bd251640b27926573c4e42975c9829da0430057347f12cd
Opcode Fuzzy Hash: ddd018ca3713c6c961c95b54c32a58a408d8a2f95526a5cc031e433f05f8a23a
Instruction Fuzzy Hash: A351DD71109342ABD722EF28C844B2BFBE5FF94710F14096EF59587692E774E848CB92

Uniqueness

Uniqueness Score: -1.00%

Function 017C2AE4, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b4cb0bb34de5e00194ba5c8718c83e17b0454cea6e644dcc5187a0916548d3e
Instruction ID: 775111d6ed307b52f36b63317dcd14c8fe61056133a2c2c3028e0f2c855fd245
Opcode Fuzzy Hash: 7b4cb0bb34de5e00194ba5c8718c83e17b0454cea6e644dcc5187a0916548d3e
Instruction Fuzzy Hash: A351A176B00115CFCB28DF1CC8949BDF7B1FB88B00719855EE846AB366E730AA51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 017C3C3E, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8482ff09958b53dd573dec94abfd41b2de98c4ce51906cd70cb43b6a59632723
Instruction ID: 31e8d2ea6b303e45c9e0ce5c10a865a15ba1ae25481768ae9780b9fa56e1166f
Opcode Fuzzy Hash: 8482ff09958b53dd573dec94abfd41b2de98c4ce51906cd70cb43b6a59632723
Instruction Fuzzy Hash: 75518171608341AFD751DF29C884A6AF7E8FF84714F14896DF899C7281D770DA05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 017BDBE9, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bde05d17d94f4916a91742ac931dabfb954d9134926faf94f94d1e9e972a4195
Instruction ID: 43397dcb6d67083c810f95caf7e6b15e282b87c10f136970ad244202f529e1ae
Opcode Fuzzy Hash: bde05d17d94f4916a91742ac931dabfb954d9134926faf94f94d1e9e972a4195
Instruction Fuzzy Hash: DE518F71A00606CFCB25CFA8C4D07AEFBF1BB49318F20815AD955A7344DB30A984CB90

Uniqueness

Uniqueness Score: -1.00%

Function 017D4D51, Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
Instruction ID: 76b832549d6c29df71c412e00dab7631d60ab89fdc2498be7dc938a321a502a4
Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
Instruction Fuzzy Hash: 9C516735A00619DFCB15CF88C480AADF7B1FF88710F2481A9D956EB791D730AE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 017C2990, Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91abb40150e64b714f83420b6bcabbf26f095effc3280c7d534a5a1fa0bc71e5
Instruction ID: e356c931985dcf4c0618d737c82b78bb29a2f1b6ab4630068c038271f80c4101
Opcode Fuzzy Hash: 91abb40150e64b714f83420b6bcabbf26f095effc3280c7d534a5a1fa0bc71e5
Instruction Fuzzy Hash: 3D516A3190020AEFDF26DF58C840ADEBBB5BF48B10F04815DE901AB261C7759E52CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 01795050, Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b034012b417ade335a343487d605bbb562a6e7e4c1dcf35b7fe38e368e87b07a
Instruction ID: 784c6458fe9b72268595a9ecc9be540380968f2bfed530b1b3892ddc0095bb10
Opcode Fuzzy Hash: b034012b417ade335a343487d605bbb562a6e7e4c1dcf35b7fe38e368e87b07a
Instruction Fuzzy Hash: ED4104766443129BC725EF28D884BABFBA5AF94710F10092DFA958B381E730DC45C7D5

Uniqueness

Uniqueness Score: -1.00%

Function 017C4BAD, Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0d76d63cae97a7de115913a02db00356752418baa31dc6683f4376c7b46bf12
Instruction ID: 3099b68efd02aee78998e582db077500499a8b340e79373377a350b14c970fc2
Opcode Fuzzy Hash: c0d76d63cae97a7de115913a02db00356752418baa31dc6683f4376c7b46bf12
Instruction Fuzzy Hash: DF41B435A0022D9BDB31DF68CD44BEAB7B4AF45B00F0101A9E909EB251EB349E84CB91

Uniqueness

Uniqueness Score: -1.00%

Function 017C4D3B, Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d783be487f9ba194660e9c1a19fe421d114c31b072ccd3f982091a14214c4c
Instruction ID: 292017d364120a14b1d48f483d914f3aa685b4f9887114e92f39e803d3768387
Opcode Fuzzy Hash: e1d783be487f9ba194660e9c1a19fe421d114c31b072ccd3f982091a14214c4c
Instruction Fuzzy Hash: CA41B171A403189FEB22DF18CC94FAAFBB9EB45B10F05009DE9469B285D774DE44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 017BF86D, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c56c19aa8976682a0ccd1552df44adc62c46fee3b741774204cf610001308cfc
Instruction ID: 58e2beab0809cf3d2869695b61d8e48254554e21c1185821e9d76a1445300041
Opcode Fuzzy Hash: c56c19aa8976682a0ccd1552df44adc62c46fee3b741774204cf610001308cfc
Instruction Fuzzy Hash: 7241A3B1A0020AEFEB229FACCC88BEDF7B5BF58B14F14041DE640E7251D77599408B90

Uniqueness

Uniqueness Score: -1.00%

Function 01826365, Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
Instruction ID: 81ec3d4c8126a1689a6ee713aa2eeeeafb957d4017f82ddbcd5fce3fc86ffc98
Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
Instruction Fuzzy Hash: C541D236600125EBDB26DF68CC94BAF7B79EF44714F294168EE029B291E731DE41C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 01791AA0, Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
Instruction ID: 64abceffda8d60bf6cfaa94c41b7c5aa65c6514133a0d669a024f859fda44e04
Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
Instruction Fuzzy Hash: CA413F71A00606EFDB24CF99D980AAAFBF9FF18310B5085ADE556D7650E330EA58CB50

Uniqueness

Uniqueness Score: -1.00%

Function 017A0100, Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c977da5f8ec098367819cca65a9af9119e126b8f1b23582fc640b1bfc990b9
Instruction ID: 73a9d9643ee6f7ceb7ed2256ec4482a104c22147e83f03fffeca4aac147a208d
Opcode Fuzzy Hash: c2c977da5f8ec098367819cca65a9af9119e126b8f1b23582fc640b1bfc990b9
Instruction Fuzzy Hash: 7541B931945205CFDF21DF68CA807EEBBB0BF58314F540659E511AB396E335AA80CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 017A8A0A, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27fe7c11a55fdb1146b2f804453ba2b157f74f83f5a37ac9ccbb47c60d10e26a
Instruction ID: e5eca4d6e02e63e035635bf445b8930dc07d956bb2fd84241d0d94daaec613e4
Opcode Fuzzy Hash: 27fe7c11a55fdb1146b2f804453ba2b157f74f83f5a37ac9ccbb47c60d10e26a
Instruction Fuzzy Hash: 794181B0A0122D9BDB24DF19CC98BA9F7F4FB94301F5042EAE91997242E7709E80CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0185AA16, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
Instruction ID: e6cc6dc6fdc4ebc8879f74dd01a2d0d45203960438c9961a96cd4eb2486cbd6f
Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
Instruction Fuzzy Hash: 3031F332F001056BEB598B69C8C5BAFFBABEF84310F094569ED05E7291DA749E04C691

Uniqueness

Uniqueness Score: -1.00%

Function 0185FDE2, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
Instruction ID: f35eafb2f5a564c8ccb1542abd79ddee7d30a92e034baee2a53229ae470c4d41
Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
Instruction Fuzzy Hash: DD3116322006456FD362976CC844F6ABBEAEFC5750F184558EE46CB742DA74DE41C760

Uniqueness

Uniqueness Score: -1.00%

Function 0185EA55, Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
Instruction ID: 3ef16f1643132cf581f082f2f40682b1904623121ad792bb5f37c1ccd1ea21bd
Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
Instruction Fuzzy Hash: C03192726047069BC759DF28CC84A5BF7AAFBD0350F044A2DE956C7645DE30EA09C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 017AB433, Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
Instruction ID: 90308a17812c818939ef28cef20a017033809bf49489c65855157fc63be1c0ff
Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
Instruction Fuzzy Hash: 09412832600645AFDB22CBACCC84FDAFBF9EF54350F0482A6E45997352C774A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 018169A6, Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46732f5effea686d105bc4112e4f751030a5687e29e93072bad852904187e208
Instruction ID: ee61fd9ba2e0689db065e2e7d03b6142bbcf348f9aad113ffee7e8e3b4c11571
Opcode Fuzzy Hash: 46732f5effea686d105bc4112e4f751030a5687e29e93072bad852904187e208
Instruction Fuzzy Hash: C7415CB2D012099FDB24DFA9D940BEEFBF8EF48714F14812AE954E7244EB749A05CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01795210, Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cbd3710656da5ee92dd44e96259fdd11eab2af55eb0d6aabde5e4d451c10e09
Instruction ID: a1e44765d8074c77c395e30b796e3f88128e8e98da5da86f87a748455ecbd667
Opcode Fuzzy Hash: 9cbd3710656da5ee92dd44e96259fdd11eab2af55eb0d6aabde5e4d451c10e09
Instruction Fuzzy Hash: 70312431245611EBCB26AB28D984F6BF7B6FF50760F10466EF6164B3E6DB30E840C690

Uniqueness

Uniqueness Score: -1.00%

Function 017D3D43, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7e4741b8778e3516e1ddfc37fe53e7608cf89caef46162b50ed6eb25134740
Instruction ID: afd121ae91781f4a83fafaea9412b79fd022510fd3457a20f0b05a7c0afb3fc0
Opcode Fuzzy Hash: 7d7e4741b8778e3516e1ddfc37fe53e7608cf89caef46162b50ed6eb25134740
Instruction Fuzzy Hash: 7331AFB1601619DBD7298F2DC841A6BFBB5FF89710B0584AEE945CB390E730D880CB92

Uniqueness

Uniqueness Score: -1.00%

Function 017BC182, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
Instruction ID: c94f8517fb5e62ce6b691571f41f63299ef66082d54ec65d024fa4b3ba85280e
Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
Instruction Fuzzy Hash: 7031487160558BBFD706EBB4C8C4BE9FB58BF52200F04C15AD51C97245DB346A49C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 01817016, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83a821d5f9305c07fa64e21ed8e73aa6a29418cfbae1e9acfb78c188b0065860
Instruction ID: 0076ca3ea976b1fdb3b57e0a78c387c447008f6d605dd1e2a20ecf763ab87e93
Opcode Fuzzy Hash: 83a821d5f9305c07fa64e21ed8e73aa6a29418cfbae1e9acfb78c188b0065860
Instruction Fuzzy Hash: 4031A4736047519BC320DF6CC940A6AB7E9BFC8700F054A2DF995C7694E730EA04C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 017C53C5, Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38647e7d360a7422ffa34a748f4f90478a358a0b8b219f5b337ffc37080d02f6
Instruction ID: 7bdd678119753bf2b80e22aa3e78dfd33989772f731a6549fa9805c8ad47875a
Opcode Fuzzy Hash: 38647e7d360a7422ffa34a748f4f90478a358a0b8b219f5b337ffc37080d02f6
Instruction Fuzzy Hash: C241E5307047498BDB72CBB8881479FFAE2AF55304F14062DC186A7281DB756A05CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 01843D40, Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a13ff94fde283ee312341f45583a4324fed4766d1cef868f9e81b74f5d4b927
Instruction ID: 34f0dba5ba47be4fc7ad4b3ee4ba2455504a0dd30e505ac9aa78f13ff678e3bf
Opcode Fuzzy Hash: 3a13ff94fde283ee312341f45583a4324fed4766d1cef868f9e81b74f5d4b927
Instruction Fuzzy Hash: 16319A7150A316CFCB24EF18C48495AFBE1FF85704F44896EE898CB645EB30EA04CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01793880, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba1b5e04807a8902d71e76b0f8411d00497590f9eaebbf04df11d9f53f11fa9
Instruction ID: 9999c8b179a539f4bbbc2968568d74d4ab835d39397f0053bd4d0986b6415892
Opcode Fuzzy Hash: 9ba1b5e04807a8902d71e76b0f8411d00497590f9eaebbf04df11d9f53f11fa9
Instruction Fuzzy Hash: 0A31C432E00219AFDB21DEB9D884BAEFBF9FB08320F014565E915E7650D7309E049BD0

Uniqueness

Uniqueness Score: -1.00%

Function 0185A189, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 383fd44054bb0f01b1384e5bee79c02d25a9cb7c618266ea0ca5db91186f5978
Instruction ID: de0c7252d42dd095b3ccf2b48bccbfd83f31d5b7ea45ef66ed2e8664b1566bc0
Opcode Fuzzy Hash: 383fd44054bb0f01b1384e5bee79c02d25a9cb7c618266ea0ca5db91186f5978
Instruction Fuzzy Hash: 6B313831A40616EBCB1A9F9DC8C0B6EBBB8EF45754F100169E916DB341EB70DF008790

Uniqueness

Uniqueness Score: -1.00%

Function 017C61A0, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aea9043fdba397be7f295e82b57f00fa9ad92533b06da200b676cc524a8f55dd
Instruction ID: 476c29ed7c3811f3e5b5c328ff8f559d35531af692b165095aa172117ccc09cc
Opcode Fuzzy Hash: aea9043fdba397be7f295e82b57f00fa9ad92533b06da200b676cc524a8f55dd
Instruction Fuzzy Hash: D23159716097018FE361CF1DC840B26FBE5AB88B00F45496DFA95DB391E770E9048B92

Uniqueness

Uniqueness Score: -1.00%

Function 0179AA16, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9447de5e87e9d8357b6f7462ce0c42401a6beb8095d973d003da87326c17dfb3
Instruction ID: a5883805945ab835e12e199c6d52cfcd05ee7b1ee18e1ceb56ebe9087f797c98
Opcode Fuzzy Hash: 9447de5e87e9d8357b6f7462ce0c42401a6beb8095d973d003da87326c17dfb3
Instruction Fuzzy Hash: 6B31B171A0061AABCF119F68DD81ABFF7B9EF44700F41406DF902EB254E774AA11DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 017D4A2C, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 446cc9a5db6b685e0153db83bdcaca0630195d675bd297e7dae968a5f7057f0b
Instruction ID: 7dda6eedbc96a8626aa82bf90f47f4cea8d36335be122e6f0e2a6fa2b85910bc
Opcode Fuzzy Hash: 446cc9a5db6b685e0153db83bdcaca0630195d675bd297e7dae968a5f7057f0b
Instruction Fuzzy Hash: A53123322052499BC732EF18C988B2AFBF4FFC1704F404569E5529BA41C774EA00CB86

Uniqueness

Uniqueness Score: -1.00%

Function 017978D6, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
Instruction ID: 8921cc662cb13e1f178154ed5827c245180facd73e79017626392ed5a5f87eff
Opcode Fuzzy Hash: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
Instruction Fuzzy Hash: 9A3134B2600604AFDB15CF18CC80B5AFBB9EF89750F184199E549CF342DA35DD41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01799100, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f7e0dd8331ed2365b2d0c4908d0f3cc8141b77bb2ff5b28be341b4ef9e2f412
Instruction ID: be684768bcf9360839f743dd48dbc51eb54fb80da3731cc070204bc3e7d4ff5d
Opcode Fuzzy Hash: 0f7e0dd8331ed2365b2d0c4908d0f3cc8141b77bb2ff5b28be341b4ef9e2f412
Instruction Fuzzy Hash: 2631B2B1A45245DFEF26DB6CD48C7ADFBF1BB49358F18818DC604A7241C330A988CB52

Uniqueness

Uniqueness Score: -1.00%

Function 017CF527, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
Instruction ID: 1d92ced8a0d663d84accfaf07016440b08e426211887a2f0be53e0d0acbbb903
Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
Instruction Fuzzy Hash: 86319831600649EFD725CF68C884F6AB7B9EF84750F2005A9EA15CB290EB30EE01CB50

Uniqueness

Uniqueness Score: -1.00%

Function 017C1DB5, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
Instruction ID: 9817cba27d239270a32aac4aa3ff13456c6cb86bbc27c8e316c749520a8683bd
Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
Instruction Fuzzy Hash: 81219F72600119FBD721CF59CC84EAAFBBDEF89B41F5140ADEA01D7211D634AE01DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 017B8D76, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4fcda0383ff18b7fc4df227ed0a573179558d7e1bafc3c6cb48b7b5826a7f23
Instruction ID: cb4a1eb11aa6236bba98a3bb8d7de4e0cbb57027b1765ddc8a7bb05aa04295ab
Opcode Fuzzy Hash: a4fcda0383ff18b7fc4df227ed0a573179558d7e1bafc3c6cb48b7b5826a7f23
Instruction Fuzzy Hash: 2421AD39241A80CFE7668B2CC4D4BB6B7E8EB59745F084497F982CB691D739D8C1C712

Uniqueness

Uniqueness Score: -1.00%

Function 017B0050, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b92688de5f90d8d4a3077ade2ee00eb3bb24c6db2f95a1816d275ba8d7ffe073
Instruction ID: a38b6755cc37eb0afda9f8728818c3f7ca6c895a83323c1310d9920ad82a5822
Opcode Fuzzy Hash: b92688de5f90d8d4a3077ade2ee00eb3bb24c6db2f95a1816d275ba8d7ffe073
Instruction Fuzzy Hash: B0317A31201B048FD726CF28C884B9BF7F5FB89714F14466DE59A87A90EB35A801CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0183CD04, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18134d4bfe994478ef76b196bd8d3741027ff20cecb89e66292862227d82678b
Instruction ID: 8ea41b88e38d91ebb726397759a918909ac508c6b618fa4b1a8deadeb5aa0a91
Opcode Fuzzy Hash: 18134d4bfe994478ef76b196bd8d3741027ff20cecb89e66292862227d82678b
Instruction Fuzzy Hash: 6731B575E106199FCB11DFA8C888AECBBF5BF88740F19416AE901F7255D7749A40CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0186F1B5, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2768384c65b40bb9ac8a5e675acb4278360b5cb2aac78849f96482c48abbbad
Instruction ID: 0782bb7eb86fb017a887444780cf5a85b9937ca6bd12adc6915561b99d39dc4e
Opcode Fuzzy Hash: f2768384c65b40bb9ac8a5e675acb4278360b5cb2aac78849f96482c48abbbad
Instruction Fuzzy Hash: 1321D07AA00915EBEB228F49E894F9ABBB8FF46750F014065EA04DB354D730EE10CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01794A20, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f264c96e61244a18f06d1510393cb93d05855abdeb39ca7d519caffa415f5740
Instruction ID: dbcd945f2986753b2f52c469c635fb4e19d6700a6f0a13c4aeb6998cfa9a33de
Opcode Fuzzy Hash: f264c96e61244a18f06d1510393cb93d05855abdeb39ca7d519caffa415f5740
Instruction Fuzzy Hash: D721E731100A01DFCF32AA29EE04B2BF7A6FB51324F10075DE557467E6E634AB4ACB95

Uniqueness

Uniqueness Score: -1.00%

Function 017D90AF, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
Instruction ID: d1b02b064194428d5968f866e2eaff737d7687327a32f7e4404f2bfdea1c57a4
Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
Instruction Fuzzy Hash: 9C219571A00209EFDB21DF69C888E9AFBF8EB54714F14846EEA45D7200D331ED40CB90

Uniqueness

Uniqueness Score: -1.00%

Function 017C3B7A, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2115f8f8c9bc2a62bf5f7668abf5e650778436374b399f7eecf3abdab5834796
Instruction ID: 67f8a15e781792e39010a5bcbab89672eb261785653c18f67773513453e4cd38
Opcode Fuzzy Hash: 2115f8f8c9bc2a62bf5f7668abf5e650778436374b399f7eecf3abdab5834796
Instruction Fuzzy Hash: 96218E72A00119AFC715DF58CD81B6EBBBDFB45708F25406CEA09AB252D371EE118B90

Uniqueness

Uniqueness Score: -1.00%

Function 01794B94, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
Instruction ID: 460146755829e7f1fee9cda93873878023f35e15b46146782a967f3f149da479
Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
Instruction Fuzzy Hash: 6431CE31900AA5DFDB28CF68D680679F7F4FF49210F1486A9C86A97660E770A946CB40

Uniqueness

Uniqueness Score: -1.00%

Function 017A28AE, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f76d147118bd2cec2c7a5f8c37b5bb450b51483a55f673ab254771347250c1
Instruction ID: f339559a1ccc7e2f6089612186455f186d09097bd238493d132f4a1c2628e3ff
Opcode Fuzzy Hash: 49f76d147118bd2cec2c7a5f8c37b5bb450b51483a55f673ab254771347250c1
Instruction Fuzzy Hash: D421F332645781DBF726976C8C48F25BB94AF81B74F2807A4FA209B7E3DB689840C211

Uniqueness

Uniqueness Score: -1.00%

Function 0179519E, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c55509ed85bbfaf62ef423de73160271fddeab98b61cc80787d1461a020f6c50
Instruction ID: 24bf8a0b7861979d6724d5e07f825d6e57a2053c2a42e1224f2aa686972a0310
Opcode Fuzzy Hash: c55509ed85bbfaf62ef423de73160271fddeab98b61cc80787d1461a020f6c50
Instruction Fuzzy Hash: 141121B0941311ABCB21AF2CC840BEAFBE6EB14710F2402ABFA4697380E631C845C650

Uniqueness

Uniqueness Score: -1.00%

Function 017912D4, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
Instruction ID: d9af648c81af6caa39ce1227b18c5d4920e0aef3126dc50a785f59b78e243975
Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
Instruction Fuzzy Hash: 0B11E67260060AFFDB229E54D845F9AFBB9EB85760F104029EA058B640D671EE58D750

Uniqueness

Uniqueness Score: -1.00%

Function 017CFD9B, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
Instruction ID: f64464a08890c8a0742c7d7950bc6e0475e9784faf1d92b7debbd1dd10c04d12
Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
Instruction Fuzzy Hash: 50217C72600A45DBD735CF0DC540A66F7E6EB98F10F2481AEE94587615D731DD40CF80

Uniqueness

Uniqueness Score: -1.00%

Function 017C12BD, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d217a3cfd09985d29a8c7fa9b01a5a1818ecffe2ff88266b4c0f9fb24e43986
Instruction ID: bc4eba63a84a8f2abc3f786f72d2d924674a32dcb96813b499a99466c6e5d60f
Opcode Fuzzy Hash: 6d217a3cfd09985d29a8c7fa9b01a5a1818ecffe2ff88266b4c0f9fb24e43986
Instruction Fuzzy Hash: 82216771600600EFD735CF28C880BAAF7E9FB48B54F51886DE59ECB652DA30A940CB60

Uniqueness

Uniqueness Score: -1.00%

Function 017D5A69, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ce4b8e15514318c65586269ef79d28d8919f99409300497b145d78714b5028
Instruction ID: 98cf8381d5a04ec3b6c5744a81b2bd81ab84f6efd85a734f97c2a09c0fa29750
Opcode Fuzzy Hash: e0ce4b8e15514318c65586269ef79d28d8919f99409300497b145d78714b5028
Instruction Fuzzy Hash: DC110339241A698FE3268B2CC4E07B5FBF4EB81714F08449AE982C7791D369DE80CB51

Uniqueness

Uniqueness Score: -1.00%

Function 017CB390, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d76d01e640b75d1c637f83b70a67ea93d1eb3a10198847b82549fb7ee322c00
Instruction ID: 8a01167443a0e53a31caba089f166d4ae71c4d268e1ea061b1482b0bf755c1d5
Opcode Fuzzy Hash: 9d76d01e640b75d1c637f83b70a67ea93d1eb3a10198847b82549fb7ee322c00
Instruction Fuzzy Hash: 17116F333151145BCB2DDA188D81A6BB396EBC6770B65012DEE16DB3C0C9315D05C694

Uniqueness

Uniqueness Score: -1.00%

Function 01799240, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ee132c801684b5cdb116d4cb589c13761dc4cf08b344ddd840187aef2dc9130
Instruction ID: d020de011090d2a80f7e7115d333b4f744b09a074df35c4250901cb4b287a1a0
Opcode Fuzzy Hash: 4ee132c801684b5cdb116d4cb589c13761dc4cf08b344ddd840187aef2dc9130
Instruction Fuzzy Hash: 3A215932041641DFC726EF68CA88F59F7F9FF18708F54456CE10A8A6A6CB34EA41CB44

Uniqueness

Uniqueness Score: -1.00%

Function 01793138, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
Instruction ID: d41a6fc73e7007d1337bdd2b9f6dea3638c227bde094b8ac49d51f179537a1c9
Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
Instruction Fuzzy Hash: 3411D375600704EFDB25CF64D848F66FBF9FB85314F10859DE4018B651EB71A946CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0185E962, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
Instruction ID: 415955f26a50b9c1337d85deb1ddee753d6443d8b2bb6378169a0671fdc6713a
Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
Instruction Fuzzy Hash: F311C432600519AFDB59CB58CC05AADFBB5EF84310F0482A9EC45D7350DA31AE51CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01824257, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e10dd4a5851d40114632ee56e618152cd1dccb436923eee9d17a76e071a19a6
Instruction ID: 267de8591efb4bae443d4a6c0acd673e79bde94fb2c89bd47d6d8f2b83161562
Opcode Fuzzy Hash: 7e10dd4a5851d40114632ee56e618152cd1dccb436923eee9d17a76e071a19a6
Instruction Fuzzy Hash: 0C216A70500A11CFC726FF6DD004A18BBF1FB86714BA4826EC115CB299DB32D691CF11

Uniqueness

Uniqueness Score: -1.00%

Function 017A28FD, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2411c04fe337035c001290e37dd0b233f6442e51b713293d56eaa849c6873be4
Instruction ID: d103ff8ed24b783922d0904173b2c45bfada5ec0ca18b53b48cde209e1e5123f
Opcode Fuzzy Hash: 2411c04fe337035c001290e37dd0b233f6442e51b713293d56eaa849c6873be4
Instruction Fuzzy Hash: 7E110836358640ABF32A536DCD48F23BB98DFD0B90F540169BA019B3D2DAA4D8008231

Uniqueness

Uniqueness Score: -1.00%

Function 017C2397, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4eed90f6c90e5587eac672f70ab87d89a0ca2fa40c302aeb9341643624186246
Instruction ID: 85cea1c8955a14693d6cb21a535b3340650b66704e40da78a7d2e48f8a629aef
Opcode Fuzzy Hash: 4eed90f6c90e5587eac672f70ab87d89a0ca2fa40c302aeb9341643624186246
Instruction Fuzzy Hash: 5F112B3274430167E731A63DECC8B19F699FB61F10F54446EF602E7296CA74D940C754

Uniqueness

Uniqueness Score: -1.00%

Function 0179C962, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07283e6a491594bfb96a4804bc4ef3e01ac0306676c0271ada7e5aa77d554ee5
Instruction ID: a0a5bce045b6a0ebbac8eed5e58d6db3724440da59e1709944d6836cc67bea2b
Opcode Fuzzy Hash: 07283e6a491594bfb96a4804bc4ef3e01ac0306676c0271ada7e5aa77d554ee5
Instruction Fuzzy Hash: BD11E53230060A9BC762AF2CDC8592BB7F5BBC5710B200529E985C3691DF20FE15CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 017C002D, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
Instruction ID: 2cf218efd65b699e1a4448baeb8f6a45fb329a290a9759c5c5d73d2c9877f74f
Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
Instruction Fuzzy Hash: 0311E536241A85CFE76387ACC968B35BB94AB40B94F0A00E8EE04C76D2D328C981C290

Uniqueness

Uniqueness Score: -1.00%

Function 01799080, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1f78b47f5c07883284a9e2fad87bd283169fbfdcc5cc42c932ae8aa9437e7d
Instruction ID: 7bbe7fc540daa4ac834b746294bbca8c814b367c1a2cb99938054b959bc3aca3
Opcode Fuzzy Hash: 5c1f78b47f5c07883284a9e2fad87bd283169fbfdcc5cc42c932ae8aa9437e7d
Instruction Fuzzy Hash: 5301FF726012068FE7299F0CE844B16FBA9FF82328F21406AE211CB696C370DD41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 017C3B5A, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ace476f869eee02bb80aaf4b1a267db72139593954210252b5b77b859392f0
Instruction ID: de73b1e34e5b02618e1c3e4f252ed378c53d303e85657156bf18966c94a28714
Opcode Fuzzy Hash: 78ace476f869eee02bb80aaf4b1a267db72139593954210252b5b77b859392f0
Instruction Fuzzy Hash: D811E6365415549FCB6ADF4CCE80F6EB7B9BB48B00F55006CE505A7692D328ED10CB54

Uniqueness

Uniqueness Score: -1.00%

Function 01851A5F, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6c931b131238b27ea2351accfcf2cab77baa03b6022bce350cfd4d82a12db5
Instruction ID: 145a9d3575c94b58544013d992292cd02e68e6c1b05c80dd626adce3439a1eb0
Opcode Fuzzy Hash: 2b6c931b131238b27ea2351accfcf2cab77baa03b6022bce350cfd4d82a12db5
Instruction Fuzzy Hash: A4116171A0121DAFCB10DFA8D845EAEBBF8EF44710F44406AF905EB380D6749A00CB90

Uniqueness

Uniqueness Score: -1.00%

Function 017931E0, Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
Instruction ID: d8beeb0b02c9cb10a91e7c1cb76120a0d4255fcbc4f02f609556dea14f42ac5c
Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
Instruction Fuzzy Hash: 2E01F5322047019FEB22D6BAE908AA7F7EEFFC9A10F144459EA468B540DA30F805CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01864015, Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 118ba0d0be5ce1f20a6e070ede4e9380dd03b6bffc5d6a3aecae82762b0044e7
Instruction ID: 3445dcfd48fc941314e19c5aeb4d658b8a090c1a776bdeb8c11c04094cd176d4
Opcode Fuzzy Hash: 118ba0d0be5ce1f20a6e070ede4e9380dd03b6bffc5d6a3aecae82762b0044e7
Instruction Fuzzy Hash: 9101DF722019467FC655AB69CD88E57FBACFF95760B000229F508C7A12CB24ED11CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 018519D8, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d9b03e02b402889bf1acb84548fb54d2b3b49af8c98b913306d00c2d2bf0317
Instruction ID: daef8a0efb8301152a867885d5c5b611e01323fb9ec4dff5af919ad145473019
Opcode Fuzzy Hash: 3d9b03e02b402889bf1acb84548fb54d2b3b49af8c98b913306d00c2d2bf0317
Instruction Fuzzy Hash: FD015271A0125DABDB14DFA9D849FAEBBB8EF45710F404056F901EB380D6749B01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01851951, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 447bd35479f8df0e9e61e24a697f32e5bc68debd3851fed043299351d21e2bcd
Instruction ID: 3a9aaab6190bdc9d18bd0a247ceadbeb047ea8e5b3582f2b4e1acdc1e8cb1501
Opcode Fuzzy Hash: 447bd35479f8df0e9e61e24a697f32e5bc68debd3851fed043299351d21e2bcd
Instruction Fuzzy Hash: A3015271A0121DABDB14DFA9D849FAFBBB8EF85710F404056F941EB380DA749B41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 018518CA, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac3dc42fbcd379b19c2ab0f09283836984151c52844834c5ac19ca7defdf57f5
Instruction ID: b2358ad31cffbef730ff3e96e9ddd9750e1fcd367606400b2a3ec63df6b26074
Opcode Fuzzy Hash: ac3dc42fbcd379b19c2ab0f09283836984151c52844834c5ac19ca7defdf57f5
Instruction Fuzzy Hash: F2019271A0121DABCB14DFA9D849EAEFBB8EF45710F404056F901EB380D6749B01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 017970C0, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
Instruction ID: 5eba38c49b5402a8f7f526e9eef1166b7b1f71e5577545a59140984997c7abad
Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
Instruction Fuzzy Hash: 83118B32520B02DFDB369E18D880B22F7E1BF50722F198868D5994A5A6C778E884CF10

Uniqueness

Uniqueness Score: -1.00%

Function 01851843, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cb81ee26790b04db48dd954f623d7269bdd704f2285b5e8118ced5301d1c9ec
Instruction ID: 568cbc09132531fb8b9e53d2e62bef8b263c90e134c5f7bc37dee20b38c8899a
Opcode Fuzzy Hash: 0cb81ee26790b04db48dd954f623d7269bdd704f2285b5e8118ced5301d1c9ec
Instruction Fuzzy Hash: 28015271E0125DABDB14EFA9D849EAEBBB8EF85710F044056F901EB380DA749A40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0185138A, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8129d5a04acf6e7d23458e4e7c24748b0747072a72c59241a5780208a9f199ca
Instruction ID: 6159c0b5fd250b9734029571c84c36e10d99ca70943eab7a1cd5face31f2bdff
Opcode Fuzzy Hash: 8129d5a04acf6e7d23458e4e7c24748b0747072a72c59241a5780208a9f199ca
Instruction Fuzzy Hash: 94019271A0021CAFCB14DFA8D885FAEBBB8EF45700F004066F900EB280D6749B01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 017958EC, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 831231ef3c02a95f0d9e72c11ae8a8a8787c5de903396482b752a1bfbdd6c620
Instruction ID: 9e9858ba174462500e9d2daac95df55ec10a7510ad96b282ab8aaa46a083aede
Opcode Fuzzy Hash: 831231ef3c02a95f0d9e72c11ae8a8a8787c5de903396482b752a1bfbdd6c620
Instruction Fuzzy Hash: 2301A772A001199BEB15EF6DE8049AEF7ACFF46230F55416A9A05D7248DF30DE09C751

Uniqueness

Uniqueness Score: -1.00%

Function 017995F0, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
Instruction ID: 511115f621c22cce8345cf75e4e46208ea776d95da6c0bb3c604578519d4ed7f
Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
Instruction Fuzzy Hash: E2017B32A01244DBEF119B58D804F25F3A9AB81738F10415DEF058B390DB34EE08C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 01868966, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55ee85a46dbcf64d313277bebc9631c8f3a9e5df27cdf0415832ce4415d78665
Instruction ID: 9534817a5bb9a94ff5269a4af4a035c27f2965bb70fa17d5bfd14d78b5abca61
Opcode Fuzzy Hash: 55ee85a46dbcf64d313277bebc9631c8f3a9e5df27cdf0415832ce4415d78665
Instruction Fuzzy Hash: D6010CB1A0021DAFDB04DFA9D945AAEF7F8FF59300F10445AE905E7380D774AA00CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 017AB02A, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction ID: 965366998612e2c5d1bab47f41ed3b5d85f973c6d48a5386e0a5535dc122f505
Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction Fuzzy Hash: 2C018F32240A80DFE726871CC988F67BBECEB85750F0941A5FA19CBA91D728DC40C621

Uniqueness

Uniqueness Score: -1.00%

Function 01861074, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9268fe59fb2852c7748d4881d7d0c1d8144fd935431c99edc2ff0d96b9d76714
Instruction ID: 723c29c3df08f4165a74ac1a24d0451b35d4a5f20d04b7aa166a6e770393e078
Opcode Fuzzy Hash: 9268fe59fb2852c7748d4881d7d0c1d8144fd935431c99edc2ff0d96b9d76714
Instruction Fuzzy Hash: 7A014C726047469FC711EF2CC948B1ABBE9ABC4310F048629F985C3291DE30DA40CB93

Uniqueness

Uniqueness Score: -1.00%

Function 0185129A, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e2d27dfc8a70006f24d4e24eed4a1397f27aeb864d7066f1f8b308c3c7a0a9a
Instruction ID: 05b4ea215a6d7b3345ba1079c76d715e6e5b18e47b437b0796a797b09894df56
Opcode Fuzzy Hash: 9e2d27dfc8a70006f24d4e24eed4a1397f27aeb864d7066f1f8b308c3c7a0a9a
Instruction Fuzzy Hash: CA01AC71A0025CABD714DFA9D849FAFB7B8EF95740F044066F905DB384D674DA00C794

Uniqueness

Uniqueness Score: -1.00%

Function 018689E7, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a297f9691d4c61cc908a343434a684e1db8dbb37f78bb431e109bcd364c782d9
Instruction ID: 6dff9ce072aeb9ab44d570a0633fec9639f88dafaa7e189b0487ccfa19f362c4
Opcode Fuzzy Hash: a297f9691d4c61cc908a343434a684e1db8dbb37f78bb431e109bcd364c782d9
Instruction Fuzzy Hash: AA012171A0021D9FDB00DFA9D9859EEFBB8EF59350F50405AF905E7340D634AA01CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01868ADD, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3aac0f134e68bf983013371a1b4d6234fcb83787c1a8d38c614d869411c8146
Instruction ID: f7144e5c038758bf60a7ec8651acd0357b38921b42de3cc9906f2cd5cf93511c
Opcode Fuzzy Hash: c3aac0f134e68bf983013371a1b4d6234fcb83787c1a8d38c614d869411c8146
Instruction Fuzzy Hash: 570121B1A0021D9FDB00DFA9D9559EEFBB8FF59310F50405AF904E7340D634AA01CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 01868A62, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 783b0bab82d245b1c7e0955f124508680e6096088d7d147e5a20932911335b12
Instruction ID: 559a7053b400bffb51fa42eaacc846a215eae8ec175cf2d24451d55e88ffa44b
Opcode Fuzzy Hash: 783b0bab82d245b1c7e0955f124508680e6096088d7d147e5a20932911335b12
Instruction Fuzzy Hash: 15012C71A0021DAFCB04DFA9D9459EEFBB8EF59310F10405AFA04E7381E634AA00CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01869CB3, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4837a23f69ff976ed36b1c3e642a59bf5d288d41542f2bd82e24776a57b53be8
Instruction ID: 00bbafa066e23be511d2b85c4945b108c2e28f62b60d1df299327830dc8af751
Opcode Fuzzy Hash: 4837a23f69ff976ed36b1c3e642a59bf5d288d41542f2bd82e24776a57b53be8
Instruction Fuzzy Hash: 10012171A0121DAFDB00DFA9D9459EEF7B8FF58314F50405AF904E7380D634AA01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0179DB60, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction ID: a6e9424348129a9e25172dd51ca495bd32c33a5512ae65d565f26dae6cb2541f
Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction Fuzzy Hash: E0F09C332415639BDB335AD9D8D4F6BF6D69FD1A60F190075F2059B348CE608C0696D1

Uniqueness

Uniqueness Score: -1.00%

Function 0179B1E1, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction ID: be7d0a194651da27950929c3fb533c6db9da8fec45bfe4ba12c454a1c401a52c
Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction Fuzzy Hash: 2101D1322046809BD722976DE848F6BFBA8EF91750F0800A5FA158B7B2D678C944C215

Uniqueness

Uniqueness Score: -1.00%

Function 01797057, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49c89a204bf15603387ab3301cec1b1160dfd4a4f4e817ac149d2543b2b4907d
Instruction ID: 2b3e0c75c9e774580750c796f4ddb2d1b072e7fad2d639c44a0fbe3ddd80071f
Opcode Fuzzy Hash: 49c89a204bf15603387ab3301cec1b1160dfd4a4f4e817ac149d2543b2b4907d
Instruction Fuzzy Hash: F301AD35210608ABDB35DF5CEC05FABFBF9EF44B00F14016DE90583190DBA1AA04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01869BBE, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac632d12a9bec06dac80a42ad966cff26a4cdaaed9977f7173fff840a57f2b4d
Instruction ID: 2397a70af29c3253288203aed7fdb6910f4b50cc49c03f1c253199f133305012
Opcode Fuzzy Hash: ac632d12a9bec06dac80a42ad966cff26a4cdaaed9977f7173fff840a57f2b4d
Instruction Fuzzy Hash: 44012C71A0061D9FDB04DFA9D845AAEBBB8AF58314F14405AE905AB280E734AA01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 01851229, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0303afb973bbd6c53da215f00fb74f1f5a4baf5b65eea209e3368b5f5231f98e
Instruction ID: 53f7c4f12511e4bdbdd707fb8b68320f130569a2afab201c565d305c602288a8
Opcode Fuzzy Hash: 0303afb973bbd6c53da215f00fb74f1f5a4baf5b65eea209e3368b5f5231f98e
Instruction Fuzzy Hash: 9601A972A0021CABDB14DBF9D409AAFF7B8EF54750F00805AE911E7290EA749A04C791

Uniqueness

Uniqueness Score: -1.00%

Function 017C5AA0, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
Instruction ID: e3d5bab32ce31ec7fa5eed63dbbab34c5f2dcc973a23de587e30a5211a8b190c
Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
Instruction Fuzzy Hash: 3901D6316407499FD7269B1DC888F6DBB99AB01B20F00425AFD548B291D7B5FF40C751

Uniqueness

Uniqueness Score: -1.00%

Function 01793591, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
Instruction ID: 9225fc6b7f042688aaee7a2b25f3c144f8cfd2fa74709dca233135ddae8fc4b1
Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
Instruction Fuzzy Hash: 32F0FC71A01309BBEF34EB799850FBAFBA8FF58710F148255DE06D7100DA31D9448791

Uniqueness

Uniqueness Score: -1.00%

Function 0184FDD3, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6c1da43bffeb6ba842f5286487f74ac7388353758157902c32989e2baa604ad
Instruction ID: 350d0967e53d9e96c44f2eab3eed4861f5104d70587e7f36a16183ad29bfe40a
Opcode Fuzzy Hash: e6c1da43bffeb6ba842f5286487f74ac7388353758157902c32989e2baa604ad
Instruction Fuzzy Hash: 97F0C231B0425CABDB14EBA9D905E7EF3B4EF45700F400169BA01EB6D0EE30EA01C741

Uniqueness

Uniqueness Score: -1.00%

Function 01791BE9, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
Instruction ID: fe567503f9d307e48829f4e0e4f1da3c04036aa5b3b931d2724c0cce7f04327a
Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
Instruction Fuzzy Hash: 30F02B31714209ABDB18CF29DC00B56F7EEEF99310F1080789546C7290FA72ED11D354

Uniqueness

Uniqueness Score: -1.00%

Function 0185131B, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2982461a4b3b56374373237ea7cd67569f3fe73b4836e1d58defe628b2a161f3
Instruction ID: 2c792686d76837b2b39ad72695b563b43ce192834593253740a1a8e5efa9952f
Opcode Fuzzy Hash: 2982461a4b3b56374373237ea7cd67569f3fe73b4836e1d58defe628b2a161f3
Instruction Fuzzy Hash: 74011971A0120DAFCB44EFA9D549AAEB7F4EF58700F404069F905EB381E634AA00CB54

Uniqueness

Uniqueness Score: -1.00%

Function 017BC577, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f4d6ffc72643e8ed961a8979802da2cb68f9cd8f28667199e4e7729edefa5be
Instruction ID: eb12e05f384261cac3509465e1bafba62a240412a2253d12e45228c923409369
Opcode Fuzzy Hash: 0f4d6ffc72643e8ed961a8979802da2cb68f9cd8f28667199e4e7729edefa5be
Instruction Fuzzy Hash: 51F09AB29157909EE7378B2C80C4BA2FFE89F05670F74C4A6E61A87202C7A4D880C261

Uniqueness

Uniqueness Score: -1.00%

Function 01852073, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e322aadc871d4d2bd4a58ce1c24b1ce60a13d87863e492e7425081aa502ee687
Instruction ID: 12e211e09a92d9b46d95506b2ec8c82166db750f9a619314a9344c67eeb5830e
Opcode Fuzzy Hash: e322aadc871d4d2bd4a58ce1c24b1ce60a13d87863e492e7425081aa502ee687
Instruction Fuzzy Hash: 04F082264161858BDFB67B2C65013957B92D756310B490485D99097205CD358B93CF11

Uniqueness

Uniqueness Score: -1.00%

Function 017D927A, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction ID: c20fa31fa8aaf6c872a6879f87d44f8ce6c4a612ed052da13e32c750e3771572
Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction Fuzzy Hash: 21E02B323405016BE7119E09CCC4F43B77DDFD2724F044078F6011E242C6E5DD0987A0

Uniqueness

Uniqueness Score: -1.00%

Function 01868D34, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75ea37919f743f8439bbe02a122d6e994e48a7eae27a0fcc392c990bc0dc32a1
Instruction ID: 592b372dc65465fce8b8c1c5f44cb4b3c380fa243f2a26db504c8e1d624e8f81
Opcode Fuzzy Hash: 75ea37919f743f8439bbe02a122d6e994e48a7eae27a0fcc392c990bc0dc32a1
Instruction Fuzzy Hash: BEF0B470A0470C9FDB14EFB8D445F6EB7B8EF64300F508099E905EB280EA34DA00CB54

Uniqueness

Uniqueness Score: -1.00%

Function 01851BA8, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aea421fa52bea172b013bf789dacabf58aecc8ed73e3100e1106ed3527d0a352
Instruction ID: 3d566ba03fb09a2276f80b3582dfe4e5f7a4dc665b9813f9716463871933ac8b
Opcode Fuzzy Hash: aea421fa52bea172b013bf789dacabf58aecc8ed73e3100e1106ed3527d0a352
Instruction Fuzzy Hash: 21F08271A0524CABDB14DBE9D44AFAEB7B4EF48304F400099EA05EB2C4E974DE00C755

Uniqueness

Uniqueness Score: -1.00%

Function 01868BB6, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 108f1a18206d0a516731f621922c13a69845af1397192b31871b3fb7f74b25d5
Instruction ID: 2480086206d6a66cbea44774e8cdf33756b22b61dbdd8f423fad2c82e4a47d67
Opcode Fuzzy Hash: 108f1a18206d0a516731f621922c13a69845af1397192b31871b3fb7f74b25d5
Instruction Fuzzy Hash: DFF08271A0425DAFDB14EFA8E909E6EB7B8EF44304F440459BA05DB2C1EA34DA00C758

Uniqueness

Uniqueness Score: -1.00%

Function 01868B58, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f8fb50686093f95b18c6b43e43dca04552f925d8042caacd37702f3c1a296af
Instruction ID: c525d6326293271b0ae64054dee6f7f05167436ebe962666094299e0c3a0038a
Opcode Fuzzy Hash: 8f8fb50686093f95b18c6b43e43dca04552f925d8042caacd37702f3c1a296af
Instruction Fuzzy Hash: 83F082B1A0425DABDB14EBA8D90AE6EB7B8EF45304F440459BA05DB3C0EA74DA00C794

Uniqueness

Uniqueness Score: -1.00%

Function 017B746D, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1f23d94912da58fca667c8f0a605acb5ede24ce1310e224ded05aa3fbb046e8
Instruction ID: 59c34568520d908407566982ae5c1f8436a76c3c2e989798963363d23733d092
Opcode Fuzzy Hash: e1f23d94912da58fca667c8f0a605acb5ede24ce1310e224ded05aa3fbb046e8
Instruction Fuzzy Hash: 8AF0E935604145AADF0AD76CC8C0FFAFF71AF84311F540299D551AF1D1E76C9800C785

Uniqueness

Uniqueness Score: -1.00%

Function 0179354C, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63db67519fd1f4ec796378d3315f783c2a2d07b2e4296e3498ce22bd2e51d62f
Instruction ID: 71cbbf606eb8235cfc5d0eed966f350bdf96ca12f3cf05d12bcb731025ee2eaa
Opcode Fuzzy Hash: 63db67519fd1f4ec796378d3315f783c2a2d07b2e4296e3498ce22bd2e51d62f
Instruction Fuzzy Hash: 0EF0A0329157999FDB22D72CC148F22FBD8AB0DB74FA58065E809C7D03C728EC80C690

Uniqueness

Uniqueness Score: -1.00%

Function 017CA44B, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97340cff43b0cc96ce06b854ec119e924f9df4acbfc813ba321dc763f0c489eb
Instruction ID: d17979342168703b4814c5fa73ec7418d5af657532d8f7cf4cb46d430e691dd3
Opcode Fuzzy Hash: 97340cff43b0cc96ce06b854ec119e924f9df4acbfc813ba321dc763f0c489eb
Instruction Fuzzy Hash: B4E09272A01425ABD2215E1CAC00F66F3AEDBE5B52F194039E605C7214E628DE02C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 0179F358, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction ID: 5c5d487a45bc92816f96a7d3db9f532281444d9756e319af1fc27fb1f2e5fb1c
Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction Fuzzy Hash: E1E0DF32A40118FBDB21AAD9AE09FAAFFADDB58B60F00019AFA04D7150D5649E00D2D0

Uniqueness

Uniqueness Score: -1.00%

Function 017915C1, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
Instruction ID: eebc13cce6cb98e2bcb284c7d540dd03b589cb4f1f80c2c221f2bcc93e78f1ba
Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
Instruction Fuzzy Hash: A1E02B31200187A3CF32AA48D545BB6F399AF91724F59C071E4028F651DB60DC59C3D0

Uniqueness

Uniqueness Score: -1.00%

Function 017D5C70, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
Instruction ID: c4c6d25aa7ce4872889e1e4c16c90d661978f5224527e1a8b4d234c3d463758f
Opcode Fuzzy Hash: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
Instruction Fuzzy Hash: 07E04F7110034EAFFB11DB49C649F25BFB9AB44720F04C555A61D8B161C774D984CB45

Uniqueness

Uniqueness Score: -1.00%

Function 018241E8, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 622bc0c8b45c5830a7dd28cce6d4f52adea051914607103abb159488fa51161f
Instruction ID: faabb51777c7d33044fa13834dcd5ad9ee2830277b49c9028e17beedef60b706
Opcode Fuzzy Hash: 622bc0c8b45c5830a7dd28cce6d4f52adea051914607103abb159488fa51161f
Instruction Fuzzy Hash: 0EF0F2788507018FDBB1FBAED5087187AF4F75AB10F80411AD100C6288C73447A4CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0184D380, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
Instruction ID: 889df3ffb37e40f465d336f67654dc9c1cd23404c8cead2a3e09214d3ef14e63
Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
Instruction Fuzzy Hash: 39E0C231280249FBDF225E84CC00FA9BB16DB607A4F104031FE089E6A1CA719D91D6C4

Uniqueness

Uniqueness Score: -1.00%

Function 017CA185, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 753cd9eb713107458c879f4c06bea370425a26bee379bd9e174616c166a275f6
Instruction ID: 545bc71d417b36c7391cd24d3aa4864b57dea5b10c3621899f978a96b9fe7658
Opcode Fuzzy Hash: 753cd9eb713107458c879f4c06bea370425a26bee379bd9e174616c166a275f6
Instruction Fuzzy Hash: 65D02EA11200041BC72D33109C98B26B232F7C0F61F34080CF3078B9EAFA60CDD88249

Uniqueness

Uniqueness Score: -1.00%

Function 018153CA, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
Instruction ID: 143a8a235407ebaef3a4c1d30cde047f2f5f2027471f5f430e796cf2c5e2adf6
Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
Instruction Fuzzy Hash: 9DE08C329006809BCF16DB4CC694F4EBBF9FB86B00F140014A0089F664C624AE00CB00

Uniqueness

Uniqueness Score: -1.00%

Function 017AAAB0, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction ID: 60a24277264ba5e6216ade132bdae0ecd4d79d4e95888cd1297494c106735b81
Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction Fuzzy Hash: E3D0E935352A80CFD617CF5DC564B1677A4BB44B84FC50594E505CB762E62CDD44DA10

Uniqueness

Uniqueness Score: -1.00%

Function 017C35A1, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
Instruction ID: 72a5c495cc8156e4032414fa9de891c18fe06647927e0072f835c9a967f3a8e1
Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
Instruction Fuzzy Hash: C7D0A7314011819DDB01AB34E11C768F771BB20B0CF78606D880105456C3354909C600

Uniqueness

Uniqueness Score: -1.00%

Function 0179DB40, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction ID: 949a8b62cba8fe6f47a4277493b23a0eb8c5cceda4aa2596b96312b39c98b061
Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction Fuzzy Hash: 35C08C30290A01AAEB321F20CD01B40BAA0BB10B05F4400A06302DA0F0DB78DC01E600

Uniqueness

Uniqueness Score: -1.00%

Function 0181A537, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
Instruction ID: d297bc7090fc59c05cff47dc835d7bf0d2c85ad4598814ecf7e99167434f986a
Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
Instruction Fuzzy Hash: CAC01232080248BBCB126E81CC01F46BB2AEBA8B60F008010BA080A5608632E970EA84

Uniqueness

Uniqueness Score: -1.00%

Function 017B3A1C, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction ID: 6821d28e6f0d072f938d5f3aac1d32f8226b9642afcf38e95623aae74eea36e8
Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction Fuzzy Hash: 82C08C32080248BBC7126E41DC00F01BB29E7A0B60F000020B6050A5618632EC60D588

Uniqueness

Uniqueness Score: -1.00%

Function 0179AD30, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction ID: 2d3a095fa39be209fb4f2bf2abda052010400620f2cbe08607fb6ce1384c26a4
Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction Fuzzy Hash: 96C08C32080288BBC7126A45CD40F01BB29E7A0B60F000020B6040A6A18A32E860D588

Uniqueness

Uniqueness Score: -1.00%

Function 017C4190, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
Instruction ID: 740f93ee37e9a205a0449689984c56b7d3c670436c5619045a58b922bda24a50
Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
Instruction Fuzzy Hash: 08C04C357119418FCF16CB29C6C4F5577E4B744744F150890E805CB765E724E950CA10

Uniqueness

Uniqueness Score: -1.00%

Function 01848D47, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
Instruction ID: 7dd0691a95bc9a2c14227f2df3941e7349585d7ccea4e62f8fdff1037025bf06
Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
Instruction Fuzzy Hash: E8C09B1F1566C94ECD279F3443127D5BF60D7439D0F1D14C1D4D16F513C5144613D625

Uniqueness

Uniqueness Score: -1.00%

Function 017B7D50, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction ID: 25f390b163f48334d4b3dc7e9070029aae880a1e666ce0e723d6e72e051a0af3
Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction Fuzzy Hash: 1EB092353019408FCF1ADF18C080B5573E4BB84A80B8400D4E400CBA21D329E8408900

Uniqueness

Uniqueness Score: -1.00%

Function 017C2ACB, Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction ID: e9c82d6daa0f7b85fd8d5945b5b042469d3551941d900df940f935713f86b306
Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction Fuzzy Hash: EAB01232C11441CFCF02EF44C624F19B331FB40750F0544A0900127930C628AC01CF40

Uniqueness

Uniqueness Score: -1.00%

Function 017D9950, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c99efe19162621b041a11e91b97b6f6633991e6b82d5bc5fb7be2d6ae2529a
Instruction ID: ea90ae691d8e2eeda6466797120989200305b816ec0828da4854145786f67e59
Opcode Fuzzy Hash: 13c99efe19162621b041a11e91b97b6f6633991e6b82d5bc5fb7be2d6ae2529a
Instruction Fuzzy Hash: 779002A120540407D150659988086174085A7D8382F51C021A6058556ECA698C617175

Uniqueness

Uniqueness Score: -1.00%

Function 017D9910, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 687c461b94ab8773f0b0b2ca60de317a25b7ed3aadd2fbf66532c64675e6e9a5
Instruction ID: a3cc117faa8bef4c6ff4b64d7432dedbf877a5709b8b90a1738907720513c7b6
Opcode Fuzzy Hash: 687c461b94ab8773f0b0b2ca60de317a25b7ed3aadd2fbf66532c64675e6e9a5
Instruction Fuzzy Hash: CB9002B120500406D150719984087564085A7D8381F51C021A9058555EC6998DE576A5

Uniqueness

Uniqueness Score: -1.00%

Function 017D99D0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ab5dffe61700f75b7aadcaffc8992647465dc790472a70f45bb1f279d5e00c
Instruction ID: ac0ef1eedf177b8a6faa9f319b4c9e11a756c4192100742ab1935279e12067ff
Opcode Fuzzy Hash: e0ab5dffe61700f75b7aadcaffc8992647465dc790472a70f45bb1f279d5e00c
Instruction Fuzzy Hash: 0A9002A121500046D1146199840871640C5A7E9281F51C022A6148555CC5698C717165

Uniqueness

Uniqueness Score: -1.00%

Function 017D99A0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6953091aa562499a5620d14ec4ab7f81138c76d6530361f51b4fcc1b93a3184
Instruction ID: 2bd8aa0a33331e9ce4ff1d50508278a6c221ce9406f8bdc02053309382ff11e4
Opcode Fuzzy Hash: e6953091aa562499a5620d14ec4ab7f81138c76d6530361f51b4fcc1b93a3184
Instruction Fuzzy Hash: 969002A134500446D11061998418B164085E7E9381F51C025E5058555DC659CC627166

Uniqueness

Uniqueness Score: -1.00%

Function 017DB040, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58a31bebcf1bb09a7a4fdaa6f4e2d2cb03d62fee7034396c186b2ec22ba423b0
Instruction ID: d0d3fc2779ecdaccd2c0733cb3a0d2e27db8d976656190b610f2e4ab91ef0306
Opcode Fuzzy Hash: 58a31bebcf1bb09a7a4fdaa6f4e2d2cb03d62fee7034396c186b2ec22ba423b0
Instruction Fuzzy Hash: 6E9002A1605140474550B19988084169095B7E9381391C131A4448561CC6A88865B2A5

Uniqueness

Uniqueness Score: -1.00%

Function 017D9840, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b7a303a310b18954c5763b8ed0d089ad22df7c3a619552066a4b022e56c829c
Instruction ID: 879fde72394e76c7dc8ed71d2488cd1e0a84d14f2f4208dbb392dd8d9fd5a6fc
Opcode Fuzzy Hash: 7b7a303a310b18954c5763b8ed0d089ad22df7c3a619552066a4b022e56c829c
Instruction Fuzzy Hash: BB900261246041565555B19984085178086B7E82C1791C022A5408951CC5669866F661

Uniqueness

Uniqueness Score: -1.00%

Function 017D9820, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50f9a369eff70d0ca8ec19df1014078783c0887ad254e61e8113a4cd30c9149b
Instruction ID: 7696a16ccb45f4a2602c57e413c34672b55cee2bce43b07368c14c45505edf34
Opcode Fuzzy Hash: 50f9a369eff70d0ca8ec19df1014078783c0887ad254e61e8113a4cd30c9149b
Instruction Fuzzy Hash: A890027124500406D151719984086164089B7D82C1F91C022A4418555EC6958A66BAA1

Uniqueness

Uniqueness Score: -1.00%

Function 017D98F0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb10df4428494a97d6e063d2136f8b389a8e638d7913efc2b3ae66a33e5fbe01
Instruction ID: 1a4cd129e409a6db07dd6896aea0e1f43f61e6205f26cb0b815f2fb4922c76ae
Opcode Fuzzy Hash: bb10df4428494a97d6e063d2136f8b389a8e638d7913efc2b3ae66a33e5fbe01
Instruction Fuzzy Hash: 0990026160500506D11171998408626408AA7D82C1F91C032A5018556ECA6589A2B171

Uniqueness

Uniqueness Score: -1.00%

Function 017D98A0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 640b05a9aa1a7551f094932fe71472cc29074b4a9d6ffeab01d078c4865ad052
Instruction ID: 503ffc7834424ef66c83fab835eec677587ee767876e24a23182377b188bfc79
Opcode Fuzzy Hash: 640b05a9aa1a7551f094932fe71472cc29074b4a9d6ffeab01d078c4865ad052
Instruction Fuzzy Hash: 7B90026130500406D112619984186164089E7D93C5F91C022E5418556DC6658963B172

Uniqueness

Uniqueness Score: -1.00%

Function 017D9B00, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d668a7beaeff2313309e498fefa8ab598d39de5319b5b9c4705c49fbfe54945f
Instruction ID: 05c7e2e05d8881ed07c686db1bad67b986fe0191e102979cecf3a270d4760bb2
Opcode Fuzzy Hash: d668a7beaeff2313309e498fefa8ab598d39de5319b5b9c4705c49fbfe54945f
Instruction Fuzzy Hash: 2390026124500806D1507199C4187174086E7D8681F51C021A4018555DC656897576F1

Uniqueness

Uniqueness Score: -1.00%

Function 017DA3B0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3bb7eb4a38b75f714dd7a425fb76e465a88cde4c265bab23e86346eeeff3545
Instruction ID: 5a32ebefd094b26bc613f1334ca31353396e2eda72a33f7bfbfd2661ff3a42e8
Opcode Fuzzy Hash: f3bb7eb4a38b75f714dd7a425fb76e465a88cde4c265bab23e86346eeeff3545
Instruction Fuzzy Hash: 7590027120544006D1507199C44861B9085B7E8381F51C421E4419555CC6558866B261

Uniqueness

Uniqueness Score: -1.00%

Function 017D9A50, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1fd010d984ee269ff2c92f12bbf7202224d18b1dfcbf471f0e7e3f4dcde37f6
Instruction ID: 1a48ec296ddd417c6830f31ecff4791f516bb731fbe58922ddfef954ad9ee48d
Opcode Fuzzy Hash: f1fd010d984ee269ff2c92f12bbf7202224d18b1dfcbf471f0e7e3f4dcde37f6
Instruction Fuzzy Hash: 5D90026121580046D21065A98C18B174085A7D8383F51C125A4148555CC95588717561

Uniqueness

Uniqueness Score: -1.00%

Function 017D9A20, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5de3088623f065339e5763e09514fdc4d1148a6f41a55b8208681bb2f95d7a15
Instruction ID: 14d77d341a5595b35c1846a4618ab29701fbacd9df0adc4ed3a24e352fd0912c
Opcode Fuzzy Hash: 5de3088623f065339e5763e09514fdc4d1148a6f41a55b8208681bb2f95d7a15
Instruction Fuzzy Hash: D890026160500046415071A9C8489168085BBE9291751C131A498C551DC599887576A5

Uniqueness

Uniqueness Score: -1.00%

Function 017D9A10, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4282189e3d1558c841a524e3758c34a6efbfc58db4002285f83517999c0d533
Instruction ID: 38c82ba23fd701fb784d04b60e33e865e4532e0a3f398ec1bc084520032ae7a5
Opcode Fuzzy Hash: b4282189e3d1558c841a524e3758c34a6efbfc58db4002285f83517999c0d533
Instruction Fuzzy Hash: A790027120540406D1106199880C7574085A7D8382F51C021A9158556EC6A5C8A17571

Uniqueness

Uniqueness Score: -1.00%

Function 017D9A00, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a417ee6147c5067cf3751a1fd77be6b7b9ac2f3771770725815ddb35a0b3729
Instruction ID: 1fb0ba01365de0e2ac63e258cb3b04397290cbed37b35244d66c392e78ca03f0
Opcode Fuzzy Hash: 3a417ee6147c5067cf3751a1fd77be6b7b9ac2f3771770725815ddb35a0b3729
Instruction Fuzzy Hash: 2090027120540406D1106199881871B4085A7D8382F51C021A5158556DC665886175B1

Uniqueness

Uniqueness Score: -1.00%

Function 017D9A80, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81da567b9932fbabc395e97b4000aeacfceb73f000b2f9d873f095e00ed73c3
Instruction ID: 5c24f3c37ab3110fa0dea7b0d3795186036ca842656ecb6544f0e90a16548053
Opcode Fuzzy Hash: c81da567b9932fbabc395e97b4000aeacfceb73f000b2f9d873f095e00ed73c3
Instruction Fuzzy Hash: 7B90026120544446D15062998808B1F8185A7E9282F91C029A814A555CC95588657761

Uniqueness

Uniqueness Score: -1.00%

Function 017D9560, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e081012bc4f6bf3075482ea70f64ace30fbf22f8380cfcb4c817f89458a56e3b
Instruction ID: 09ba1ac4c99a981bd220a3a045727b01aed0ffc93f2691fbbef65f5bd2531e39
Opcode Fuzzy Hash: e081012bc4f6bf3075482ea70f64ace30fbf22f8380cfcb4c817f89458a56e3b
Instruction Fuzzy Hash: 06900265225000060155A599460851B44C5B7DE3D1391C025F540A591CC66188757361

Uniqueness

Uniqueness Score: -1.00%

Function 017D9540, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9cccf4141ff21aef2a12cdeb54d6e11b94a1662a6c83b612b855fe645f1af76
Instruction ID: 531806f406ea2c6ecacb5e38e7832e62e2cbe0aab0a11b1a0dfef11ce89b90d0
Opcode Fuzzy Hash: e9cccf4141ff21aef2a12cdeb54d6e11b94a1662a6c83b612b855fe645f1af76
Instruction Fuzzy Hash: C6900265215000070115A599470851740C6A7DD3D1351C031F5009551CD66188717161

Uniqueness

Uniqueness Score: -1.00%

Function 017DAD30, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32e7f010e530d0c6adaadf05f204b74f108f409d4b5575bad169db873f5b6dfb
Instruction ID: 816104e929be6f97d79644da523c25173d213e4fb94cefd31bd785a08a34db8c
Opcode Fuzzy Hash: 32e7f010e530d0c6adaadf05f204b74f108f409d4b5575bad169db873f5b6dfb
Instruction Fuzzy Hash: 8B900271A09000169150719988186568086B7E87C1B55C021A4508555CC9948A6573E1

Uniqueness

Uniqueness Score: -1.00%

Function 017D9520, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c775838fd9efb03c2335c098c919aaae6c145f3c72d713c9cbac30073345ddd8
Instruction ID: 113f577c75a48969914786a4a98075221f46f28045e917cf0dd813e0387e31de
Opcode Fuzzy Hash: c775838fd9efb03c2335c098c919aaae6c145f3c72d713c9cbac30073345ddd8
Instruction Fuzzy Hash: D69002E1205140964510A299C408B1A8585A7E8281B51C026E5048561CC5658861B175

Uniqueness

Uniqueness Score: -1.00%

Function 017D95F0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7412921b9de091a2b44626f6ae132dad124640712a693b0d34f3f4ceb06f68c3
Instruction ID: f1f23eb44269c895b74d45ffb5c9debacffbce80d7575a59141b73a20e5affdd
Opcode Fuzzy Hash: 7412921b9de091a2b44626f6ae132dad124640712a693b0d34f3f4ceb06f68c3
Instruction Fuzzy Hash: 0290027120500806D114619988086964085A7D8381F51C021AA018656ED6A588A17171

Uniqueness

Uniqueness Score: -1.00%

Function 017D95D0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03390a7b9bb2395a4a1170d1b2caf9ff60d43e7a609347bc526ddd9d588734d6
Instruction ID: 79a3e80ab9a2fefc443712401b64b416acc25b2dd173d91d68312b266bb3a221
Opcode Fuzzy Hash: 03390a7b9bb2395a4a1170d1b2caf9ff60d43e7a609347bc526ddd9d588734d6
Instruction Fuzzy Hash: 1E9002A120600007411571998418626808AA7E8281B51C031E5008591DC56588A17165

Uniqueness

Uniqueness Score: -1.00%

Function 017DA770, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c104105e528dcbb11ca8f92e3083bab2955837f6de10e65392b2693babcd6430
Instruction ID: 4f75c5ce14c1fd2216f9a5bccda1ed202761073789beeeded59b24a19fb00ead
Opcode Fuzzy Hash: c104105e528dcbb11ca8f92e3083bab2955837f6de10e65392b2693babcd6430
Instruction Fuzzy Hash: 5290027520904446D51065999808A974085A7D8385F51D421A441859DDC6948871B161

Uniqueness

Uniqueness Score: -1.00%

Function 017D9770, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e18099767e22a4dea75ced5ad333f8457cc4c2cf301f4597b615a5d69cece7
Instruction ID: 42f4d9cbeedb2ebd94e05869911fb0be543ca909a10ce2f315e480c6b1c4d7e3
Opcode Fuzzy Hash: 77e18099767e22a4dea75ced5ad333f8457cc4c2cf301f4597b615a5d69cece7
Instruction Fuzzy Hash: 4E90026120904446D1106599940CA164085A7D8285F51D021A5058596DC6758861B171

Uniqueness

Uniqueness Score: -1.00%

Function 017D9760, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feec907f2bb695eb7d3a25caa0495bed8700dc9ecbb495c5b4c6d3a05587bc20
Instruction ID: c4bd8339c86eb9efb2322a1d36f22c8349e9a93393ec5db3d82961f5f19fec6e
Opcode Fuzzy Hash: feec907f2bb695eb7d3a25caa0495bed8700dc9ecbb495c5b4c6d3a05587bc20
Instruction Fuzzy Hash: F990027120500407D1106199950C7174085A7D8281F51D421A4418559DD69688617161

Uniqueness

Uniqueness Score: -1.00%

Function 017D9730, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14eaaa554f5644a9534939844993426ed9cedcbc55e959503a0da04e3a3ea37c
Instruction ID: 91441466303331d1f6f3e9445370fd06aa024f997264520459f5165b03f54bfc
Opcode Fuzzy Hash: 14eaaa554f5644a9534939844993426ed9cedcbc55e959503a0da04e3a3ea37c
Instruction Fuzzy Hash: 7190026160900406D1507199941C7164095A7D8281F51D021A4018555DC6998A6576E1

Uniqueness

Uniqueness Score: -1.00%

Function 017D9710, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d91941651760f59575f0e07ba947510064186e37caf59dbdf929698ab8d92e
Instruction ID: d5864086e9ea817da80cdae5bec453e6b556a6e854f36ab94e213d2c7c9c131f
Opcode Fuzzy Hash: 06d91941651760f59575f0e07ba947510064186e37caf59dbdf929698ab8d92e
Instruction Fuzzy Hash: 5190027120500406D11065D9940C6564085A7E8381F51D021A9018556EC6A588A17171

Uniqueness

Uniqueness Score: -1.00%

Function 017DA710, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b3b5baa09b040256df9248b034a8a045d867c25422a22d0a79342b861964b42
Instruction ID: 3b4d523184d7be5353db890cced9916ce0838210300dc597f1cb267d839b939e
Opcode Fuzzy Hash: 5b3b5baa09b040256df9248b034a8a045d867c25422a22d0a79342b861964b42
Instruction Fuzzy Hash: E9900271305000569510A6D99808A5A8185A7F8381B51D025A8008555CC59488717161

Uniqueness

Uniqueness Score: -1.00%

Function 017D9FE0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbda430f375117eff378e204dfda8638b1efc89d49e83b782fb329d109570433
Instruction ID: cbcd489ebb5babb6e5570b44b491914e77a0b02020fee3d84364160e4204113b
Opcode Fuzzy Hash: dbda430f375117eff378e204dfda8638b1efc89d49e83b782fb329d109570433
Instruction Fuzzy Hash: 4590027131514406D1206199C4087164085A7D9281F51C421A4818559DC6D588A17162

Uniqueness

Uniqueness Score: -1.00%

Function 017D97A0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0c0c9de8daa6ec43ab758575e55e1bd96c011547d1eb7be2f943363b27265a
Instruction ID: fbe74a39773e46adf2d8d11d9940c863401173aef185d4f49e8973885a7ce09b
Opcode Fuzzy Hash: 5f0c0c9de8daa6ec43ab758575e55e1bd96c011547d1eb7be2f943363b27265a
Instruction Fuzzy Hash: D190026130500007D1507199941C6168085F7E9381F51D021E4408555CD95588667262

Uniqueness

Uniqueness Score: -1.00%

Function 017D9780, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccab723e837f06b93b909e1957794bdb322cbb48c362a50309d06e6ac345c18d
Instruction ID: dce0d94a66dc7a8dd900f6260010872befa560d9cb052b4accc8642f30dcbd7d
Opcode Fuzzy Hash: ccab723e837f06b93b909e1957794bdb322cbb48c362a50309d06e6ac345c18d
Instruction Fuzzy Hash: B690026921700006D1907199940C61A4085A7D9282F91D425A4009559CC95588797361

Uniqueness

Uniqueness Score: -1.00%

Function 017D9650, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef880ad1546437fbda1ae9066e8fda282aecaf25ac987198a45fc5a053ff917f
Instruction ID: b24555f23ed3175e4ae2aa8375e4ebcdea5616e97259bffe13eb72c07ea8b30a
Opcode Fuzzy Hash: ef880ad1546437fbda1ae9066e8fda282aecaf25ac987198a45fc5a053ff917f
Instruction Fuzzy Hash: 5890027120904846D15071998408A564095A7D8385F51C021A4058695DD6658D65B6A1

Uniqueness

Uniqueness Score: -1.00%

Function 017D9610, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eafd90cfb5c39d18695018aae91b922afd534cd74b15230413ff6a0178828b51
Instruction ID: 3186d7661151712c9c083cdb26d1b566ff74fb5637f239b4160b1538a7ce452b
Opcode Fuzzy Hash: eafd90cfb5c39d18695018aae91b922afd534cd74b15230413ff6a0178828b51
Instruction Fuzzy Hash: D690027160900806D160719984187564085A7D8381F51C021A4018655DC7958A6576E1

Uniqueness

Uniqueness Score: -1.00%

Function 017D96D0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1d3db19fa3703237436ac9d063dba99470d67c256b8dd585393d07ea98203f
Instruction ID: 876c44177a1472c345b1a20b2646c99d6913610e7cc4e4e39ab7231e7f3153c6
Opcode Fuzzy Hash: 4c1d3db19fa3703237436ac9d063dba99470d67c256b8dd585393d07ea98203f
Instruction Fuzzy Hash: 6390027120500846D11061998408B564085A7E8381F51C026A4118655DC655C8617561

Uniqueness

Uniqueness Score: -1.00%

Function 017D9670, Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: c4b8440bc52e72bd2565acd5c596863dc69db65160b53af27ecb94eb3adfa378
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 017940FD, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017F0566
CLIENT(ntdll): Processing section info %ws..., xrefs: 017F05F1
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 017F05AC
Execute=1, xrefs: 017F057D
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 017F04BF
ExecuteOptions, xrefs: 017F050A
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 017F058F

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 4335da92189d466a4d3a7aad96c7b0797b851a5d80bbc9f778695c6e4b8447b7
Instruction ID: f4a097632978b674612985a4848480ec2a8b773eabdfae8657a1add0fdf09bc1
Opcode Fuzzy Hash: 4335da92189d466a4d3a7aad96c7b0797b851a5d80bbc9f778695c6e4b8447b7
Instruction Fuzzy Hash: 9D613D717802197AEF219A58FD99FBAF7B9AF28300F0400D9E60697281D6709B468F60

Uniqueness

Uniqueness Score: -1.00%

Function 017977A0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017F2953

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 017F295B
RTL: Resource at %p, xrefs: 017F296B
RTL: Re-Waiting, xrefs: 017F2988

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 7dd85df1227d864716cdd3ac335df9c4a5af28cc271eabe8a5323338aa7a05a1
Instruction ID: ebe012961c2e543f25a40690f1f4bcebf647fb2c8c0e8ec9b24372c078efae43
Opcode Fuzzy Hash: 7dd85df1227d864716cdd3ac335df9c4a5af28cc271eabe8a5323338aa7a05a1
Instruction Fuzzy Hash: C8315E31A40632ABDB229A15CC80F6BFBA4EF15760F100218EE54A7346CB21F815DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 017D1CC7, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 193COMMON

Download Yara Rule

Strings

$, xrefs: 017D1D37
@, xrefs: 017D1D1B

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 72dd234fdd4dfaa710a4d768c76d68b8ec97c6124ff35e434b7877feb8c656de
Instruction ID: 46fdb246e56a209905ee6b6cbc8d195d9e457dc0721e236c358ec9c193bced9e
Opcode Fuzzy Hash: 72dd234fdd4dfaa710a4d768c76d68b8ec97c6124ff35e434b7877feb8c656de
Instruction Fuzzy Hash: 7A811C71D0026D9BDB71DF94CC44BEEBAB4AF49714F0442DAAA19B7280D7705E85CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0182FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0182FDFA

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0182FE2B
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0182FE01

Memory Dump Source

Source File: 00000005.00000002.338474542.0000000001770000.00000040.00000001.sdmp, Offset: 01770000, based on PE: true

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
API String ID: 885266447-3903918235
Opcode ID: 40f7d934a58ac7b032b396e115d92dac09869cf1b54aed12ecd901a5d5d29aad
Instruction ID: 876348c16b5ffdaad42070d31459e43ad67999db49d418b6f57b8f1ea9a950d4
Opcode Fuzzy Hash: 40f7d934a58ac7b032b396e115d92dac09869cf1b54aed12ecd901a5d5d29aad
Instruction Fuzzy Hash: 56F0FC761801117FE6221A45DC05F73BF6ADB44B30F140315F714951D1D962FD60D6F1

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: FormBook

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: #Ud55c#Ub77c#Uc0b0#Uc5c5#Uac1c#Ubc1c(2021.04.12).exe PID: 6476 Parent PID: 5964

General

Function 00D5A448, Relevance: .6, Instructions: 607
COMMONCrypto